SlideShare a Scribd company logo

LDAP Synchronization Connector (LSC)

Download as ODP, PDF
Jonathan Clarke, profile picture
Jonathan Clarke

The document discusses the challenges and solutions associated with identity management and synchronization between different identity repositories such as LDAP and SQL databases. It emphasizes the importance of automatic synchronization to avoid issues from manual processes and highlights the capabilities of the LDAP synchronization connector (LSC). Additionally, it provides an example of configuring synchronization between a MySQL database and OpenLDAP.

Technology
1 of 22
Downloaded 39 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
12/07/2009 Jonathan Clarke jonathan@phillipoux.net static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 1 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Introduction Provisioning for identity management is easy … Just put all employee information in a directory! Simple, right? … well, yes, but … « HR already has software that only stores identity  information in a database » « We use Active Directory for our desktops and we need  users' identities there too » « XYZ software already uses a different directory » static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 2 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Introduction Several different identity repositories How to make sure the same changes apply? New employees Name changes (marriage), transfers... Employees leaving Manual synchronization? Leads to a mess, leaving old accounts active … Automatic synchronization? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 3 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Introduction Automatic synchronization It already exists, and works great Directory- / database-specific replication Application-specific connectors (AD, SAP, etc) What about the rest? Between different databases, directories, files ? Different data models ? Using standards : LDAP, SQL, etc... ? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 4 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
About LDAP Synchronization Connector What is LSC? LDAP Synchronization Connector Open Source project BSD licence Written in Java 4 years in the making 1 year ago LSC-project.org created 6 regular contributors Website: http://lsc-project.org static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 5 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Goals Quickly implement a new synchronization Highly configurable What exactly do we read? Powerful transformations (correctness is important) What exactly do we write? Run fast (performance is important) Easy to setup static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 6 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
LSC synchronization principles Two levels of information per identity Existence – equivalent to an account (LDAP entry) Identity specific details – names, phone numbers (LDAP attributes) Synchronization operations Create: Add entries from source to destination Delete: Delete entries from destination not in source Update: Compare and set specific details static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 7 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Defining a synchronization Source type: LDAP / SQL database / CSV file ? Population: Which users? Which pivot? Information: Attributes? Transformations ? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 8 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
An example: MySQL to OpenLDAP MySQL: a simple users table (HR-style) Field Type Values id INT Auto-increment first_name VARCHAR « Jane » last_name VARCHAR « Doe » marital_status ENUM « Single » / « Married » / « Divorced » salary INT 42000 start_date DATE 01/09/2009 static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 9 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
An example: MySQL to OpenLDAP Configuring the source database JDBC connector: com.mysql.jdbc... URL, username, password Simple SQL request SELECT id AS uid, first_name AS givenName, last_name AS sn, start_date AS startDate FROM users static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 10 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
