Embedding Apache Directory Server

Apache Directory is an umbrella for several directory-related projects. this is a tutorial on embedding Apache DS, the actual server project, into other applications (like snarf).

uses interceptors for applying aspects to operations. one example is applying operational attributes to entries that are stored (eg adding owner and timestamp when an entry is created). this keeps the partition interface simple; partition implementers don't need to worry about doing those things themselves. we could do this same thing by setting item and user created and last modified times in the service layer so dao implementers don't have to worry about it.

Triplesec is an identity management system based on Apache DS.

we should think about embedding the cosmo core (service apis and below). issues include:

• startup and shutdown sequences that aren't tied to the servlet environment. this needs to initialize logging, spring, and all the other things that we use servlet context listeners for right now
• security - we need to authenticate and authorize at the service level rather than the protocol level. this implies that services should do things like set item owners rather than requiring protocols to do that stuff
• current apis are stateless, service-oriented; would a stateful api be useful/more efficient for embedded use?

looks like it would be very simple to embed Apache DS into snarf. we'd then need to configure cosmo to use ldap for authentication and user details rather than hibernate. this would entail re-implementing a few acegi interfaces to talk ldap (or more likely using acegi-provided ldap implemetnations configured to talk to apache ds).

something else to think about would be writing a custom partition for Apache DS that could use cosmo's services itself. that way ldap would just be an alternate access protocol for user profile info for snarf. this could be useful for people who want simple ldap and calendaring running in the same server process.