Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is the Apache Directory Server the new challenger to FedoraDS and OpenLDAP ? Emmanuel Lécharny Iktek.

Published byElijah Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "Is the Apache Directory Server the new challenger to FedoraDS and OpenLDAP ? Emmanuel Lécharny Iktek."— Presentation transcript:

1 Is the Apache Directory Server the new challenger to FedoraDS and OpenLDAP ? Emmanuel Lécharny Iktek

2 2 Planning 1- Introduction 2- Features comparison 3- Compared performances 4- Future evolutions 5- Conclusion... 6- Q&A

3 3 1-Introduction

4 4 2-1 Functionalities

5 5 Generalities

6 6 Technical elements

7 7 Security

8 8 2-2 Apache DS

9 9 Apache DS structure

10 10 Apache Directory Server Full RFCs compliance Embeddable Layered architecture Extensible (Kerberos, DNS, DHCP...) Implements X500 Administrative model Written in Java => multi-platform

11 11 Apache DS X500 extensions X.500 Directory Administrative Model Basic Access Control Scheme Collective Attributes Subentries

12 12 Subentries Selections Exclusions Levels Filtering...

13 13 ADS drawbacks It's young ! Lot of bugs to be fixed (memory leaks) Replication is to be delivered by october Large object remains in memory Backend : JDBM only at the moment Documentation is lacking It's a large piece of software, and we are few working on it...

14 14 3- Performance

15 15 Tests 3 tests : Added 10K users Random search through the base Delete all the 10K users “Out of the box” installation We just wanted to know if we are really bad ;)

16 16 Users Use of MakeLdif to create users : dn: uid=user.3776,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson givenName: Janeczka sn: Favreau cn: Janeczka Favreau initials: JF uid: user.3776 mail: user.3776@cs.hacettepe.edu.tr userPassword: password telephoneNumber: 510-586-6567 homePhone: 143-449-3159 pager: 012-704-9314 mobile: 105-287-9092 employeeNumber: 3776 street: 55438 Ash Street l: Steubenville st: MT postalCode: 77097 postalAddress: Janeczka Favreau$55438 Ash Street$Steubenville, MT 77097 description: This is the description for Janeczka Favreau.

17 17 Typical search request Search for a single user, randomly picked Perform 10K searches The cache is not likely to be used at run 1 10 runs The fastest and slowest are removed uid=user.@,ou=People,dc=cs,dc=hacettepe,dc=edu,dc=tr

18 18 Insertion/deletion (Smaller pyramids is better)

19 19 Search run

20 20 Performance issues Better cache mechanism needed ASN.1 codec can be improved (15% total) Needeless Attribute checking (12% total) DN processing optimization (10% total) Serialization improvement Some operations are done many times Backend is not optimal Memory allocation => GC

21 21 What has already been done DN comparison improved : ADS 4x times faster !!! (with a single line modified :) One day to work this out Thanks to yourKit profiler! ASN.1 codec is much faster (10x) 6 months of work, 40 000 SLOCs LdapDN is 2.7x faster than LdapName 2 months of work, difficult to merge in ADS :(

22 22 4- Evolution

23 23 Backend JDBM is the actual backend Berkely DB JE © is a possible target RDBMS soon... Needs : Fast backend Reliable backend Transactions support

24 24 Tooling (RCP- Eclipse plugin) Start/Stop Import/export LDIF DSML 1.0/2.0 UI Schema Manager Ldap Browser Ldap Proxy

25 25 Replication Replication is a must-have Master-Slave replication (OpenLDAP) OR Multi-Master replication (FDS) RFC 3384 => Multi Master replication Draft by Zeilenga says : 'LDAP Multi-master Replication Considered Harmful' What about ADS ?