An example: MySQL to OpenLDAP OpenLDAP: inetOrgPerson entries Field Type Values givenName String first_name (ex: « Jane ») sn String last_name (ex: « Doe ») cn String LAST_NAME first_name (ex: « DOE, Jane ») userPassword Binary string Defaults to « CHANGEME » uid String Unique id from MySQL table static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 11 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
An example: MySQL to OpenLDAP Configuring the destination directory dst.java.naming.provider.url = ldap://localhost/dc=lsc-project,dc=org dst.java.naming.security.authentication = simple dst.java.naming.security.principal = cn=Manager,dc=lsc-project,dc=org dst.java.naming.security.credentials = secret static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 12 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
An example: MySQL to OpenLDAP Configure the synchronization task Source directory searching lsc.tasks = MyTask lsc.tasks.MyTask.type = db2ldap lsc.tasks.MyTask.dstService.baseDn = ou=People lsc.tasks.MyTask.dstService.pivotAttrs = uid lsc.tasks.MyTask.dstService.filterAll = (uid=*) lsc.tasks.MyTask.dstService.attrs = uid sn cn givenName userPassword lsc.tasks.MyTask.dstService.filterId = (uid={uid}) DN generation lsc.tasks.MyTask.dn = "uid=" + srcBean.getAttributeValueById("uid") + "ou=People" static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 13 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
An example: MySQL to OpenLDAP Configuration data transformations (syncoptions) lsc.syncoptions.MyTask.default.action = F lsc.syncoptions.MyTask.cn.force_value = srcBean.getAttributeValueById("sn").toUpperCase() + ", " + srcBean.getAttributeValueById("givenName") lsc.syncoptions.MyTask.userPassword.action = K lsc.syncoptions.MyTask.userPassword.default_value = SecurityUtils.hash(SecurityUtils.MD5, "CHANGEME") static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 14 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Software design Data Transformation Target Source Base de données Abstraction SQL Interface (IBATIS) Objet JDBC Sérialisation (XML) Objet LDAP BEAN Annuaire Traitement LSC Moteur Objet JNDI Objet LDAP static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 15 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Features overview Syncoptions offer unlimited possibilites Hash passwords (SSHA, MD5, etc) Active Directory specificities: UserAccountControl: deactivate accounts, force password changes, etc … LastLogonTimestamp: detect unused accounts UnicodePwd: update passwords in AD-style Filter accents: convert « Hélène » to « Helene » Anything else you can write in Java! static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 16 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Features overview Operation conditions Perform ADDs / UPDATEs / DELETEs conditionally Use-cases: Update-only synchronizations (never create, never delete) Only update the password if it's changed Perform a LDAP bind operation to check Delete an account after 60 days of inactivity static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 17 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Roadmap Version 1.1 – Now! Everything we've talked about Wide-spread use, lots of feedback Version 1.2 – August/September 2009 Dynamic typing (remove LDAP objects generation) Version 1.3 / 1.4 and beyond New configuration mechanism Write to databases Plugins static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 18 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Try it out! Get involved! Main website: http://lsc-project.org/ Tutorials: quickstart demo, detailed tutorials Reference documentation static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 19 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Try it out! Get involved! Getting help (keep in touch!) Mailing lists: http://lists.lsc-project.org/ IRC: #lsc-project on Freenode Development tools: Redmine forge: http://tools.lsc-project.org/ Bugtracker, SVN repository … Continuous build server Lots of tests based on OpenDS static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 20 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Success stories Private: Database to directory Active Directory 8 different instances to OpenLDAP Public: Oracle and MySQL to OpenLDAP CSV files to OpenLDAP 250 000 entries static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 21 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
Thanks for your attention! Any questions? Jonathan Clarke jonathan@phillipoux.net static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 22 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%

