apache directory server the new · 2017. 1. 4. · really bad ;) 16 users •use of makeldif to...
TRANSCRIPT
![Page 1: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/1.jpg)
Is the
Apache Directory Server the new
challenger to FedoraDSand OpenLDAP ?
Emmanuel LécharnyIktek
![Page 2: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/2.jpg)
2
Planning
• 1- Introduction• 2- Features comparison• 3- Compared performances• 4- Future evolutions• 5- Conclusion...• 6- Q&A
![Page 3: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/3.jpg)
3
1-Introduction
![Page 4: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/4.jpg)
4
2-1 Functionalities
![Page 5: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/5.jpg)
5
Generalities
•ApacheDS FedoraDS OpenLDAP
LdapV3
Code Java C/C++ C/C++Documentation Well, err... Extensive SpareBooks None None 2Licence ASL 2.0 GPL OPLBacked by organizationApache RedHat ManyOrigin Genuine Michigan university
![Page 6: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/6.jpg)
6
Technical elements
ApacheDS FedoraDS OpenLDAPInstallation Installer Installer Package/buildBackend JDBM RDBMS allowed BDB, GDB...Transaction RDBMS ExtensionMulti-backend Yes
Replication Mitosis M/M 4 ways M-M M-SSchema Compilation Dynamic/GUI Static/filesReferrals
Attribute Encryption
Subtrees specification
![Page 7: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/7.jpg)
7
Security
ApacheDS FedoraDS OpenLDAPSSL V3
TLS Soon...
SASL Soon...
ACIs Partial ?Attribute Encryption
![Page 8: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/8.jpg)
8
2-2 Apache DS
![Page 9: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/9.jpg)
9
Apache DS structure
![Page 10: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/10.jpg)
10
Apache Directory Server• Full RFCs compliance• Embeddable• Layered architecture• Extensible (Kerberos, DNS, DHCP...)• Implements X500 Administrative
model• Written in Java => multi-platform
![Page 11: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/11.jpg)
11
Apache DS X500 extensions
• X.500 Directory Administrative Model
• Basic Access Control Scheme• Collective Attributes• Subentries
![Page 12: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/12.jpg)
12
Subentries
• Selections• Exclusions• Levels• Filtering• ...
![Page 13: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/13.jpg)
13
ADS drawbacks• It's young !• Lot of bugs to be fixed (memory leaks)• Replication is to be delivered by october• Large object remains in memory• Backend : JDBM only at the moment• Documentation is lacking• It's a large piece of software, and we are
few working on it...
![Page 14: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/14.jpg)
14
3- Performance
![Page 15: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/15.jpg)
15
Tests
• 3 tests :•Added 10K users•Random search through the base
•Delete all the 10K users• “Out of the box” installation• We just wanted to know if we are
really bad ;)
![Page 16: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/16.jpg)
16
Users• Use of MakeLdif to create users :
dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=trobjectClass: topobjectClass: personobjectClass: organizationalPersonobjectClass: inetOrgPersongivenName: Janeczkasn: Favreaucn: Janeczka Favreauinitials: JFuid: user.3776mail: [email protected]: passwordtelephoneNumber: 5105866567homePhone: 1434493159pager: 0127049314mobile: 1052879092employeeNumber: 3776street: 55438 Ash Streetl: Steubenvillest: MTpostalCode: 77097postalAddress: Janeczka Favreau$55438 Ash Street$Steubenville, MT 77097description: This is the description for Janeczka Favreau.
