On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara <ami...@wso2.com> wrote:
> Hi Azeez,
>
> Please find answers inline.
>
> Thanks
> AmilaJ
>
> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez <az...@wso2.com> wrote:
> Can somebody briefly explain what were the changes that were carried out to
> Carbon core to make this work? Where these ports can be defined
>
> The apacheds server code is wrapped as an OSGi bundle in
> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
> which is responsible for managing LDAP server. It starts, stops LDAP
> server, in addition it also does partition management.
Hi,
> This component
> starts before user core in carbon.
>
Can I please know how have we specified that this component starts before
user-core?
The LDAP server specific configurations reside in a file called
> embedded-ldap.xml in repository/conf (In <EmbeddedLDAP> configuration
> segment). You can change parameters like, ports, connection passwords
> in this file. In addition to LDAP server specific configurations, it
> also has KDC specific configurations.
>
> ,what the following messages mean etc.
>
> Log messages starting with org.apache.directory.server.ldap.LdapServer
> are coming from apacheds implementation.
> LDAP server needs a schema to construct the initial LDAP tree
> structure. The default schema for the LDAP server is located at
> repository/data as a zip file (is-default-schema.zip). Thus when we
> start server for the first time apacheds component will extract this
> zip file and create a schema directory. In addition, when we start
> embedded LDAP for the first time it creates a default partition. The
> default partition name and other properties are read from the
> embedded-ldap.xml configuration file (<DefaultPartition>). The latter
> messages you see in the log are relevant to above actions.
>
> How MT ins handled
>
> I assume MT=Multi-tenancy.
> Hasini: Please explain how MT is handled with embedded-ldap.
>
We have two ways that we can make LDAP user-store multi-tenanted.
1. Creating a new partition (i.e new directory tree) for each tenant. This
is specific to embedded-apacheds because here we use their API.
2. Creating a new context ('ou' by default) under same directory tree, for
each tenant. This is generic because here we use JNDI and hence, not coupled
with any LDAP server implementation.
We can use any of the above methods with embedded-ldap comes in core. But we
can only use the second method above with an external LDAP.
Let me briefly describe implementation details of two methods.
1st Method:
i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the tenant
manager which is initialized when the user-core starts. (at
DefaultRealmService.)
ii. At the start of ldap.server component, we register an implementation
of LDAPTenantManager in OSGi registry, through which managing partitions of
tenants happens.
iii. HybridLDAPTenantManager uses a reference of an above registered
LDAPTenantManager service, to handle tenant mgt with LDAP.
iv. Users and groups of a particular tenant is stored inside its
partition.
v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is stored
in registry/JDBC database which is used to map the tenant to specific
partition.
I have included a class diagram and a screenshot related to this
here<http://hasini-gunasinghe.blogspot.com/2011/01/tenant-management-in-wso2-carbon-with.html>
.
2nd Method:
i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the
tenant manager which is initialized when the user-core starts.
ii. Users and groups of a particular tenant is stored under its context.
iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
stored in registry/JDBC database which is used to map the tenant to specific
context.
Common remarks regarding both the methods:
1. Hybrid approach is used where mapping between tenant and the
user-mgt.xml, and other meta-data is stored in JDBC database.
2. Class names used for tenant manager at each scenario is not that clear.
We may need to rename them.
Thanks,
Hasini.
> etc. Sorry, I wasn't
> > following the entire conversation.
> > [2011-03-05 07:24:03,001] INFO
> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory
> > service on port 10389
> > [2011-03-05 07:24:03,022] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
> > Handler: 1.3.6.1.4.1.1466.20037
> > [2011-03-05 07:24:03,106] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
> > Handler: 1.3.6.1.4.1.18060.0.1.6
> > [2011-03-05 07:24:03,116] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of an
> LDAP
> > Service (10389) is completed.
> > [2011-03-05 07:24:03,116] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Ldap service started.
> > [2011-03-05 07:24:03,116] INFO
> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server started.
> > [2011-03-05 07:24:03,139] INFO
> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
> Partition
> > directory -
> >
> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root
> > already exists.
> > [2011-03-05 07:24:03,140] INFO
> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
> > Partitionroot created from existing partition directory. <--
> Partitionroot
> > or Partition Root
> > [2011-03-05 07:24:03,211] INFO
> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
> > Partitionroot added to directory service.
>
> Do we have to show all these INFO messages?
>
> We can get rid of some of above log messages, if you think that they
> are redundant. We can suppress the INFO messages comming from apacheds
> implementation in log4j properties file. Also we can remove some log
> messages from the code.
>
>
> >
> > --
> > Afkham Azeez
> > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
> >
> > Member; Apache Software Foundation; http://www.apache.org/
> > email: az...@wso2.com cell: +94 77 3320919
> > blog: http://blog.afkham.org
> > twitter: http://twitter.com/afkham_azeez
> > linked-in: http://lk.linkedin.com/in/afkhamazeez
> >
> > Lean . Enterprise . Middleware
> >
> > _______________________________________________
> > Carbon-dev mailing list
> > Carbon-dev@wso2.org
> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
> >
> >
>
_______________________________________________
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
