Question about the configuration layout

Tue, 12 Oct 2010 17:36:02 -0700 

 Hi guys,
as I was writing the configuration documentation, based on the way we initialize the server, I went through the objectClasses we use to define the configuration for each element. That raised a question in my mind : 
- why don't we link the elements together ?
Right now, we expect some code to put the glue between those elements (ie teh LdapServer OC does not contain any AT defining the DS to use, the DS does not contain the list of Partitions it uses, etc). Wouldn't it be better to add some AT in each elements to completely define, say, the LdapServer configuration from the LdapServer entry, following the contained ATs ?
One more thing : we should probably define an Abstract ads-oc OC containing the 'description' and 'ads-enabled' elements, which are present in all the OCs ? I propose such an OC to handle those informations : 

*A[ads-base]
  m-may: description
  m-may: ads-enabled
I have gathered all the existing OC with there MAY and MUST ATs, and listed them here. The A[xxx] notation describes an ABSTRACT OC. The --> notation defines a hierarchical relation between 2 OCs (ie OC2 --> OC1 means that OC1 is the SUP in OC2). The * notation means that we may have from 0 to N distinguishedName in an AT. The ATs pointing to other ads OCs are also noted.
With a little effort, I also think that reading such a hierarchy, we could automatically generate the beans using introspection, instead of writing a reader for each of those elements. 

Thoughts ?

A[ads-base]
  m-may: description
  m-may: ads-enabled

ads-directoryService --> ads-base
  m-must: ads-directoryServiceId
  m-must: ads-dsReplicaId
  m-may: ads-dsAccessControlEnabled
  m-may: ads-dsAllowAnonymousAccess
  m-may: ads-dsChangeLog : distinguishedName (points to ads-dsChangeLog)
  m-may: ads-dsDenormalizeOpAttrsEnabled
  m-may: ads-dsJournal : distinguishedName (points to ads-dsJournal)
  m-may: ads-dsMaxPDUSize
  m-may: ads-dsPasswordHidden
m-may: ads-dsReplication : distinguishedName (points to ads-dsReplication) 
  m-may: ads-dsSyncPeriodMillis
  m-may: ads-dsTestEntries
  m-must: ads-interceptors* : distinguishedName (points to ads-interceptor)
  m-must: ads-systemPartition : distinguishedName (points to ads-partition)
  m-may: ads-partitions* : distinguishedName (points to ads-partition)
m-may: ads-replicationProvider : distinguishedName (points to ads-replProvider) m-may: ads-replicationConsumer : distinguishedName (points to ads-replConsumer) 
  m-may: ads-passwordPolicy : distinguishedName (points to pwdPolicy)

ads-dsChangeLog --> ads-base
  m-may: ads-changeLogEnabled
  m-may: ads-changeLogExposed

ads-dsJournal --> ads-base
  m-must: ads-journalFileName
  m-may: ads-journalWorkingDir
  m-may: ads-journalRotation
  m-may: ads-journalEnabled

ads-interceptor --> ads-base
  m-must: ads-interceptorId
  m-must: ads-interceptorOrder
  m-must: ads-interceptorClassName

A[ads-partition] --> ads-base
  m-must: ads-partitionId
  m-must: ads-partitionSuffix
  m-may: ads-partitionSyncOnWrite

ads-jdbmPartition --> ads-partition
  m-may: ads-partitionCacheSize
  m-may: ads-jdbmPartitionOptimizerEnabled
  m-may: ads-jdbmIndexes* : distinguishedName (points to ads-jdbmIndex)

A[ads-index] --> ads-base
  m-must: ads-indexAttributeId

ads-jdbmIndex --> ads-index
  m-may: ads-indexFileName
  m-may: ads-indexWorkingDir
  m-may: ads-indexNumDupLimit
  m-may: ads-indexCacheSize

A[ads-transport] --> ads-base
  m-must: ads-transportId
  m-must: ads-systemPort
  m-may: ads-transportAddress
  m-may: ads-transportBacklog
  m-may: ads-transportEnableSSL
  m-may: ads-transportNbThreads

ads-tcpTransport --> ads-transport

ads-udpTransport --> ads-transport

A[ads-server] --> ads-base
  m-must: ads-serverId
  m-must: ads-transports* : distinguishedName (points to ads-transport)

