[glue-wg] Problem with LDAP binding inherited foreign-keys
Paul Millar
paul.millar at desy.de
Tue Feb 22 09:13:42 CST 2011
Hi all,
While writing the dCache GLUE2 info-provider, I came across a problem with the
current GLUE2 LDAP binding.
The problem is that inherited associations are represented twice.
The schema uses three kinds of LDAP class: ABSTRACT, AUXILIARY and STRUCTURAL.
ABSTRACT is only used for the LDAP class for Entity (GLUE2Entity), all objects
that are a directly derived from Entity are STRUCTURAL, everything else is
AUXILIARY.
So:
LDAP classes for Service and Share (GLUE2Service and GLUE2Share
respectively) are STRUCTURAL,
LDAP classes for StorageService and StorageShare
(GLUE2StorageService and GLUE2StorageShare) are AUXILIARY.
Any published object must have at least one STRUCTURAL class and zero or more
AUXILIARY classes.
To publish a StorageService, the LDAP object must have GLUE2StorageService and
GLUE2Service object-classes. To publish a StorageShare, the LDAP object must
have GLUE2StorageShare and GLUE2Share object-classes.
In GLUE v2.0, the Share object has a required (i.e., multiplicity of '1')
association with a Service. This is represented in the LDAP Schema as a
required attribute in the GLUE2Share class: the GLUE2ShareServiceForeignKey
attribute.
The StorageShare object inherits this required association, only it is against
a StorageService now. This association is represented as a required attribute
in the GLUE2StorageShare class: the GLUE2StorageShareStorageServiceForeignKey
attribute.
Since a StorageShare object must be published as both GLUE2StorageShare and
GLUE2Share object-classes, this object must publish the same association
twice: once once as GLUE2ShareServiceForeignKey and again as
GLUE2StorageShareStorageServiceForeignKey.
The same problem exists for very many (perhaps all) ForeignKey attributes in
AUXILIARY classes but is hidden since those foreign-key attributes are
optional.
I've talked to Laurence about this problem and our preferred solution is to
delete GLUE2StorageShareStorageServiceForeignKey and have all a StorageShare
publish their association with StorageService using a
GLUE2ShareServiceForeignKey.
I believe this approach will work for the other "inherited" foreign-key
attributes.
This solution has the disadvantage that the association between a
StorageService cannot be restricted to a StorageService (and not, for example,
to a ComputingService object). However, since LDAP doesn't support foreign-
key constraints, such consistency may only be enforced by manual checking
(gstat2, glue-validation suite, etc). So, I believe removing
GLUE2StorageShareStorageServiceForeignKey doesn't loose us anything.
Does this make sense? Are people in favour of this approach?
Cheers,
Paul.
More information about the glue-wg
mailing list