Is Hasini working on this? Can we start testing this immediately?
On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana <prab...@wso2.com>wrote:
> In the case of Stratos - we do not need to have the embedded LDAP - but it
> will be a separate LDAP server. We need to test the OU based tenant
> isolation we did with LDAP in Stratos..
>
> Thanks & regards,
> -Prabath
>
>
> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe <has...@wso2.com> wrote:
>
>>
>>
>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez <az...@wso2.com> wrote:
>>
>>> Have you tested this with Stratos?
>>
>> Not with a complete Stratos setup.
>> How I tested this was: installing multi tenancy feature to IS using
>> necessary stratos components built from stratos branch.
>>
>> Do we need to do any LDAP initialization when the tenant
>>> ConfigurationContext is created?
>>
>> Sorry, at the moment I do not have an idea what is tenant
>> ConfiguratioContext.
>>
>> But, as I understood your question, if you use embedded-ldap server in
>> carbon core, you do not have to initialize LDAP since it is started with
>> carbon server.
>> If you use an external LDAP, then you need to start up a LDAP server and
>> point the user-mgt.xml to that.
>>
>>>
>>>
>>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe <has...@wso2.com>wrote:
>>>
>>>>
>>>>
>>>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara <ami...@wso2.com>wrote:
>>>>
>>>>> Hi Azeez,
>>>>>
>>>>> Please find answers inline.
>>>>>
>>>>> Thanks
>>>>> AmilaJ
>>>>>
>>>>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez <az...@wso2.com> wrote:
>>>>> Can somebody briefly explain what were the changes that were carried
>>>>> out to
>>>>> Carbon core to make this work? Where these ports can be defined
>>>>>
>>>>> The apacheds server code is wrapped as an OSGi bundle in
>>>>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
>>>>> which is responsible for managing LDAP server. It starts, stops LDAP
>>>>> server, in addition it also does partition management.
>>>>
>>>> Hi,
>>>>
>>>>
>>>>> This component
>>>>> starts before user core in carbon.
>>>>>
>>>>
>>>> Can I please know how have we specified that this component starts
>>>> before user-core?
>>>>
>>>> The LDAP server specific configurations reside in a file called
>>>>> embedded-ldap.xml in repository/conf (In <EmbeddedLDAP> configuration
>>>>> segment). You can change parameters like, ports, connection passwords
>>>>> in this file. In addition to LDAP server specific configurations, it
>>>>> also has KDC specific configurations.
>>>>>
>>>>> ,what the following messages mean etc.
>>>>>
>>>>> Log messages starting with org.apache.directory.server.ldap.LdapServer
>>>>> are coming from apacheds implementation.
>>>>> LDAP server needs a schema to construct the initial LDAP tree
>>>>> structure. The default schema for the LDAP server is located at
>>>>> repository/data as a zip file (is-default-schema.zip). Thus when we
>>>>> start server for the first time apacheds component will extract this
>>>>> zip file and create a schema directory. In addition, when we start
>>>>> embedded LDAP for the first time it creates a default partition. The
>>>>> default partition name and other properties are read from the
>>>>> embedded-ldap.xml configuration file (<DefaultPartition>). The latter
>>>>> messages you see in the log are relevant to above actions.
>>>>>
>>>>> How MT ins handled
>>>>>
>>>>> I assume MT=Multi-tenancy.
>>>>
>>>>
>>>>> Hasini: Please explain how MT is handled with embedded-ldap.
>>>>>
>>>>
>>>> We have two ways that we can make LDAP user-store multi-tenanted.
>>>>
>>>> 1. Creating a new partition (i.e new directory tree) for each tenant.
>>>> This is specific to embedded-apacheds because here we use their API.
>>>> 2. Creating a new context ('ou' by default) under same directory tree,
>>>> for each tenant. This is generic because here we use JNDI and hence, not
>>>> coupled with any LDAP server implementation.
>>>>
>>>> We can use any of the above methods with embedded-ldap comes in core.
>>>> But we can only use the second method above with an external LDAP.
>>>>
>>>> Let me briefly describe implementation details of two methods.
>>>>
>>>> 1st Method:
>>>> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
>>>> tenant manager which is initialized when the user-core starts. (at
>>>> DefaultRealmService.)
>>>> ii. At the start of ldap.server component, we register an
>>>> implementation of LDAPTenantManager in OSGi registry, through which
>>>> managing
>>>> partitions of tenants happens.
>>>> iii. HybridLDAPTenantManager uses a reference of an above registered
>>>> LDAPTenantManager service, to handle tenant mgt with LDAP.
>>>> iv. Users and groups of a particular tenant is stored inside its
>>>> partition.