A[ads-catalogBasedServer] --> ads-server
  m-may: ads-serverDS
  m-may: ads-searchBaseDN

ads-ldapServer --> ads-catalogBasedServer
  m-may: ads-ldapServerConfidentialityRequired
  m-may: ads-ldapServerMaxSizeLimit
  m-may: ads-ldapServerMaxTimeLimit
  m-may: ads-ldapServerSaslHost
  m-may: ads-ldapServerSaslPrincipal
  m-may: ads-ldapServerSaslRealms
  m-may: ads-ldapServerKeystoreFile
  m-may: ads-ldapServerCertificatePassword
  m-may: ads-replProviderImpl
  m-may: ads-enableReplProvider
m-may: ads-saslMechHandlers* : distinguishedName (points to ads-ldapServerSaslMechanismHandler) m-may: ads-extendedOps* : distingushedName (points to ads-ldapServerExtendedOpHandler) 

ads-kerberosServer --> ads-catalogBasedServer
  m-may: ads-krbAllowableClockSkew
  m-may: ads-krbEncryptionTypes
  m-may: ads-krbEmptyAddressesAllowed
  m-may: ads-krbForwardableAllowed
  m-may: ads-krbPaEncTimestampRequired
  m-may: ads-krbPostdatedAllowed
  m-may: ads-krbProxiableAllowed
  m-may: ads-krbRenewableAllowed
  m-may: ads-krbKdcPrincipal
  m-may: ads-krbMaximumRenewableLifetime
  m-may: ads-krbMaximumTicketLifetime
  m-may: ads-krbPrimaryRealm
  m-may: ads-krbBodyChecksumVerified

ads-dnsServer --> ads-catalogBasedServer

ads-dhcpServer --> ads-catalogBasedServer

ads-ntpServer --> ads-server

ads-changePasswordServer --> ads-catalogBasedServer
  m-may: ads-krbAllowableClockSkew
  m-may: ads-krbEmptyAddressesAllowed
  m-may: ads-krbEncryptionTypes
  m-may: ads-krbPrimaryRealm
  m-may: ads-chgPwdPolicyCategoryCount
  m-may: ads-chgPwdPolicyPasswordLength
  m-may: ads-chgPwdPolicyTokenSize
  m-may: ads-chgPwdServicePrincipal

ads-ldapServerSaslMechanismHandler --> ads-base
  m-must: ads-ldapServerSaslMechName
  m-must: ads-ldapServerSaslMechClassName
  m-may: ads-ldapServerNtlmMechProvider

ads-ldapServerExtendedOpHandler --> ads-base
  m-must: ads-ldapServerExtendedOpHandlerClass
  m-must: ads-Id

ads-httpWebApp --> ads-base
  m-must: ads-httpWarFile
  m-must: ads-id
  m-may: ads-httpAppCtxPath

ads-httpServer --> ads-base
  m-must: ads-serverId
  m-may: ads-systemPort
  m-may: ads-httpConfFile

ads-replConsumer --> ads-base
  m-must: ads-dsReplicaId
  m-must: ads-replAliasDerefMode
  m-must: ads-searchBaseDN
  m-must: ads-replLastSentCsn
  m-must: ads-replSearchScope
  m-must: ads-replSearchFilter
  m-may: ads-replRefreshNPersist
  m-may: ads-replUseTls
  m-may: ads-replStrictCertValidation
  m-may: ads-replPeerCertificate

ads-replProvider --> ads-base
  m-must: ads-dsReplicaId
  m-must: ads-searchBaseDN
  m-must: ads-replProvHostName
  m-may: ads-replAliasDerefMode
  m-may: ads-replAttribute
  m-may: ads-replProvPort
  m-may: ads-replRefreshInterval
  m-may: ads-replRefreshNPersist
  m-may: ads-replSearchScope
  m-may: ads-replSearchFilter
  m-may: ads-replSearchSizeLimit
  m-may: ads-replSearchTimeOut
  m-may: ads-replUserDn
  m-may: ads-replUserPassword
  m-may: ads-replCookie

pwdPolicy --> ads-base
  m-must: pwdAttribute
  m-may: pwdMinAge
  m-may: pwdMaxAge
  m-may: pwdInHistory
  m-may: pwdCheckQuality
  m-may: pwdMinLength
  m-may: pwdMaxLength
  m-may: pwdExpireWarning
  m-may: pwdGraceAuthNLimit
  m-may: pwdGraceExpire
  m-may: pwdLockout
  m-may: pwdLockoutDuration
  m-may: pwdMaxFailure
  m-may: pwdFailureCountInterval
  m-may: pwdMustChange
  m-may: pwdAllowUserChange
  m-may: pwdSafeModify
  m-may: pwdMinDelay
  m-may: pwdMaxDelay
  m-may: pwdMaxIdle

--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Reply via email to