Hi Yaning, On Thu, Jul 2, 2015 at 4:28 PM, Xu, Yaning <yaning...@intel.com> wrote:
> Hi Kiran, > > > > 1. The administrator may need to list all principal names, and then > use the principal name he is interested in to get the Identity; > > 2. There may be too many principals to scan at once, so the system > may need to get only a part of them at once, as Stefan pointed out; > > 3. We need to make Kerby compatible to Krb5, and it has implemented > this interface as list_principals > http://web.mit.edu/KERBEROS/krb5-1.12/doc/admin/admin_commands/kadmin_local.html > ; > ic, so here is the case, it is mainly for the kadmin client and I would prefer if kadmin takes care of sorting and paginating after retrieving the principals rather than offloading this to backends. The primary reasons is not all stores that are used by IdentityBackends may support sorting or pagination, for example not all LDAP servers support sorting and many database libraries do not support pagination(this is a client thing). I would like to propose an alternative design: Add search functionality to the IdentityBackend, i.e it accepts a search pattern and return a Cursor then kadmin will browse this cursor and prepares a suitable view of principals. We can have a search limit in this interface but we don't need a start position cause the client can navigate using Cursor (when the cursor implementation supports). thanks for the link > > Regards, > > > > Yaning > > > > > > *From:* Kiran Ayyagari [mailto:kayyag...@apache.org] > *Sent:* Thursday, July 02, 2015 3:59 PM > *To:* Apache Directory Developers List > *Subject:* Re: How to implement getIdentities(int start, int limit) more > effectively > > > > Hi Yaning, > > where in the server or client are we going to need this interface, iow, > can you describe the usecase > > that requires this getIdentities(s,l) method. > > (I just want to understand the need for this method before we dive into > implementing it) > > > > On Thu, Jul 2, 2015 at 3:39 PM, Xu, Yaning <yaning...@intel.com> wrote: > > Hi all, > > > > As we have discussed https://issues.apache.org/jira/browse/DIRKRB-295 > , IdentityService.getIdentities() should be removed. However, to implement > getIdentities(int start, int limit), which returns a sorted result, I have to > get all identities from the ldap server and then sort them. Is it possible > for the Ldap server to return a sorted result for the client connection? > > > > In [1], I see a test about Page Search on client side > testPagedSearchWrongCookie(), and it uses pagedSearchControl.setSize(3) to > set the page size, the problem are: > > > > *how can I get a search result based on the start index and pageSize, > like I may use getIdentities(int start, int limit) to return a result; > > *how can I get a sorted result from the server, so that I don’t have > to get all the entries and then sort them to get the result; > > > > [1] > https://svn.apache.org/repos/asf/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/search/PagedSearchIT.java > > > > > > public List<String> getIdentities(int start, int limit) { > List<String> identities = getIdentities(); > > if (limit == -1) { > return identities; > } > > return getIdentities().subList(start, start + limit); > } > > > private List<String> getIdentities() { > List<String> identityNames = new ArrayList<>(); > EntryCursor cursor; > Entry entry; > try { > cursor = connection.search( getConfig().getString("base_dn"), > "(objectclass=*)", SearchScope.ONELEVEL, > KerberosAttribute.KRB5_PRINCIPAL_NAME_AT); > if (cursor == null) { > return null; > } > while (cursor.next()) { > entry = cursor.get(); > > identityNames.add(entry.get(KerberosAttribute.KRB5_PRINCIPAL_NAME_AT).getString()); > } > cursor.close(); > Collections.sort(identityNames); > } catch (LdapException e) { > e.printStackTrace(); > } catch (CursorException e) { > e.printStackTrace(); > } > return identityNames; > } > > > > Regards, > > > > Yaning > > > > > > > -- > > Kiran Ayyagari > http://keydap.com > -- Kiran Ayyagari http://keydap.com
