[midPoint] Connector Frameworks (was: Re: Re. Upgrading the AD connector server & connector)

Thu Oct 31 16:37:30 CET 2013

Hi Deepak,

On 10/30/2013 11:20 AM, Deepak Natarajan wrote:
> I'm experimenting with updating the .NET connector server and the 
> connector itself (for midpoint 2.2). I don't know if I should be doing 
> this, but what the heck :)
>
> I obtained the "latest" .NET connector server from Oracle and 
> installed it on Windows Server 2008 R2. And also the latest active 
> directory connector.

Well, this is tricky. The connector framework (ICF) used by the Oracle 
is no longer maintained as open source project (as far as I know). 
Therefore we are not sure what changes have been made there. However we 
are sure that there are some changes in the ICF framework that we use. 
This is currently OpenICF version of the framework. Comaptibility with 
original connectors and non-opensource versions was not a goal of our 
development. Some of the changes in the framework migh have broken the 
compatiblity with Oracle connectors. Therefore I doubt that the 
connectors are still fully compatible. For the sake of completess: There 
is a ConnId project that is also fork of Sun ICF framework. But it has 
an independent development and it is also currently not fully compatible.

This means that there are (at least) four versions of the framework that 
are partially or completely incompatible:
1: Original Sun ICF (seems to be no longer maintained)
2: Oracle closed-source version (most likely)
3: OpenICF (used by Forgerock and Evolveum)
4: ConnId (used by Syncope)

This situation far from being ideal (read: completely insane). Therefore 
we have agreed with OpenICF and ConnId projects to end this madness. 
There are currently plans and also real activities to merge OpenICF and 
ConnId frameworks into common code to make connectors compatible again. 
This ideal was well received and currently it goes quite well for 
midPoint, OpenICF and ConnId projects. However I would like to express 
my personal doubts that Oracle will join this effort in any foreseeable 
future :-)

If you really want then you may try to use non-OpenICF versions of the 
connectors. However I would personally not expect any great results. I 
have no means to know what was really done in closed source projects. 
But I know that we have fixed many problems in AD connector alone (using 
OpenICF code base). And I somehow doubt that these problems were fixed 
in other versions as well. But you are free to experiment of course.

However, the situation with the ICF framework is quite serious. There 
are severe design flaws in the original Sun ICF design (see 
https://wiki.evolveum.com/display/midPoint/ICF+Issues). The current ICF 
may work OK for simple IDM systems. But it actually took a lot of 
ingenuity to make it work smoothly with advanced IDM system such as 
midPoint. We are pushing the capabilities of current ICF to the very 
limits. It is inevitable that the framework must evolve. And this is 
exactly what we are currently discussing on ConnId mailing list: (ConnId 
mailing list and git repository was somehow semi-officially chosen as a 
common gound for the open source ICF evolution)
https://groups.google.com/d/forum/connid-dev
The discussion is still in the early phases. But even now it is quite 
clear that non-comaptible changes will be required in the framework to 
fix the design flaws of original Sun ICF. Therefore it can be expected 
that even if there is currently some compatibility between the open 
source and the closed source version of ICF such comaptibility will soon 
be lost.

-- 

                                            Radovan Semancik
                                           Software Architect
                                              evolveum.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20131031/60cbb4c8/attachment.htm>