I renamed the thread to avoid any confusion.
Le 10/23/12 11:26 AM, Kiran Ayyagari a écrit :
On Tue, Oct 23, 2012 at 1:44 PM, Pierre-Arnaud Marcelot <p...@marcelot.net>
wrote:
Hi Kiran,
On 23 oct. 2012, at 08:09, Kiran Ayyagari <kayyag...@apache.org> wrote:
Hi All,
I am currently implementing an X509 trust manager that is used for
checking client certificates while using TLS for replication.
This trust manager can work in any one of the two modes
1. trust all (default mode)
2. trust only the specified certificates
Sounds cool. :)
In the 2 mode trust manager loads a set of certificates stored in
DiT under ou=certificates,ou=system (a new branch) [1]
Sorry to hijack a little the original topic here, but I think its related.
I really think we should get rid of the system partition, it has no use and
the only interesting thing it still holds is the default/admin user.
we discussed about this several times, but later I started to think
that we should keep it
let me state the reasons that support this in my view:
o this serves as a play ground for users without having to go
through the creation of a partition
and multiple restarts before he can actually inject an entry and use it
I do agree. If we remove the ou=system partition, then we will have to
create a new partition for users who want to play with the server,
without having to create a specific new partition.
o parts of the system partition comes with default protection using
ACI and this is also a nice to
have in out of the box installation
o the system partition is very tightly coupled with the internals
(though _can_ be changed it requires substantial
amount of effort)
Especially when it comes to change the many tests depending on it...
But I don't think those two last points are valid : just because we
depend on a partition which should not have existed at the beginning, we
should not refrain of thinking about removing it.
Now, the ou=system not only contains the configuration - which could
(should ?) be in a separate partition - it also stores the ou=groups and
ou=users branches. I guess many users are storing entries in those
branches, removing it can impact severely those existing users.
One other thing : the prefNodeName=sysPrefRoot branch can probably be
removed (see http://osdir.com/ml/dev-directory-apache/2010-05/msg00190.html)
Everything that is configurable (including the default/admin user) has its
place in the configuration partition.
That includes the certificates you're talking about.
Certficates are not part of the server configuration, if you except the
admin user. And here, if the admin user contains its own certificate,
that's fine.
Maybe we need to have a server certificate, which is not asociated with
the admin user though...
other than the feature that it can be edited using a text editor am
really not comfortable with this
config LDIF partition, cause it is quite inefficient in the way it
handles updates, a complete re-write
after each modification is making it vulnerable to corruption (when I
try applying an ACI it takes way too long to
complete and leaves the partition corrupted if the process is killed
in the middle)
We can differ the update on disk. Before using a LDIF partition, it was
a JDBM partition. Having a corrupted JDBM partition was even worse := we
weren't able to fix it at all ! With a LDIF partition, we can still use
a text editor and fix what has been broken...
Morever, I do think that the performances is not really an issue : we
don't modify the configuration frequently, and this is not an operation
you want to do on production before bing sure that you won't break the
server, I don't really mind if we are at risk to break the server.
In other words : this is an admin task, and the admin must me cautious
before changing anything... Including backups !
The point am trying to make is adding certificates to this partition
makes the backing LDIF file grow in large size
making any modify operation even more slow.
I agree with that.
ATM, the default password is not included in the configuration and it makes
it uncomfortable having to first launch the server to be able to edit this
value.
currently the config.ldif is not written to disk unless the server is
started for the very first time
We can discuss this specific problem in another thread. It would be way
better if the admin password was not stored in clear anywhere...
(currently it *is* stored as PLAINTEXT : it would be way better to _at
least_ stored the hash value of it...)
It would be the same thing for those certificates.
adding a certificate content in an LDIF entry is quite involved, I
would personally prefer the server to take care
of it instead of manually encoding and adding in config.ldif
Agreed. Certificates are stored as a byte[], and in LDIF, it's a base64
value. Note that it's note *taht* complicated to create the LDIF file :
Studio can do it for you :)
I think the configuration partition should really be the place where we
store everything that can be configured.
Once that's done, the system partition has no reason to exist anymore
WDYT?
hope I have made my view clear in the above lines about keeping the
system partition :)
I would keep the ou=system partition around atm. It's not a big deal to
have it, it's convenient for tests, and for users.
I would rather suggest that we remove the ou=configuration,ou=system
branch, it's most certainly useless.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