More Related Content

PDF
Java8 Neue Sprachfeatures - Lambda/Streams/default Methods/FunctionalInterfaces
Dirk Detering
 
PDF
RESTful API using scalaz (3)
Yeshwanth Kumar
 
PDF
Data Structure using C
Bilal Mirza
 
PDF
Exploring the x64
FFRI, Inc.
 
PDF
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Susan Potter
 
PPSX
โปรแกรมภาษาซีเบื้องต้น
เทวัญ ภูพานทอง
 
DOCX
DataStructures notes
Lakshmi Sarvani Videla
 
DOCX
Cpds lab
praveennallavelly08
 
Java8 Neue Sprachfeatures - Lambda/Streams/default Methods/FunctionalInterfaces
Dirk Detering
 
RESTful API using scalaz (3)
Yeshwanth Kumar
 
Data Structure using C
Bilal Mirza
 
Exploring the x64
FFRI, Inc.
 
Scalaz By Example (An IO Taster) -- PDXScala Meetup Jan 2014
Susan Potter
 
โปรแกรมภาษาซีเบื้องต้น
เทวัญ ภูพานทอง
 
DataStructures notes
Lakshmi Sarvani Videla
 
Cpds lab
praveennallavelly08
 

What's hot (20)

DOCX
C lab manaual
manoj11manu
 
PDF
Reactive programming with RxJS - ByteConf 2018
Tracy Lee
 
PDF
Functional Algebra: Monoids Applied
Susan Potter
 
PPTX
Binary tree
raviahuja11
 
DOC
Numerical Methods in C
Ambili Baby
 
DOC
C basics
MSc CST
 
PDF
Data Structures Practical File
Harjinder Singh
 
PDF
JavaScript 2016 for C# Developers
Rick Beerendonk
 
DOC
CBSE Class XII Comp sc practical file
Pranav Ghildiyal
 
PPTX
Mcs011 solved assignment by divya singh
DIVYA SINGH
 
PDF
C programms
Mukund Gandrakota
 
PDF
Aaron Bedra - Effective Software Security Teams
centralohioissa
 
PPTX
NetPonto - The Future Of C# - NetConf Edition
Paulo Morgado
 
PPTX
Circular linked list
Sayantan Sur
 
TXT
Falcom Việt Nam
falcomvietnam Viet
 
PPTX
Querying Nested JSON Data Using N1QL and Couchbase
Brant Burnett
 
DOC
Final ds record
Ganisius Ganish
 
PPTX
Single linked list
Sayantan Sur
 
PPT
Encryption and Decryption using Tag Design
Joe Jiang
 
DOC
C PROGRAMS
Malikireddy Bramhananda Reddy
 
C lab manaual
manoj11manu
 
Reactive programming with RxJS - ByteConf 2018
Tracy Lee
 
Functional Algebra: Monoids Applied
Susan Potter
 
Binary tree
raviahuja11
 
Numerical Methods in C
Ambili Baby
 
C basics
MSc CST
 
Data Structures Practical File
Harjinder Singh
 
JavaScript 2016 for C# Developers
Rick Beerendonk
 
CBSE Class XII Comp sc practical file
Pranav Ghildiyal
 
Mcs011 solved assignment by divya singh
DIVYA SINGH
 
C programms
Mukund Gandrakota
 
Aaron Bedra - Effective Software Security Teams
centralohioissa
 
NetPonto - The Future Of C# - NetConf Edition
Paulo Morgado
 
Circular linked list
Sayantan Sur
 
Falcom Việt Nam
falcomvietnam Viet
 
Querying Nested JSON Data Using N1QL and Couchbase
Brant Burnett
 
Final ds record
Ganisius Ganish
 
Single linked list
Sayantan Sur
 
Encryption and Decryption using Tag Design
Joe Jiang
 
C PROGRAMS
Malikireddy Bramhananda Reddy
 
Ad

Similar to LDAP Synchronization Connector (LSC) (20)

PDF
Python 炒股指南
Leo Zhou
 
PPT
Cquestions
mohamed sikander
 
PPTX
Unit 3 Input Output.pptx
Precise Mya
 
PPT
C questions
mohamed sikander
 
PDF
Scroll pHAT HD に美咲フォント
Yuriko IKEDA
 
PDF
4 operators, expressions & statements
MomenMostafa
 
PDF
C Programming lab
Vikram Nandini
 
PDF
Laziness in Swift
SwiftWro
 
PDF
CL metaprogramming
dudarev
 
PPT
Introduction to Perl
Sway Wang
 
PDF
7 functions
MomenMostafa
 
PDF
Hacking parse.y (RubyKansai38)
ujihisa
 
PPTX
Arrays
mohamed sikander
 
PPT
DataTypes.ppt
RithikRaj25
 
PDF
CD record Book anna university regulation 21
MohammedirfanmMansoo
 
PPTX
โปรแกรมย่อยและฟังชันก์มาตรฐาน
knang
 
TXT
Yg byev2e
longphi2812
 
PDF
3_Input_output.pdf this is about orogramminy
sumiyaahmedachol
 
PPSX
Concepts of C [Module 2]
Abhishek Sinha
 
PPTX
C programming BY Mazedur
Mazedurr rahman
 
Python 炒股指南
Leo Zhou
 
Cquestions
mohamed sikander
 
Unit 3 Input Output.pptx
Precise Mya
 
C questions
mohamed sikander
 
Scroll pHAT HD に美咲フォント
Yuriko IKEDA
 
4 operators, expressions & statements
MomenMostafa
 
C Programming lab
Vikram Nandini
 
Laziness in Swift
SwiftWro
 
CL metaprogramming
dudarev
 
Introduction to Perl
Sway Wang
 
7 functions
MomenMostafa
 
Hacking parse.y (RubyKansai38)
ujihisa
 
Arrays
mohamed sikander
 
DataTypes.ppt
RithikRaj25
 
CD record Book anna university regulation 21
MohammedirfanmMansoo
 
โปรแกรมย่อยและฟังชันก์มาตรฐาน
knang
 
Yg byev2e
longphi2812
 
3_Input_output.pdf this is about orogramminy
sumiyaahmedachol
 
Concepts of C [Module 2]
Abhishek Sinha
 
C programming BY Mazedur
Mazedurr rahman
 
Ad

More from Jonathan Clarke (10)

