ApacheDS Features

The Apache Directory Server is an embeddable LDAP server implemented in pure Java. It has several features that make it unique among LDAP servers. Some of these featurea are as follows:

  • Designed as an LDAP and X.500 platform; plugable components and subsystems make ApacheDS extremely modular and ideal for experiments with various aspects of the LDAP protocol.
  • The server’s frontend is completely separable from its backend and vice-versa making it very flexible for implementing virtual directories, proxy servers and gateways to X.500 directories.
  • Several backends can be implemented and plugged into the server’s partition nexus. The server supports a BTree based partition out of the box but any backing store can be used to implement a partition as long as it conforms to interfaces.
  • The server exposes aspects of administration via a special system backend. LDAP can be used to manage these concerns through the system naming context at ou=system.
  • The server contains a server side JNDI LDAP provider as the facade for the entire backend subsystem. JNDI operations are directly translated by this provider into operations against the nexus and the target partitions storing server entries.
  • The server’s networking code, MINA (Multipurpose Infrastructure for Network Applications) was designed for pluggable protocol providers, of all sorts and not just LDAP. MINA gives ApacheDS the ability to handle large amounts of concurrency.
  • LDAP Stored Procedures and Triggers are scheduled for the next major version of ApacheDS.
  • LDAPv3 compatible certified by the OpenGroup

OID assignements Scheme

OID strings are unique numeric identifiers based off of a hierarchical numeric namespace controlled by a central authority on the Internet: IANA (Internet Assigned Numbers Authority).

IANA allows companies and organizations to register for a specific OID base called an enterprise number. There can only be one IANA Enterprise Number per organization.

The ASF’s Enterprise Number

Apache has such an enterprise number. You can look at the IANA assigned numbers here. Here’s the record in this database for the Apache Software Foundation:

Apache Software Foundation

18060
  The Apache Software Foundation
    Alex Karasulu
      akarasulu@apache.org

This means the ASF can use the following unique OID base 1.3.6.1.4.1.18060 for any of it’s needs. However we internal here at the ASF need some kind of scheme for assigning these numbers internally so we do not have collisions.

Current Assignments

Here’s what we’ve assigned to date:

Branch Assignement Assign To Contact Person
1.3.6.1.4.1.18060 ASF Alex Karasulu
1.3.6.1.4.1.18060.0 Directory Alex Karasulu
1.3.6.1.4.1.18060.1 Geronimo Alan Cabrera
1.3.6.1.4.1.18060.2 Apache Infrastructure Ben Laurie
1.3.6.1.4.1.18060.3 Maven Jason Van Zyl
1.3.6.1.4.1.18060.4 Tuscany Luciano Resende
1.3.6.1.4.1.18060.5 Triplesec Alex Karasulu
1.3.6.1.4.1.18060.10 Hadoop Owen O’Malley
1.3.6.1.4.1.18060.11 Tomcat Bernhard Unger
1.3.6.1.4.1.18060.12 HTTPd Joe Orton
1.3.6.1.4.1.18060.14 Synapse Hiranya Jayathilaka
1.3.6.1.4.1.18060.15 CloudStack David Nalley
1.3.6.1.4.1.18060.16 Apache Ambari Paul Codding
1.3.6.1.4.1.18060.17 Apache Fortress Shawn McKinney
1.3.6.1.4.1.18060.18 Apache Guacamole Mike Jumper

Each contact person is the authority for assigning unique OID values and ranges to projects or persons. Contact that person for more assignments.

Making Assignments

Contacts may wonder what scheme is best for making assignments. There is no rule for doing this. However some would recommend assigning the first digit past the enterprise number of an organization to be for identifying a protocol. Obviously we did not do this for Apache. The reason for this is because we feel it’s better to model the assignments based on the structure of the organization since these are private ranges and need not conform to a global convention.

However this still does not tell us how contacts should make assignments. I think this is up to you. Perhaps a good example will be how the Directory TLP does things which is somewhat specific to their products and the nature of their products.

Assignment Scheme For Apache Directory

The ninth component in the OID could be reserved for subprojects like ApacheDS and Triplesec. This might be more attractive in TLPs with many subprojects because a single authority or contact can be used for a specific subproject. So here could be one assignment scheme:

Branch Assignement Assign To
1.3.6.1.4.1.18060.0.0 ApacheDS

Here’s how the ApacheDS OID is branched off:

The ninth component in the OID could be reserved for subprojects like ApacheDS and Triplesec. This might be more attractive in TLPs with many subprojects because a single authority or contact can be used for a specific subproject. So here could be one assignment scheme:

Branch Assignement Assign To
1.3.6.1.4.1.18060.0.0 ApacheDS LDAP Controls
1.3.6.1.4.1.18060.0.1 ApacheDS LDAP Extended Operations
1.3.6.1.4.1.18060.0.2 ApacheDS LDAP Supported Features
1.3.6.1.4.1.18060.0.3 ApacheDS LDAP Protocol Mechanisms
1.3.6.1.4.1.18060.0.4 ApacheDS LDAP Attribute Values
1.3.6.1.4.1.18060.0.4.X.0 ApacheDS LDAP Schema syntaxes
1.3.6.1.4.1.18060.0.4.X.1 ApacheDS LDAP Schema matchingRules
1.3.6.1.4.1.18060.0.4.X.2 ApacheDS LDAP Schema attributeTypes
1.3.6.1.4.1.18060.0.4.X.3 ApacheDS LDAP Schema objectClasses
1.3.6.1.4.1.18060.0.4.X.4 ApacheDS LDAP Schema dITStructureRules
1.3.6.1.4.1.18060.0.4.X.5 ApacheDS LDAP Schema nameForms

where X is a unique number associated with one of the specific ApacheDS schema.

NOTE: dITContentRules do not have their own OID, rather they reference the OID of the structural objectClass they influence. The same sort of situation exists for matchingRuleUse which uses the OID of the matchingRule it is associated with.

And here are the schema OIDs (where the X is substituted by the proper number):

Branch Assignement Assign To
1.3.6.1.4.1.18060.0.4.0 ApacheDS LDAP Meta Schema
1.3.6.1.4.1.18060.0.4.1 ApacheDS LDAP Apache Schema
1.3.6.1.4.1.18060.0.4.2 ApacheDS LDAP Apache DNS Schema
1.3.6.1.4.1.18060.0.4.3 Apache Directory Documentation Examples Schema
1.3.6.1.4.1.18060.0.4.4 Quartz Schema
1.3.6.1.4.1.18060.0.4.5 Bean Schema

(Some of those schema are long gone, but the assignement is still existing)

OID’s for ApacheDS specific controls

Here are the new OIDs used:

OID Control
1.3.6.1.4.1.18060.0.0.1 Cascade Control

OID’s for the extended operations

Here are the new OIDs used:

OID Extended Operation
1.3.6.1.4.1.18060.0.1.1 LaunchDiagnosticUiRequest
1.3.6.1.4.1.18060.0.1.2 LaunchDiagnosticUiResponse
1.3.6.1.4.1.18060.0.1.3 GracefulShutdownRequest
1.3.6.1.4.1.18060.0.1.4 GracefulShutdownResponse
1.3.6.1.4.1.18060.0.1.5 GracefulDisconnect
1.3.6.1.4.1.18060.0.1.6 StoredProcedureRequest
1.3.6.1.4.1.18060.0.1.7 StoredProcedureResponse