We just released Penrose 0.9.8 which now supports a persistence cache mechanism. Persistent cache allows a faster recovery from hardware failure by storing all the cached entries into a persistent store. A persistent store can be a database or an LDAP server. We tested our persistent cache implementation against both OpenLDAP and Sun One DS.
Penrose: now supports Persistent Cache
December 13th, 2005 — News, Penrose
Identity Management Map November Edition is Available
November 29th, 2005 — Directory
Identity Management Map November Edition is available. I will be revising it in the next few days. It is more readable now with the additional cloud coloring. HTML version with an image map is also available.
YA-LDAP (Yet Another LDAP) Server ?
November 12th, 2005 — Directory
I have met many people along the way who scoff writing an LDAP server implementation in Java. Some of the reasons are:
Their reasonings are valid, but myopic. I will expound this on a follow-up topic.
ApacheDS Project has gone thru incubation process for 18 months and graduated only a few months ago (March 2005). It has been steadily gaining a community. You can take a peek at its chatter log. The project is led by a good friend of mine, Alex Karasulu, who is not only passionate but has a unique ability to bring together various passionate developers together. (Check out these testimonials)
I lead an open source virtual directory project called Penrose which utilize Apache DS as its protocol layer (LDAP). Penrose leverages ApacheDS project for many reasons. Our goal was to add new functionalities to a plain ol’ LDAP server, namely virtualization, synchronization and federation (what Burton Group called “Identity Data Service“), and doing so without reinventing the wheel. Take a look at the following numbers:
lines of code in ./apacheds/trunk = 84606 lines of code in ./asn1/trunk = 30137 lines of code in ./authx/trunk = 9553 lines of code in ./clients/kerberos/trunk = 867 lines of code in ./clients/ldap/trunk = 10420 lines of code in ./naming/trunk = 17139 lines of code in ./network/trunk = 20323 lines of code in ./protocol-providers/changepw/trunk = 2842 lines of code in ./protocol-providers/dhcp/trunk = 4858 lines of code in ./protocol-providers/dns/trunk = 6825 lines of code in ./protocol-providers/kerberos/trunk = 3772 lines of code in ./protocol-providers/ldap/trunk = 2193 lines of code in ./protocol-providers/ntp/trunk = 1598 lines of code in ./sandbox/trunk = 31889 lines of code in ./sandbox/trunk/apseda/trunk = 15176 lines of code in ./sandbox/trunk/kerberos-sam/trunk = 1325 lines of code in ./sandbox/trunk/osgi-spec/trunk = 5083 lines of code in ./sandbox/trunk/protocol/trunk = 583 lines of code in ./shared/kerberos/trunk = 13331 lines of code in ./shared/ldap/trunk = 124599 lines of code in ./shared/protocol/trunk = lines of code in ./standalone/trunk = 3161 lines of code in ./testsuite/trunk = 3004 Total: 393284
85K in apacheds core (Server Code) + 125K in ldap-common (Shared Code) + 30K in ASN.1 (Shared Code) = 240K lines of code for LDAP ONLY!!
It may not be anywhere close to 50M LOC, but maintaining and re-factoring a 250,000 LOC code is still a pretty challenging undertaking. Jboss codebase is about 500,000 LOC and requires more than 30 dedicated developers to maintain it. Penrose code is about 70,000 LOC. Had we chosen to implement our own LDAP server; we would be maintaining a total of 310K LOC ourselves.
Cache is King or Evil ?
November 1st, 2005 — Directory
Cache is King is an important read for understanding how cache plays role in a virtual directory. Without it, a virtual directory is simply an LDAP proxy/router. Future versions of Penrose will add a persistent cache and a synchronization service.
Cache is Evil is also an important read emphasizing the benefit of a having dynamic access functionality.
IMHO, “Virtualize if you can, synchronize if you must” is a good rule of thumb in designing multi-site and complex directory system.
Network World Write-up on Penrose and Safehaus
October 5th, 2005 — News, Penrose
Dave Kearns wrote an article about Penrose Project and Safehaus. For those individuals who has an existing open source project that needs a personalized technical services, Safehaus.org can help you.
Open Source Identity Management Map
September 29th, 2005 — Open Source
Identity Management related OSS Map is now online. Check it out here. I’ll do my best to update them every month.
Legacy Identity Silos Integration
September 24th, 2005 — Penrose, Use Case
Most of user identities information are not stored in directory. They are stored in a database, a flat-file, or within legacy application. Virtual Directory is one of the newest invention which can help enterprise to expose and repurpose those identities. The process to make those identities available in a standard Directory Access Protocol (LDAP) is very straightforward. All you need to do is to use a mapping tool, commonly provided by Virtual Directory technology, to create a “pointer” from your existing user identities to your “virtual” Directory Information Tree.
You can check-out a flash demo here.