PDF
Rudder 3.0 and beyond
Jonathan Clarke
 
PDF
Interfacing infrastructure-as-code with non-expert users
Jonathan Clarke
 
PDF
Sharing automation - why we need a language like ncf for this (Ignite @ devop...
Jonathan Clarke
 
PDF
What is new in CFEngine 3.6
Jonathan Clarke
 
PDF
Automating security policies (compliance) with Rudder
Jonathan Clarke
 
PDF
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
Jonathan Clarke
 
PDF
Configuration management: automating and rationalizing server setup with CFEn...
Jonathan Clarke
 
PDF
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
Jonathan Clarke
 
ODP
LSC - Synchronizing identities @ Loadays 2010
Jonathan Clarke
 
PDF
LDAP Synchronization Connector presentation at LDAPCon 2009
Jonathan Clarke
 
Rudder 3.0 and beyond
Jonathan Clarke
 
Interfacing infrastructure-as-code with non-expert users
Jonathan Clarke
 
Sharing automation - why we need a language like ncf for this (Ignite @ devop...
Jonathan Clarke
 
What is new in CFEngine 3.6
Jonathan Clarke
 
Automating security policies (compliance) with Rudder
Jonathan Clarke
 
OpenLDAP - Astuces pour en faire l'annuaire d'entreprise idéal
Jonathan Clarke
 
Configuration management: automating and rationalizing server setup with CFEn...
Jonathan Clarke
 
A tale of Disaster Recovery (Cfengine everyday, practices and tools)
Jonathan Clarke
 
LSC - Synchronizing identities @ Loadays 2010
Jonathan Clarke
 
LDAP Synchronization Connector presentation at LDAPCon 2009
Jonathan Clarke
 

Recently uploaded (20)

PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Approach and Philosophy of On baking technology
30anthuong17
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
A Presentation on Artificial Intelligence
memembruh336
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 

LDAP Synchronization Connector (LSC)

