The purpose of this report is to explain and describe the experimentation that I did in our San Jose State University’s laboratory DCE cell. The objective of this experiment was to evaluate and learn to use Dovetail and Segue products from Triangulum Software Company.

Dovetail software package seamlessly replaces the native DCE Cell Directory Service (CDS) with an LDAP v2/v3 compliant directory server. Basically Dovetail replaces the CDS Clerk daemons and the CDS advertiser - hence it must be installed on all DCE client systems in a DCE cell. A commercially available LDAP server (like Netscape Directory Server 4.1) replaces the CDS server daemon. Dovetail has been qualified and tested with the University of Michigan LDAP server installation but it is not been proven to work flawlessly and efficiently with this LDAP implementation. Dovetail provides the option of replacing CDS entirely or on a subset of the DCE cell system. Dovetail requires that a DCE environment (DCE 1.1.x) and a Directory server to be already installed and configured in the cell where Dovetail is about to be installed and configured.

The installation and configuration do not require any modifications to existing environments and are claimed to be transparent and indifferent to the clients after completion of Dovetail configuration. This gives DCE users the ability to migrate towards the newer LDAP directory server standard. Even though the newest release of DCE 1.1.2 includes a LDAP compliant directory server, it is not very clear how this LDAP server replaces CDS and what happens to the existing namespaces. Also, updating or upgrading to a newer version of DCE might be time consuming and cumbersome. Upgrading to the newer version would require significant amount of testing and monitoring before the new DCE environment is brought online.

During configuration, Dovetail provides for the opportunity to migrate the existing CDS namespaces to the LDAP directory server LDIF format. The Segue product can be used to automatically convert the namespace. Dovetail is shipped with an administration tool called "ascii_segue". This tool allows the migration of the CDS namespaces to LDAP Data Interchange Format(LDIF). The resulting LDIF data can then be added to an LDAP directory server via "ldapmodify" administration tool shipped with most LDAP directory servers. Please note that Segue is a companion product to Dovetail, which allows users to migrate to LDIF via a GUI interface. This avoids tedious recreation of critical data. I think this would be specifically useful for EOSDIS system as this way we can gradually migrate to LDAP server from CDS.

The Dovetail product is made up of a single daemon process: "dovetaild". The dovetaild process runs on all systems configured in the DCE cell. This daemon performs a subset of the functionality of the CDS advertiser and clerk daemons. Dovetail is configured in a DCE cell in such a manner that allows the dovetaild daemon to impersonate the CDS advertiser daemon. When Dovetail SE is configured on a DCE system, the native CDS advertiser and clerk daemons will no longer be run. An LDAP-compliant directory server takes the place of the CDS server daemon. During configuration, the dovetaild process is setup to communicate with this LDAP directory server. The LDAP directory server needs to be configured prior to Dovetail configuration. The CDS server daemon can still run in an environment where Dovetail is configured, but it would not receive any requests and would simply be taking up system resources. Therefore, it is best to not have the CDS server process running in the DCE environment. If Dovetail is configured on a system that is also configured as a CDS server, the configuration tool will suppress the CDS server daemon from starting.

Once Dovetail SE (Standard Edition) has been configured, all CDS activity in the DCE cell goes through the dovetaild process. This process handles accepting CDS requests in their native format. The requests are converted into an LDAP request and sent to the configured LDAP directory server. Any return information is converted from LDAP format back to native CDS format and passed to the original calling process. In this manner, a seamless replacement of CDS with LDAP is possible.

For Dovetail, in the specific environment at EOSDIS, the operating system is required to be Solaris 2.5.1 and 39MB and 16MB are the disk space and memory requirements.

This experiment included installing, setting up and configuring the DCE cell in our lab. I created a sample CDS namespace for this experiment. I also created user accounts and groups perfected and set the correct ACL settings for each the users and groups. As a part of the experiment, I developed a few DCE applications to verify proper functionality of our DCE cell environment. The sample applications were small, concise and simple. The idea was not to use complicated heavy weight applications which kept debugging simpler. This worked well, because the sample applications were all that I needed to verify a proper functional DCE cell. The sample applications were the following:

1. An arithmetic (math) application, which consisted of an arithmetic service provider (server) which returned results of a few arithmetic operations to the client.
2. A simple inventory application – in this application the server returned query results and order status information to the client.

Please note that, both application servers use CDS as a name service provider or a registry service to bind to. The clients queried CDS to find specific services. I verified that the applications were running properly and results were returned. My goal was to use the same set of applications for testing CDS replacement.

The next step was to install, configure and administer LDAP directory server (I picked Netscape Directory Server 4.1). I verified proper configuration of LDAP server, by using some of the LDAP command line client utilities (e.g. ldapsearch, ldapmodify, ldapadd and ldapdelete). Next, I installed and configured Dovetail and Segue. During dovetail configuration, I used Segue to migrate all the existing CDS namespace to LDIF (LDAP) format so that the LDAP directory server has access to these data. This also included migration of ACL lists and policies that existed in CDS.

After completing dovetail configuration, it was time to re-test the DCE environment using the previous applications. After running the applications, I noticed no difference or issues in the cell behavior or application results and functionality. This implied that "dovetaild" successfully and flawlessly replaced CDS advertiser and clerk daemons and the LDAP server took the place of the CDS server (cdsd).

The biggest drawback, in using Dovetail and LDAP to replace CDS, is the requirement of installing and configuring Dovetail on each DCE client of the cell. This is a very time consuming and cumbersome process and requires deep understanding of CDS and LDAP internals. It does not seem like a feasible approach on a DCE cell with a large number of clients. Also, this process becomes really unmanageable if the clients are geographically located very far from each other. Besides, there is a management and administration aspect of LDAP servers, which is not straightforward, especially when multiple replica LDAP servers are running on many different hosts on a DCE cell.

By the time of the writing of this report, the pricing information of Dovetail and Segue and a production customer list were not readily available from Triangulum Software.

Recently, to my current knowledge, Triangulum Software has discontinued their DCE client oriented Dovetail product line mostly due to lack of interest in their customer base. The good news is that, they are already working on a Server based solution of CDS replacement using LDAP and their new product line to be announced around Q2 of the year 2000. This might be a great news for CDS replacement advocates, as this certainly makes the replacement process simpler and easier to manage and hence this server based solution approach would be very attractive and effective. There might not be any need for Dovetail equivalent product as DCE 1.2 supports LDAP as the native directory service of choice.

1. Sample LDAP command line tools (set of commands) used for configuration verification of the Netscape LDAP Server and their sample outputs.
2. Dovetail configuration sequence and migration (segueing) CDS namespaces to LDIF.

1. Programming Directory-Enabled Applications with Lightweight Directory Access Protocol by Tim Howes, Mark C. Smith, Macmillan Technical Publishing.
2. Understanding and Deploying LDAP Directory Services by Tim Howes, Mark C. Smith and Gordon Good, Macmillan Technical Publishing.
3. DCE CDS and LDAP Integration via Directory/Dovetail for LDAP and Directory/Segue for LDAP – White paper by Triangulum Software, http://www.triangulum.com/wpaper.html
4. Understanding LDAP – IBM Redbooks, http://www.redbooks.ibm.com
5. Understanding DCE by Rosenbary, Kenney and Fisher, O’Reilly & Associates, Inc.
6. Guide to Writing DCE Applications by Shirley, Hu and Magid, O’Reilly & Associates, Inc