>>>> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
>>>> stored in registry/JDBC database which is used to map the tenant to
>>>> specific
>>>> partition.
>>>>
>>>> I have included a class diagram and a screenshot related to this
>>>> here<http://hasini-gunasinghe.blogspot.com/2011/01/tenant-management-in-wso2-carbon-with.html>
>>>> .
>>>>
>>>> 2nd Method:
>>>> i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as
>>>> the tenant manager which is initialized when the user-core starts.
>>>> ii. Users and groups of a particular tenant is stored under its
>>>> context.
>>>> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
>>>> stored in registry/JDBC database which is used to map the tenant to
>>>> specific
>>>> context.
>>>>
>>>> Common remarks regarding both the methods:
>>>> 1. Hybrid approach is used where mapping between tenant and the
>>>> user-mgt.xml, and other meta-data is stored in JDBC database.
>>>> 2. Class names used for tenant manager at each scenario is not that
>>>> clear. We may need to rename them.
>>>>
>>>> Thanks,
>>>> Hasini.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> etc. Sorry, I wasn't
>>>>> > following the entire conversation.
>>>>> > [2011-03-05 07:24:03,001] INFO
>>>>> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting
>>>>> directory
>>>>> > service on port 10389
>>>>> > [2011-03-05 07:24:03,022] INFO
>>>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended
>>>>> Request
>>>>> > Handler: 1.3.6.1.4.1.1466.20037
>>>>> > [2011-03-05 07:24:03,106] INFO
>>>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended
>>>>> Request
>>>>> > Handler: 1.3.6.1.4.1.18060.0.1.6
>>>>> > [2011-03-05 07:24:03,116] INFO
>>>>> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of
>>>>> an LDAP
>>>>> > Service (10389) is completed.
>>>>> > [2011-03-05 07:24:03,116] INFO
>>>>> > {org.apache.directory.server.ldap.LdapServer} - Ldap service
>>>>> started.
>>>>> > [2011-03-05 07:24:03,116] INFO
>>>>> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server
>>>>> started.
>>>>> > [2011-03-05 07:24:03,139] INFO
>>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
>>>>> Partition
>>>>> > directory -
>>>>> >
>>>>> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root
>>>>> > already exists.
>>>>> > [2011-03-05 07:24:03,140] INFO
>>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
>>>>> > Partitionroot created from existing partition directory. <--
>>>>> Partitionroot
>>>>> > or Partition Root
>>>>> > [2011-03-05 07:24:03,211] INFO
>>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
>>>>> > Partitionroot added to directory service.
>>>>>
>>>>> Do we have to show all these INFO messages?
>>>>>
>>>>> We can get rid of some of above log messages, if you think that they
>>>>> are redundant. We can suppress the INFO messages comming from apacheds
>>>>> implementation in log4j properties file. Also we can remove some log
>>>>> messages from the code.
>>>>>
>>>>>
>>>>> >
>>>>> > --
>>>>> > Afkham Azeez
>>>>> > Senior Software Architect & Senior Manager; WSO2, Inc.;
>>>>> http://wso2.com,
>>>>> >
>>>>> > Member; Apache Software Foundation; http://www.apache.org/
>>>>> > email: az...@wso2.com cell: +94 77 3320919
>>>>> > blog: http://blog.afkham.org
>>>>> > twitter: http://twitter.com/afkham_azeez
>>>>> > linked-in: http://lk.linkedin.com/in/afkhamazeez
>>>>> >
>>>>> > Lean . Enterprise . Middleware
>>>>> >
>>>>> > _______________________________________________
>>>>> > Carbon-dev mailing list
>>>>> > Carbon-dev@wso2.org
>>>>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>>>> >
>>>>> >
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> *Afkham Azeez*
>>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com
>>> ,
>>> *
>>> *
>>> *Member; Apache Software Foundation;
>>> **http://www.apache.org/*<http://www.apache.org/>
>>> *
>>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919
>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>*
>>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
>>> *
>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez*
>>> *
>>> *
>>> *Lean . Enterprise . Middleware*
>>>
>>>
>>
>> _______________________________________________
>> Carbon-dev mailing list
>> Carbon-dev@wso2.org
>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>>
>>
>
>
> --
> Thanks & Regards,
> Prabath
>
> http://blog.facilelogin.com
> http://RampartFAQ.com
>
--
*Afkham Azeez*
Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
*
*
*Member; Apache Software Foundation;
**http://www.apache.org/*<http://www.apache.org/>
*
email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919
blog: **http://blog.afkham.org* <http://blog.afkham.org>*
twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
*
linked-in: **http://lk.linkedin.com/in/afkhamazeez*
*
*
*Lean . Enterprise . Middleware*
_______________________________________________
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
