[glue-wg] LDAP rendering document: new version as an outcome of Lund review
Balazs Konya
balazs.konya at hep.lu.se
Thu Jun 14 10:27:51 EDT 2012
Dear All,
I've just uploaded a new version of the "GLUE v. 2.0 – Reference Realization to
LDAP Schema" ldap rendering draft to the glue2 gridforge area. The uploaded new
version contains comments and tracks all the changes we made in the document.
Please find the files here:
- word with all the changes tracked:
https://forge.ogf.org/sf/go/doc15518?nav=1
- clean pdf:
https://forge.ogf.org/sf/docman/do/downloadDocument/projects.glue-wg/docman.root.drafts/doc15526/4
- pdf with all the changes tracked:
https://forge.ogf.org/sf/docman/do/downloadDocument/projects.glue-wg/docman.root.drafts/doc15526/5
During the last weeks (months) the NorduGrid/ARC team in Lund carried out a
thorough review and major cleanup of the ldap rendering document. Basically we
took the document and checked it against our and other LDAP implementations.
The ldap rendering draft was created long time ago and since 07/01/2010 it was
not touched, at many places it became obsolete. Furthermore, back then when the
ldap rendering discussion took place there was only one ldap implementation (the
glite-bdii), unfortunately ARC was busy with the xml glue2 rendering part and
had no possibility to check/follow the ldap area. Furthermore, the ldap team did
not follow the xml rendering discussions although there is quite similarity in
the two data models. Now that ARC implements both an LDAP and XML rendering (i
think we are the only one) we thought it was time to review and update the LDAP
rendering draft.
Here are some of the items we modified or run into (everything is tracked in the
new version!):
- The old document contained a proposed DIT that was incomplete and not followed
by any of the actual implementations. We almost completely rewrote the section
on DIT, introduced three-level information structuring and provided three
detailed pictures that correspond to actual implementation apart from minor
proposed changes.
- while defining the proposed DIT we tried to keep it in sync with the XML
rendering, this was most visible in the selection of the grouping elements
- corrected the datatypes to match the current schema used by EMI
- made a comment on the usage of structural vs. auxiliary types. The current
limited usage of structural types are questionable.
- made a comment on the strange and unjustified (for us) choice on the LDAP
attributenames selected to form DNs
- made a note on the unfortunate choice of GLUE2GRoupID attribute that is not an ID
- followed the RFC4512 terminology (e.g. renamed ldap objects to ldap entries)
- to be consistent with the xml and sql rendering documents changed
"implementation" to "realization" all over the text
- made a note that the used OID allocation mechanism is not extensible when it
comes to adding attributes to entry. Furthermore, the choice is strange, it is
not applied consistently and its benefits are unclear.
Florido will attend the OGF Glue2 session this Sunday and prepares a short
presentation about our LDAP draft rendering review including open questions and
proposed changes.
regards,
Balazs Konya and Florido Paganelli
More information about the glue-wg
mailing list