12/07/2009




                                           Jonathan Clarke
                                       jonathan@...
Introduction
   Provisioning for identity management is easy …
     Just put all employee information in a directory!
    ...
Introduction
   Several different identity repositories
     How to make sure the same changes apply?
        New employee...
Introduction
   Automatic synchronization
     It already exists, and works great
        Directory- / database-specific r...
About LDAP Synchronization Connector
   What is LSC?
     LDAP Synchronization Connector
     Open Source project
     BSD...
Goals
   Quickly implement a new synchronization
   Highly configurable
     What exactly do we read?
     Powerful transf...
LSC synchronization principles
   Two levels of information per identity
       Existence – equivalent to an account (LDAP...
Defining a synchronization
   Source type: LDAP / SQL database / CSV file ?
   Population: Which users? Which pivot?
   In...
An example: MySQL to OpenLDAP
   MySQL: a simple users table (HR-style)
                Field                      Type   ...
An example: MySQL to OpenLDAP
   Configuring the source database
     JDBC connector: com.mysql.jdbc...
     URL, username...
An example: MySQL to OpenLDAP
   OpenLDAP: inetOrgPerson entries
                Field                      Type          ...
An example: MySQL to OpenLDAP
   Configuring the destination directory
     dst.java.naming.provider.url = ldap://localhos...
An example: MySQL to OpenLDAP
   Configure the synchronization task
     Source directory searching
     lsc.tasks = MyTas...
An example: MySQL to OpenLDAP
   Configuration data transformations (syncoptions)
     lsc.syncoptions.MyTask.default.acti...
Software design
                Data
                                                                Transformation       ...
Features overview
   Syncoptions offer unlimited possibilites
     Hash passwords (SSHA, MD5, etc)
     Active Directory s...
Features overview
   Operation conditions
     Perform ADDs / UPDATEs / DELETEs conditionally
   Use-cases:
     Update-on...
Roadmap
   Version 1.1 – Now!
     Everything we've talked about
     Wide-spread use, lots of feedback
   Version 1.2 – A...
Try it out! Get involved!
   Main website: http://lsc-project.org/
     Tutorials: quickstart demo, detailed tutorials
   ...
Try it out! Get involved!
   Getting help (keep in touch!)
     Mailing lists: http://lists.lsc-project.org/
     IRC: #ls...
Success stories
    Private:




                    Database to directory                                   Active Direct...
Thanks for your attention!
                                      Any questions?




                                      ...
Upcoming SlideShare
Loading in …5
×

LDAP Synchronization Connector (LSC)

3,582 views

Published on

Introducing the LSC project: context in IAM, Open Source project status, goals, principles and an example.

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,582
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
37
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

LDAP Synchronization Connector (LSC)