![Page 17: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/17.jpg)
17
Typical search request
• Search for a single user, randomly picked
• Perform 10K searches• The cache is not likely to be used at run 1
• 10 runs• The fastest and slowest are removed
uid=user.@,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr
![Page 18: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/18.jpg)
18
Insertion/deletion
Row 90
50
100
150
200
250
300
350
400450
500550
Add 10K users
ADS AddFDS Add
OL Add
Servers
Tim
e in s
eco
nd
s
Row 190
50
100
150
200
250
300350
400450500550
Delete 10K users
ADS DelFDS Del
OL Del
Servers
Tim
e in s
eco
nd
s
(Smaller pyramids is better)
![Page 19: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/19.jpg)
19
Search run
12
58
1015
20100
0
200
400
600
800
1000
1200
1400
1600
1800
Ldap servers performance test : random search
ADS
FDS
OL
Nb threads
Searc
h R
eq
/s
![Page 20: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/20.jpg)
20
Performance issues
• Better cache mechanism needed• ASN.1 codec can be improved (15% total)• Needeless Attribute checking (12% total)• DN processing optimization (10% total)• Serialization improvement• Some operations are done many times• Backend is not optimal• Memory allocation => GC
![Page 21: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/21.jpg)
21
What has already been done
• DN comparison improved : ADS 4x times faster !!! (with a single line modified :)• One day to work this out• Thanks to yourKit profiler!
• ASN.1 codec is much faster (10x)• 6 months of work, 40 000 SLOCs
• LdapDN is 2.7x faster than LdapName• 2 months of work, difficult to merge in
ADS :(
![Page 22: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/22.jpg)
22
4- Evolution
![Page 23: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/23.jpg)
23
Backend
• JDBM is the actual backend• Berkely DB JE© is a possible target• RDBMS soon...• Needs :
• Fast backend• Reliable backend
• Transactions support
![Page 24: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/24.jpg)
24
Tooling (RCP- Eclipse plugin)
• Start/Stop• Import/export
• LDIF• DSML 1.0/2.0
• UI Schema Manager• Ldap Browser• Ldap Proxy
![Page 25: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/25.jpg)
25
Replication• Replication is a must-have
• Master-Slave replication (OpenLDAP) OR• Multi-Master replication (FDS)
• RFC 3384 => Multi Master replication• Draft by Zeilenga says : 'LDAP Multi-
master Replication Considered Harmful'
• What about ADS ?
![Page 26: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/26.jpg)
26
SP and Triggers
• SP : stored procedure• Support Java language, but scripting
languages as Janino or Jython may be added later
• Ease some management operations
• Triggers with pre/post operations• Fine grained replication • E-Provisioning
![Page 27: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/27.jpg)
27
Standards• New RFCs : RFCs 4510 -> 4519
• Better X500 compliance• Internationalization explained• Clarification on previous RFCs• Imply some modification, but not so
much.
• Collectives attributes support (RFC 3671)
• Subentries support (RFC 3672)
![Page 28: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/28.jpg)
28
5-Conclusion
![Page 29: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/29.jpg)
29
Links• Apache Directory Server site and
documentation :• http://directory.apache.org/
• http://directory.apache.org/subprojects/apacheds/features.html
• http://directory.apache.org/subprojects/apacheds/index.html
• http://directory.apache.org/subprojects/mina/index.html
• Articles• http://www-128.ibm.com/developerworks/opensource/edu/os-dw-os-ag-ldap1.html
• http://www-128.ibm.com/developerworks/java/library/j-apacheds1/
• http://www-128.ibm.com/developerworks/java/library/j-apacheds2/
• http://www.screaming-penguin.com/main.php?storyid=4972
![Page 30: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/30.jpg)
30
Thanks !• Alex Karasulu, “the brain” !• Trustin Lee, Mina's father• Ersin Er, Sp and Triggers• Stefan Zoerner, tests and docos• Brett Porter, Maven and now MVN :)• And Peter Royal, Cyrille Leclerc, Stéphane
Bailliez, Pierre-Arnaud Marcelot for their help and support !
Special thanks to Zinedine Zidane !
![Page 31: Apache Directory Server the new · 2017. 1. 4. · really bad ;) 16 Users •Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass:](https://reader034.vdocument.in/reader034/viewer/2022051905/5ff79b02a014642c2e2ad128/html5/thumbnails/31.jpg)
31
6-Q&A