It was the first conference that I almost forgot about using the Internet. Really excellent presentations and top participants. Also, having your room just a few floors over the the conference rooms was a nice change compared to the usual TERENA conference setting (conference held in a university with the hotel usually being over an hour away).
The conference started with a nice overview of the standards status by Kurt Zeilenga, followed by a talk from Ludovic Poitu on the merits of the upcoming OpenDS. Seems like it’s getting to a pretty mature status and the figures are impressive: 10 times faster than Sun One and they still have not worked on optimizations. From the looks of it, 2008 will be OpenDS year since 1.0 will be released probably before the end of 2007.
Java based LDAP servers got a lot of attention in this conference. Alex Karasulu described Apache view on LDAP roadmap as well as Apache Directory. They envision Directory Services resembling RDBMS offering Triggers, Stored Procedures and views (though the later could be implemented with a strong proxying interface like the one available in OpenLDAP). Ersin Er gave a more detailed presentation on the actual implementation of Stored Procedures in Apache DS. The idea is to offer an API and the ability to write Java code to implement operations while triggers will actually have a stored procedure as the scheduled action. Personally, i feel a little nervous about having code executed inside the server context. Although triggers might be a nice (and less heavy) alternative to things like persistent searches.
Howard Chu, chief architect of OpenLDAP and employee at Symas gave a nice presentation on the status of version 2.4. Benchmark numbers are very, very impressive (150 million entries, 4800 writes/second 32,000 queries/second, only 6 hours load time) while the cn=config and dynamic configuration/loading of everything makes remote configuration a reality and restarts a thing of the past. If only there was a strong configuration GUI for things like configuring Syncrepl. N-way multimaster replication is also now available making OpenLDAP an equal competitor to commercial offerings.
Giovanni Baruzzi gave an enlightening presentation on how to properly design an LDAP Directory Information Tree (DIT). The main idea is: ‘Keep the tree as flat as possible, as deep as needed’. Groups implementation were also discussed in detail: Static groups can work great as long as they are under 80,000 members (at which case an update can take more than 5 minutes) while memberOf is very flexible but poses security risks (write access to the memberOf attribute means that an administrator can add a user to any of the available groups). I wasn’t able to attend the presentation on Apache Directory Studio but i downloaded it later and played with it. Very impressive and long awaited set of tools. It includes a powerful directory browser, an entry/schema editor as well as some Apache Directory specific tools for ACI and configuration editing.
Hilla Reynolds from far away Australia presented an in-house X.500/LDAP infrastructure with advanced features including geographical distribution of data access, concurrent replication (though i believe this is something difficult to achieve without enlarging the directory update time) and chained queries in order to return combined results from multiple sources.
Second day started with Steven Legg presenting LDAP and XML integration process. Nice work though a bit technical and hard to follow. I ‘d like to see where things will lead, although at this point the only actual implementation is by him. Next were two presentations from Sun employees on LDAP Proxies/Virtual Directories and Scaling Directories.
Following was … my presentation 🙂 One excellent and lively presentation from Felix Gaehtgens on how to write efficient LDAP applications followed. Keynotes were to keep connections open, parallelize operations through either multiple threaded connections or by using asynchronous reads (though the later involves more effort from the application writer), not using ‘Directory Manager’ to perform all operations and making use of the ProxyAuth mechanism if possible. I am happy that FreeRADIUS already uses most of the above directives in the LDAP module. Lastly, the conference was closed with a presentation from Volker Lendecke on lessons learned from Samba’s LDAP backends. The general conclusion was that various libc functions were broken and samba had to reimplement them correctly.
Some more blogs on the conference:
I will try and find if the conference proceedings will become available online. If that happens I will post the link here.