  1. 1. 12/07/2009 Jonathan Clarke jonathan@phillipoux.net static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 1 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  2. 2. Introduction Provisioning for identity management is easy … Just put all employee information in a directory! Simple, right? … well, yes, but … « HR already has software that only stores identity  information in a database » « We use Active Directory for our desktops and we need  users' identities there too » « XYZ software already uses a different directory » static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 2 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  3. 3. Introduction Several different identity repositories How to make sure the same changes apply? New employees Name changes (marriage), transfers... Employees leaving Manual synchronization? Leads to a mess, leaving old accounts active … Automatic synchronization? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 3 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  4. 4. Introduction Automatic synchronization It already exists, and works great Directory- / database-specific replication Application-specific connectors (AD, SAP, etc) What about the rest? Between different databases, directories, files ? Different data models ? Using standards : LDAP, SQL, etc... ? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 4 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  5. 5. About LDAP Synchronization Connector What is LSC? LDAP Synchronization Connector Open Source project BSD licence Written in Java 4 years in the making 1 year ago LSC-project.org created 6 regular contributors Website: http://lsc-project.org static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 5 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  6. 6. Goals Quickly implement a new synchronization Highly configurable What exactly do we read? Powerful transformations (correctness is important) What exactly do we write? Run fast (performance is important) Easy to setup static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 6 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  7. 7. LSC synchronization principles Two levels of information per identity Existence – equivalent to an account (LDAP entry) Identity specific details – names, phone numbers (LDAP attributes) Synchronization operations Create: Add entries from source to destination Delete: Delete entries from destination not in source Update: Compare and set specific details static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 7 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  8. 8. Defining a synchronization Source type: LDAP / SQL database / CSV file ? Population: Which users? Which pivot? Information: Attributes? Transformations ? static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 8 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  9. 9. An example: MySQL to OpenLDAP MySQL: a simple users table (HR-style) Field Type Values id INT Auto-increment first_name VARCHAR « Jane » last_name VARCHAR « Doe » marital_status ENUM « Single » / « Married » / « Divorced » salary INT 42000 start_date DATE 01/09/2009 static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 9 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  10. 10. An example: MySQL to OpenLDAP Configuring the source database JDBC connector: com.mysql.jdbc... URL, username, password Simple SQL request SELECT id AS uid, first_name AS givenName, last_name AS sn, start_date AS startDate FROM users static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 10 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  11. 11. An example: MySQL to OpenLDAP OpenLDAP: inetOrgPerson entries Field Type Values givenName String first_name (ex: « Jane ») sn String last_name (ex: « Doe ») cn String LAST_NAME first_name (ex: « DOE, Jane ») userPassword Binary string Defaults to « CHANGEME » uid String Unique id from MySQL table static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 11 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  12. 12. An example: MySQL to OpenLDAP Configuring the destination directory dst.java.naming.provider.url = ldap://localhost/dc=lsc-project,dc=org dst.java.naming.security.authentication = simple dst.java.naming.security.principal = cn=Manager,dc=lsc-project,dc=org dst.java.naming.security.credentials = secret static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 12 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  13. 13. An example: MySQL to OpenLDAP Configure the synchronization task Source directory searching lsc.tasks = MyTask lsc.tasks.MyTask.type = db2ldap lsc.tasks.MyTask.dstService.baseDn = ou=People lsc.tasks.MyTask.dstService.pivotAttrs = uid lsc.tasks.MyTask.dstService.filterAll = (uid=*) lsc.tasks.MyTask.dstService.attrs = uid sn cn givenName userPassword lsc.tasks.MyTask.dstService.filterId = (uid={uid}) DN generation lsc.tasks.MyTask.dn = "uid=" + srcBean.getAttributeValueById("uid") + "ou=People" static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 13 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  14. 14. An example: MySQL to OpenLDAP Configuration data transformations (syncoptions) lsc.syncoptions.MyTask.default.action = F lsc.syncoptions.MyTask.cn.force_value = srcBean.getAttributeValueById("sn").toUpperCase() + ", " + srcBean.getAttributeValueById("givenName") lsc.syncoptions.MyTask.userPassword.action = K lsc.syncoptions.MyTask.userPassword.default_value = SecurityUtils.hash(SecurityUtils.MD5, "CHANGEME") static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 14 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  15. 15. Software design Data Transformation Target Source Base de données Abstraction SQL Interface (IBATIS) Objet JDBC Sérialisation (XML) Objet LDAP BEAN Annuaire Traitement LSC Moteur Objet JNDI Objet LDAP static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 15 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  16. 16. Features overview Syncoptions offer unlimited possibilites Hash passwords (SSHA, MD5, etc) Active Directory specificities: UserAccountControl: deactivate accounts, force password changes, etc … LastLogonTimestamp: detect unused accounts UnicodePwd: update passwords in AD-style Filter accents: convert « Hélène » to « Helene » Anything else you can write in Java! static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 16 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  17. 17. Features overview Operation conditions Perform ADDs / UPDATEs / DELETEs conditionally Use-cases: Update-only synchronizations (never create, never delete) Only update the password if it's changed Perform a LDAP bind operation to check Delete an account after 60 days of inactivity static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 17 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  18. 18. Roadmap Version 1.1 – Now! Everything we've talked about Wide-spread use, lots of feedback Version 1.2 – August/September 2009 Dynamic typing (remove LDAP objects generation) Version 1.3 / 1.4 and beyond New configuration mechanism Write to databases Plugins static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 18 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  19. 19. Try it out! Get involved! Main website: http://lsc-project.org/ Tutorials: quickstart demo, detailed tutorials Reference documentation static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 19 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  20. 20. Try it out! Get involved! Getting help (keep in touch!) Mailing lists: http://lists.lsc-project.org/ IRC: #lsc-project on Freenode Development tools: Redmine forge: http://tools.lsc-project.org/ Bugtracker, SVN repository … Continuous build server Lots of tests based on OpenDS static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 20 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  21. 21. Success stories Private: Database to directory Active Directory 8 different instances to OpenLDAP Public: Oracle and MySQL to OpenLDAP CSV files to OpenLDAP 250 000 entries static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 21 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%
  22. 22. Thanks for your attention! Any questions? Jonathan Clarke jonathan@phillipoux.net static void sync_icache_030(addr_t address,size_t len){int l,off;char*p;uint32 cacr;off=(unsigned int)address&(CACHELINE-1); len+=off;l=len;p=(char*)address-off;asm volatile("nop");asm volatile("movec %%cacr,%0":"=r"(cacr):);cacr|=0x00000004;/**/do{asm 12/07/2009 http://lsc-project.org Page 22 volatile("movec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrnaddq.l #4,%0nmovec %0,%%caarnmovec %1,%%cacrn"::"r"(p),"r"(cacr));p+= CACHELINE;} while((l-=CACHELINE)>0);asm volatile("nop");}static void set_pgdir(void*rt) {long_page_directory_entry entry;*(uint64*)&entry=DFL_PAGEENT_VAL;entry.type=DT_ROOT;entry.addr=TA_TO_PREA(((addr_t)rt));asm vola tile("pmove (%0),%%srpnpmove (%0),%

×