RE: [jndi] Have we found a JNDI impl yet?

[Alex Karasulu]

The current architecture has a primitive server side LDAP JNDI provider
which is about 70-80% functional.  The provider directly accesses entries
within the backend apparatus within the server.  When contexts are
initialized they represent an instance/point of access (hence a context)
into the directory information tree of the server bypassing the LDAP
protocol stack.

In the new architecture, to be completed by mid October, the JNDI provider
is at the core of the server's backend apparatus and shall be completed by
then.  The server side JNDI LDAP provider will wrap something we call a
nexus that attaches several databases each with a suffix in the namespace to
a central point in the server.  The nexus performs name based routing to the
backend that has jurisdiction over the region of the namespace specified by
its suffix.  Anyway this apparatus is wrapped by JNDI.  The JNDI becomes the
only way to enter the nexus and hence a target backend in the new
architecture.  The JNDI is thus a shell around the backend subsystem of the
server.  All orthogonal services implemented as Interceptors enable things
like triggers, and change notification between calls made by the JNDI
provider on the nexus.  This is how we introduce new services into JNDI
calls on our provider.

There are two ways I can immediately conceive of in which this code can be
leveraged to enable a persistant java:comp/env namespace for Geronimo.  But
first consider this.  There may be areas where Geronimo will need to access
and search over persistent data without having to bring this information
into memory - this requires the industrial power of database indexing.
Geronimo's configuration is a perfect candidate for storage in the directory
- it will most likely be hierarchical in nature and very fitting.  Another
excellent possibility is the use of the embedded server as the foundation
for a security subsystem.  With that in mind lets just look at the way in
which we can just enable the java:comp/env namespace while using LDAPd code.

First you can build over the LDAP namespace using it as a hierarchical
relational database to manage environment data.  A java:comp/env namespace
could be implemented using another JNDI provider to wrap the LDAP provider
which has the super set of JNDI functionality (Context, DirContext, and
LdapContext).  The wrapper provider would simply transform operations into
the LDAP namespace according to the designed DIT structure and the schema
used for java:comp/env objects.  The neat thing is you would have the power
of search to find anything you needed very rapidly.  Much faster than a
non-indexed solution - you're getting the power of a database at your
disposal this way.  If you go this route then other aspects like
configurations can also be stored in different areas of the directory
information tree.  Also LDAP replication can be used to replicate your
environment and configuration information for clustering in the future.  I
would recommend this approach.  Although you don't expose all the LDAP
functionality you can still leverage it under the hood of the java:comp/env
provider to make it extremely fast.  I can help write this or add Geronimo
developers to the LDAPd project to make it come to fruition.

The other approach involves the generalization of the Backend interface to
store any kind of entry that does not necessarily need to be an entry within
the LDAP namespace: see the attached xref file for the Backend interface.
This way the backend apparatus is a generalized entry storage subsystem that
could be used for any kind of namespace - directory enabled or otherwise.

Noel Bergman and I are in the process of discussing these details and anyone
from the Geronimo team is welcome to join us.  Basically we reduce the JNDI
methods into a minimal set of storage oriented operations very close in
nature to the methods on Context and its subclasses.  This reduced
instruction set if you could call it that is extremely simplified enabling
storage for entries in any namespace.  The nexus multiplexes different
backends for different namespaces almost federating them.

If a generalized provider with a pluggable NameParser is written then the
provider can theoretically be used for any namespace.  Think of the concept
as miniature framework for JNDI to enable storage and retrieval without the
pain of having to implement all those methods on the Context interface and
its subclasses.

These concepts are at the stage where new comers can join the conversation
with a minimal learning curve to rapidly be able to participate.  We would
welcome the collaboration to enable both projects to progress together.

