Thanks Pierre-Arnaud for the detailed idea. On Thu, Nov 4, 2010 at 3:48 PM, Pierre-Arnaud Marcelot <[email protected]> wrote: > Hi Dev, > > I'm currently starting to work on the new ApacheDS Configuration Editor for > the upcoming Apache DS 2.0. > > Instead of taking the (dead and removed in ApacheDS 2.0) 'server.xml' it used > to take in previous versions of Apache DS, this editor is now intended to > read the 'Configuration Partition' of the new ApacheDS 2.0 version. > The idea is to be able to edit (read and write) the configuration from the > 'config.ldif' file on disk, but also from a running ApacheDS via LDAP > operations (under the 'ou=config' partition). > > I'd like to propose some ideas around the design of the UI for the editor, > and to have your thoughts about them, in order to make it as usual as > possible. > > First, the new editor will inherit a lot of things from the current one. > Especially, its layout, with a tab based editor. > > After a look at the current configuration partition implementation, here are > the tabs I have identified: > - Overview > - LDAP(S) Server > - Kerberos Server > - Partitions > - Password Policy > - Replication > - Options > > I excluded the configuration of the Interceptor Chain on purpose. I really > think that it's an internal configuration the end-users should not be dealing > with, but that can be inferred from the other configuration. Like, for > example, if the Kerberos Server is enabled, we know that the KeyDerivation > interceptor must be added to the interceptor chain at a particular location > in it, and the editor will do that for the user under the hood when the > 'Enable Kerberos Server' button is pressed.
+1 > Same thing for Extended Operation Handlers. > > At the moment, DNS, DHCP and NTP server configurations are excluded from the > editor, given their current state in development and testing, as well as the > value for our users to be able configure such servers (I'm not really they > come to ApacheDS for this sets of features). +1 > -> Overview Tab > ---------------------- > > This tab is intended to allow a quick access to the most essential and useful > settings. > We'll have widgets to enable LDAP(S) or Kerberos Servers, as well as set > their listening ports. > We would also have a recap of the most important settings in the other tabs, > with the ability to jump to advanced configuration in each section. Do you think this should be a read-only overview panel? Otherwise some settings can be edited in two places, which might be confusing. > -> LDAP(S) Server > ------------------------- > > This tab will be used to control the LDAP and LDAPS Servers settings. > Users should be able to enable/disable LDAP and LDAPS independently, as well > as specifying their ports. > They should also be able to: > - enable/disable access control, anonymous access > - choose the supported authentication mechanisms > - set the SASL settings (host, principal, realms, etc) Those are complicated settings, they depend on each other and other settings. For example CRAM-MD5 or DIGEST-MD5 don't work when the stored password is hashed (I don't know if that's a general limitation or only applied to ApacheDS). > - set the limits (time limit, size limit, etc) > - keystore, certificate (and when it's migrated to the configuration, the > admin's credentials) Some additional widgets: - enable/disable TLS - enable/disable server-side password hashing and select hashing method > -> Kerberos Server > ------------------------- > > This tab will be used to control the Kerbros Server settings. > Users should be able to enable/disable Kerbros, as well as specifying its > port. > The following AT values will also need to be edited via the UI: > - ads-krballowableclockskew > - ads-krbbodychecksumverified > - ads-krbemptyaddressesallowed > - ads-krbencryptiontypes > - ads-krbforwardableallowed > - ads-krbkdcprincipal > - ads-krbmaximumrenewablelifetime > - ads-krbmaximumticketlifetime > - ads-krbpaenctimestamprequired > - ads-krbpostdatedallowed > - ads-krbprimaryrealm > - ads-krbproxiableallowed > - ads-krbrenewableallowed > - ads-searchbasedn > > I don't have a particular idea in mind yet on how these settings can be > organized in the UI. > If you do, please let me know. Me neither. Maybe we should have two sections: - one containing the most important attributes - enable/disable - ports - ads-krbkdcprincipal - ads-krbprimaryrealm - ads-searchbasedn - ads-krbencryptiontypes - another containing the advanced attributes > -> Partitions Tab > ---------------------- > > This tab will reuse the existing Partitions Tab of previous editor versions. > It allows the creation, edition and deletion of partitions with their > specific properties (ID, Cache Size, Suffix, Optimizer Enablement, Syncho On > Write Enablement and creation, edition and deletion of Indexed Attributes). > An overview of the existing Partitions Tab can be seen at this URL: > http://directory.apache.org/studio/static/users_guide/apacheds_configuration/configuration_editor_1.5.5_partitions.html Ok. For the index attributes it would be nice to show the attribute name instead of the OID. Maybe that widget should be splitted: system indexes (including objectClass and entryUUID) and user indexes And a new widget to define the context entry would be nice. And a button to generate the context entry based on the suffix (dc, o, ou) > -> Password Policy Tab > -------------------------------- > > This will be used to define all settings related to the password policy > sub-system. > The user will be able to enable/disable it, and edit the following AT values > via the UI: > - ads-pwdattribute > - ads-enabled: true > - ads-pwdallowuserchange > - ads-pwdcheckquality > - ads-pwdexpirewarning > - ads-pwdfailurecountinterval > - ads-pwdgraceauthnlimit > - ads-pwdinhistory > - ads-pwdlockout > - ads-pwdlockoutduration > - ads-pwdmaxage > - ads-pwdmaxfailure > - ads-pwdminage > - ads-pwdminlength > - ads-pwdmustchange > - ads-pwdsafemodify > > Again, I need to see how these things could be regrouped and organized. > If you already have ideas. > > > -> Replication Tab > ------------------------- > > This tab will be used to define all settings related to the replication > sub-system. > I'm waiting on you guys to tell me what and how replication should be > configured. > I'm not even sure we have a working configuration for this already. > > > -> Options Tab > -------------------- > > This tab will be dedicated to more general and technical settings like: > - denormalization of operational attributes > - max PDU size > - synchronization period > - journal (location, filename, rotation) > - changelog > We could also put the configuration of the embedded HTTP server and webapps > in there. Pretty much. Some more ideas: - Indicate when a restart of the server is required (always?) - Backup/Restore the configuration to/from an LDIF. Thanks again. Kind Regards, Stefan