26 26 SP and Triggers SP : stored procedure Support Java language, but scripting languages as Janino or Jython may be added later Ease some management operations Triggers with pre/post operations Fine grained replication E-Provisioning

27 27 Standards New RFCs : RFCs 4510 -> 4519 Better X500 compliance Internationalization explained Clarification on previous RFCs Imply some modification, but not so much. Collectives attributes support (RFC 3671) Subentries support (RFC 3672)

28 28 5-Conclusion

29 29 Links Apache Directory Server site and documentation : http://directory.apache.org/ http://directory.apache.org/subprojects/apacheds/features.html http://directory.apache.org/subprojects/apacheds/index.html http://directory.apache.org/subprojects/mina/index.html Articles http://www-128.ibm.com/developerworks/opensource/edu/os-dw-os-ag- ldap1.htmlhttp://www-128.ibm.com/developerworks/opensource/edu/os-dw-os-ag- ldap1.html http://www-128.ibm.com/developerworks/java/library/j-apacheds1/ http://www-128.ibm.com/developerworks/java/library/j-apacheds2/ http://www.screaming-penguin.com/main.php?storyid=4972

30 30 Thanks ! Alex Karasulu, “the brain” ! Trustin Lee, Mina's father Ersin Er, Sp and Triggers Stefan Zoerner, tests and docos Brett Porter, Maven and now MVN :) And Peter Royal, Cyrille Leclerc, Stéphane Bailliez, Pierre-Arnaud Marcelot for their help and support ! Special thanks to Zinedine Zidane !

31 31 6-Q&A

Download ppt "Is the Apache Directory Server the new challenger to FedoraDS and OpenLDAP ? Emmanuel Lécharny Iktek."

Similar presentations

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.

Directory Infrastructure Roadmap Overcoming Fragmented Identities - Roadmap to a Reliable Directory Infrastructure Thorsten Butschke & Dr. Martin Dehn.
What’s New in Windows Server 2008 AD?

What’s New in Windows Server 2008 AD?
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
Data Structures Static and Dynamic.

Data Structures Static and Dynamic.
Enterprise LDAP Emmanuel Lécharny Iktek and Apache Directory Server.

Enterprise LDAP Emmanuel Lécharny Iktek and Apache Directory Server.
Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.

Indications in green = Live content Indications in white = Edit in master Indications in blue = Locked elements Indications in black = Optional elements.
Test Automation Framework Ashesh Jain 2007EE50403 Manager Amit Maheshwari.

Test Automation Framework Ashesh Jain 2007EE50403 Manager Amit Maheshwari.
Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.

Naming Computer Engineering Department Distributed Systems Course Asst. Prof. Dr. Ahmet Sayar Kocaeli University - Fall 2014.
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.

Virtual Directories: Attack Models and Prevention June 2 nd, 2009 Bill Claycomb Systems Analyst Sandia National Laboratories Sandia is a multiprogram laboratory.
LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.

LDAP LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL PRESENTATION BY ALAKESH APURVA DHAN AND ASH.
Authenticating REST/Mobile clients using LDAP and OERealm

Authenticating REST/Mobile clients using LDAP and OERealm
Secure Search Engine Ivan Zhou Xinyi Dong. Project Overview  The Secure Search Engine project is a search engine that utilizes special modules to test.

Secure Search Engine Ivan Zhou Xinyi Dong. Project Overview  The Secure Search Engine project is a search engine that utilizes special modules to test.
©Copyright 1999 Peter Shipley LDAP Security Peter Shipley Chief Security Architect +1 650 404 3292.

©Copyright 1999 Peter Shipley LDAP Security Peter Shipley Chief Security Architect
(ITI310) SESSIONS 9-10-11-12: Active Directory By Eng. BASSEM ALSAID.

(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.

INFORMATION FOR NETWORK OPERATION. CONTENT Directory service Standard X.500 LDAP.
Linux Technology Center 18 April 2003 © 2003 IBM LDAP Content Synchronization Kurt D. ZeilengaJong Hyuk Choi OpenLDAP ProjectIBM Research Title slide.

Linux Technology Center 18 April 2003 © 2003 IBM LDAP Content Synchronization Kurt D. ZeilengaJong Hyuk Choi OpenLDAP ProjectIBM Research Title slide.
Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.

Introduction To OpenLDAP Directory Services. What is a Directory Service? A specialized database optimized for reading, browsing, and searching. No complicated.
Directory Server Campus Booster ID: 351 www.supinfo.com Copyright © SUPINFO. All rights reserved OpenLDAP.

Directory Server Campus Booster ID: Copyright © SUPINFO. All rights reserved OpenLDAP.

Similar presentations

Ads by Google