Good luck & BU,
Alex Karasulu

View Javadoc /* * $Id: Backend.java,v 1.11 2003/08/18 02:06:16 akarasulu Exp $ * * -- (c) LDAPd Group -- * -- Please refer to the LICENSE.txt file in the root directory of -- * -- any LDAPd project for copyright and distribution information. -- * */ package ldapd.server.backend ; import javax.naming.Name ; import javax.naming.NamingException ; import javax.naming.NamingEnumeration ; import javax.naming.directory.Attributes ; import javax.naming.directory.SearchControls ; import javax.naming.directory.ModificationItem ; import ldapd.common.filter.ExprNode ; /*** * The Backend interface represents the operations that can be performed on a * Directory Information Base (DIB) which stores and manages the entries in a * Directory Information Tree (DIT). * * @author <a href=""mailto:[EMAIL PROTECTED]" target="alexandria_uri">mailto:[EMAIL PROTECTED]">Alex Karasulu</a> * @author $Author: akarasulu $ * @version $Revision: 1.11 $ */ public interface Backend { /*** * Deletes a leaf entry from this Backend: non-leaf entries cannot be * deleted until this operation has been applied to their children. * * @param a_dn the normalized distinguished name of the entry to delete * from this Backend. * @throws NamingException if there are any problems */ void delete( Name a_dn ) throws NamingException ; /*** * Adds an entry to this Backend. * * @param a_updn the user provided distinguished name of the entry * @param a_ndn the normalized distinguished name of the entry * @param an_entry the entry to add to this Backend * @throws NamingException if there are any problems */ void add( String a_updn, Name a_ndn, Attributes an_entry ) throws NamingException ; /*** * Modifies an entry by adding, removing or replacing a set of attributes. * * @param a_dn the normalized distinguished name of the entry to modify. * @param a_modOp the modification operation to perform on the entry which * is one of constants specified by the DirContext interface: * <code>ADD_ATTRIBUTE, REMOVE_ATTRIBUTE, REPLACE_ATTRIBUTE * </code>. * @param a_mods the attributes and their values used to affect the * modification with. * @throws NamingException if there are any problems * @see javax.naming.directory.DirContext * @see javax.naming.directory.DirContext.ADD_ATTRIBUTE * @see javax.naming.directory.DirContext.REMOVE_ATTRIBUTE * @see javax.naming.directory.DirContext.REPLACE_ATTRIBUTE */ void modify( Name a_dn, int a_modOp, Attributes a_mods ) throws NamingException ; /*** * Modifies an entry by using a combination of adds, removes or replace * operations using a set of ModificationItems. * * @param a_dn the normalized distinguished name of the entry to modify. * @param a_mods the ModificationItems used to affect the modification * with. * @throws NamingException if there are any problems * @see javax.naming.directory.ModificationItem */ void modify( Name a_dn, ModificationItem [] a_mods ) throws NamingException ; /*** * A specialized form of one level search used to return a minimal set of * information regarding clikd entries under a base. Convenience method * used to optimize operations rather than conducting a full search with * retrieval. * * @param a_base the base for the search/listing * @return a NamingEnumeration containing objects of type * <a href=""http://java.sun.com/j2se/1.4.2/docs/api/" target="alexandria_uri">http://java.sun.com/j2se/1.4.2/docs/api/ * javax/naming/NameClassPair.html">NameClassPair</a>. * @throws NamingException if there are any problems */ NamingEnumeration list( Name a_base ) throws NamingException ; /*** * Conducts a search against this Backend. * * @param a_base the normalized distinguished name of the search base * @param a_filter the root node of the filter _expression_ tree * @param a_controls the search controls * @throws NamingException if there are any problems * @return a NamingEnumeration containing objects of type * <a href=""http://java.sun.com/j2se/1.4.2/docs/api/" target="alexandria_uri">http://java.sun.com/j2se/1.4.2/docs/api/ * javax/naming/directory/SearchResult.html">SearchResult</a>. */ NamingEnumeration search( Name a_base, ExprNode a_filter, SearchControls a_controls ) throws NamingException ; /*** * Looks up an entry by distinguished name. This is a simplified version * of the search operation used to point read an entry used for * convenience. * * @param a_dn the normalized distinguished name of the object to lookup * @return an Attributes object representing the entry * @throws NamingException if there are any problems */ Attributes lookup( Name a_dn ) throws NamingException ; /*** * Fast operation to check and see if a particular entry exists. * * @param a_dn the normalized distinguished name of the object to check for * existance. * @return true if the entry exists, false if it does not. * @throws NamingException if there are any problems */ boolean hasEntry( Name a_dn ) throws NamingException ; /*** * Checks to see if an entry is a suffix. * * @param a_dn the normalized distinguished name of the entry to test * @return true if the entry is a suffix, false if it does not. * @throws NamingException if there are any problems */ boolean isSuffix( Name a_dn ) throws NamingException ; /*** * Modifies the entry by changing its Relative Distinguished Name (RDN) and * optionally removing the old RDN attribute. * * @param a_dn the normalized distinguished name of the entry to modify the * RDN of. * @param a_newRdn the new RDN of the entry specified as an equality * assertion value pair with the following syntax: <attribute> = <value>. * @param a_deleteOldRdn boolean flag which removes the old RDN attribute * from the entry if set to true, and has no affect if set to false. * @throws NamingException if there are any problems */ void modifyRdn( Name a_dn, String a_newRdn, boolean a_deleteOldRdn ) throws NamingException ; /*** * Transplants a child entry, to a position in the DIT under a new parent * entry. * * @param a_newParentDn the normalized distinguished name of the new parent * to move the targeted entry to. * @param a_oldChildDn the normalized distinguished name of the older child * Dn representing the child entry to move. * @throws NamingException if there are any problems */ void move( Name a_oldChildDn, Name a_newParentDn ) throws NamingException ; /*** * Transplants a child entry, to a position in the DIT under a new parent * entry and changes the RDN of the child entry which can optionally have * its old RDN attributes removed. * * @param a_oldChildDn the normalized distinguished name of the old child * Dn representing the child entry to move. * @param a_newParentDn the normalized distinguished name of the new parent * to move the targeted entry to. * @param a_newRdn the new RDN of the entry specified as an equality * assertion value pair with the following syntax: <attribute> = <value>. * @param a_deleteOldRdn boolean flag which removes the old RDN attribute * from the entry if set to true, and has no affect if set to false. * @throws NamingException if there are any problems */ void move( Name a_oldChildDn, Name a_newParentDn, String a_newRdn, boolean a_deleteOldRdn ) throws NamingException ; } This page was automatically generated by Maven