  • 1. 12/07/2009 Jonathan Clarke jonathan@phillipoux.net static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 1 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 2. Introduction Provisioning for identity management is easy … Just put all employee information in a directory! Simple, right? … well, yes, but … « HR already has software that only stores identity  information in a database » « We use Active Directory for our desktops and we need  users' identities there too » « XYZ software already uses a different directory » static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 2 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 3. Introduction Several different identity repositories How to make sure the same changes apply? New employees Name changes (marriage), transfers... Employees leaving Manual synchronization? Leads to a mess, leaving old accounts active … Automatic synchronization? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 3 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 4. Introduction Automatic synchronization It already exists, and works great Directory- / database-specific replication Application-specific connectors (AD, SAP, etc) What about the rest? Between different databases, directories, files ? Different data models ? Using standards : LDAP, SQL, etc... ? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 4 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 5. About LDAP Synchronization Connector What is LSC? LDAP Synchronization Connector Open Source project BSD licence Written in Java 4 years in the making 1 year ago LSC-project.org created 6 regular contributors Website: http://lsc-project.org static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 5 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 6. Goals Quickly implement a new synchronization Highly configurable What exactly do we read? Powerful transformations (correctness is important) What exactly do we write? Run fast (performance is important) Easy to setup static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 6 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 7. LSC synchronization principles Two levels of information per identity Existence – equivalent to an account (LDAP entry) Identity specific details – names, phone numbers (LDAP attributes) Synchronization operations Create: Add entries from source to destination Delete: Delete entries from destination not in source Update: Compare and set specific details static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 7 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 8. Defining a synchronization Source type: LDAP / SQL database / CSV file ? Population: Which users? Which pivot? Information: Attributes? Transformations ? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 8 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 9. An example: MySQL to OpenLDAP MySQL: a simple users table (HR-style) Field Type Values id INT Auto-increment first_name VARCHAR « Jane » last_name VARCHAR « Doe » marital_status ENUM « Single » / « Married » / « Divorced » salary INT 42000 start_date DATE 01/09/2009 static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 9 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 10. An example: MySQL to OpenLDAP Configuring the source database JDBC connector: com.mysql.jdbc... URL, username, password Simple SQL request SELECT id AS uid, first_name AS givenName, last_name AS sn, start_date AS startDate FROM users static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 10 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 11. An example: MySQL to OpenLDAP OpenLDAP: inetOrgPerson entries Field Type Values givenName String first_name (ex: « Jane ») sn String last_name (ex: « Doe ») cn String LAST_NAME first_name (ex: « DOE, Jane ») userPassword Binary string Defaults to « CHANGEME » uid String Unique id from MySQL table static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 11 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 12. An example: MySQL to OpenLDAP Configuring the destination directory dst.java.naming.provider.url = ldap://localhost/dc=lsc-project,dc=org dst.java.naming.security.authentication = simple dst.java.naming.security.principal = cn=Manager,dc=lsc-project,dc=org dst.java.naming.security.credentials = secret static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 12 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 13. An example: MySQL to OpenLDAP Configure the synchronization task Source directory searching lsc.tasks = MyTask lsc.tasks.MyTask.type = db2ldap lsc.tasks.MyTask.dstService.baseDn = ou=People lsc.tasks.MyTask.dstService.pivotAttrs = uid lsc.tasks.MyTask.dstService.filterAll = (uid=*) lsc.tasks.MyTask.dstService.attrs = uid sn cn givenName userPassword lsc.tasks.MyTask.dstService.filterId = (uid={uid}) DN generation lsc.tasks.MyTask.dn = "uid=" + srcBean.getAttributeValueById("uid") + "ou=People" static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 13 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 14. An example: MySQL to OpenLDAP Configuration data transformations (syncoptions) lsc.syncoptions.MyTask.default.action = F lsc.syncoptions.MyTask.cn.force_value = srcBean.getAttributeValueById("sn").toUpperCase() + ", " + srcBean.getAttributeValueById("givenName") lsc.syncoptions.MyTask.userPassword.action = K lsc.syncoptions.MyTask.userPassword.default_value = SecurityUtils.hash(SecurityUtils.MD5, "CHANGEME") static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 14 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 15. Software design Data Transformation Target Source Base de données Abstraction SQL Interface (IBATIS) Objet JDBC Sérialisation (XML) Objet LDAP BEAN Annuaire Traitement LSC Moteur Objet JNDI Objet LDAP static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 15 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 16. Features overview Syncoptions offer unlimited possibilites Hash passwords (SSHA, MD5, etc) Active Directory specificities: UserAccountControl: deactivate accounts, force password changes, etc … LastLogonTimestamp: detect unused accounts UnicodePwd: update passwords in AD-style Filter accents: convert « Hélène » to « Helene » Anything else you can write in Java! static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 16 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 17. Features overview Operation conditions Perform ADDs / UPDATEs / DELETEs conditionally Use-cases: Update-only synchronizations (never create, never delete) Only update the password if it's changed Perform a LDAP bind operation to check Delete an account after 60 days of inactivity static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 17 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 18. Roadmap Version 1.1 – Now! Everything we've talked about Wide-spread use, lots of feedback Version 1.2 – August/September 2009 Dynamic typing (remove LDAP objects generation) Version 1.3 / 1.4 and beyond New configuration mechanism Write to databases Plugins static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 18 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 19. Try it out! Get involved! Main website: http://lsc-project.org/ Tutorials: quickstart demo, detailed tutorials Reference documentation static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 19 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 20. Try it out! Get involved! Getting help (keep in touch!) Mailing lists: http://lists.lsc-project.org/ IRC: #lsc-project on Freenode Development tools: Redmine forge: http://tools.lsc-project.org/ Bugtracker, SVN repository … Continuous build server Lots of tests based on OpenDS static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 20 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 21. Success stories Private: Database to directory Active Directory 8 different instances to OpenLDAP Public: Oracle and MySQL to OpenLDAP CSV files to OpenLDAP 250 000 entries static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 21 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  • 22. Thanks for your attention! Any questions? Jonathan Clarke jonathan@phillipoux.net static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 22 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%