[glue-wg] LDAP rendering document: new version as an outcome of Lund review

Balazs Konya balazs.konya at hep.lu.se
Thu Jun 14 10:27:51 EDT 2012 

Dear All,

I've just uploaded a new version of the "GLUE v. 2.0 – Reference Realization to 
LDAP Schema" ldap rendering draft to the glue2 gridforge area. The uploaded new 
version contains comments and tracks all the changes we made in the document. 
Please find the files here:

- word with all the changes tracked:
https://forge.ogf.org/sf/go/doc15518?nav=1

- clean pdf:
https://forge.ogf.org/sf/docman/do/downloadDocument/projects.glue-wg/docman.root.drafts/doc15526/4

- pdf with all the changes tracked:
https://forge.ogf.org/sf/docman/do/downloadDocument/projects.glue-wg/docman.root.drafts/doc15526/5

During the last weeks (months) the NorduGrid/ARC team in Lund carried out a 
thorough review and major cleanup of the ldap rendering document. Basically we 
took the document and checked it against our and other LDAP implementations.

The ldap rendering draft was created long time ago and since 07/01/2010 it was 
not touched, at many places it became obsolete. Furthermore, back then when the 
ldap rendering discussion took place there was only one ldap implementation (the 
glite-bdii), unfortunately ARC was busy with the xml glue2 rendering part and 
had no possibility to check/follow the ldap area. Furthermore, the ldap team did 
not follow the xml rendering discussions although there is quite similarity in 
the two data models. Now that ARC implements both an LDAP and XML rendering (i 
think we are the only one) we thought it was time to review and update the LDAP 
rendering draft.

Here are some of the items we modified or run into (everything is tracked in the 
new version!):

- The old document contained a proposed DIT that was incomplete and not followed 
by any of the actual implementations. We almost completely rewrote the section 
on DIT, introduced three-level information structuring and provided three 
detailed pictures that correspond to actual implementation apart from minor 
proposed changes.

- while defining the proposed DIT we tried to keep it in sync with the XML 
rendering, this was most visible in the selection of the grouping elements

- corrected the datatypes to match the current schema used by EMI

- made a comment on the usage of structural vs. auxiliary types. The current 
limited usage of structural types are questionable.

- made a comment on the strange and unjustified (for us) choice on the LDAP 
attributenames selected to form DNs

- made a note on the unfortunate choice of GLUE2GRoupID attribute that is not an ID

- followed the RFC4512 terminology  (e.g. renamed ldap objects to ldap entries)

- to be consistent with the xml and sql rendering documents changed 
"implementation" to "realization" all over the text

- made a note that the used OID allocation mechanism is not extensible when it 
comes to adding attributes to entry. Furthermore, the choice is strange, it is 
not applied consistently and its benefits are unclear.


Florido will attend the OGF Glue2 session this Sunday and prepares a short 
presentation about our LDAP draft rendering review including open questions and 
proposed changes.


regards,
Balazs Konya and Florido Paganelli

More information about the glue-wg mailing list