On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana <prab...@wso2.com>wrote:
> In the case of Stratos - we do not need to have the embedded LDAP - but it > will be a separate LDAP server. We need to test the OU based tenant > isolation we did with LDAP in Stratos.. +1. Also if we are switching to a LDAP based userstore, then we might have to migrate the existing jdbc based user base to the LDAP server. Thanks, Thilina > > Thanks & regards, > -Prabath > > > On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe <has...@wso2.com> wrote: > >> >> >> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez <az...@wso2.com> wrote: >> >>> Have you tested this with Stratos? >> >> Not with a complete Stratos setup. >> How I tested this was: installing multi tenancy feature to IS using >> necessary stratos components built from stratos branch. >> >> Do we need to do any LDAP initialization when the tenant >>> ConfigurationContext is created? >> >> Sorry, at the moment I do not have an idea what is tenant >> ConfiguratioContext. >> >> But, as I understood your question, if you use embedded-ldap server in >> carbon core, you do not have to initialize LDAP since it is started with >> carbon server. >> If you use an external LDAP, then you need to start up a LDAP server and >> point the user-mgt.xml to that. >> >>> >>> >>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe <has...@wso2.com>wrote: >>> >>>> >>>> >>>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara <ami...@wso2.com>wrote: >>>> >>>>> Hi Azeez, >>>>> >>>>> Please find answers inline. >>>>> >>>>> Thanks >>>>> AmilaJ >>>>> >>>>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez <az...@wso2.com> wrote: >>>>> Can somebody briefly explain what were the changes that were carried >>>>> out to >>>>> Carbon core to make this work? Where these ports can be defined >>>>> >>>>> The apacheds server code is wrapped as an OSGi bundle in >>>>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component >>>>> which is responsible for managing LDAP server. It starts, stops LDAP >>>>> server, in addition it also does partition management. >>>> >>>> Hi, >>>> >>>> >>>>> This component >>>>> starts before user core in carbon. >>>>> >>>> >>>> Can I please know how have we specified that this component starts >>>> before user-core? >>>> >>>> The LDAP server specific configurations reside in a file called >>>>> embedded-ldap.xml in repository/conf (In <EmbeddedLDAP> configuration >>>>> segment). You can change parameters like, ports, connection passwords >>>>> in this file. In addition to LDAP server specific configurations, it >>>>> also has KDC specific configurations. >>>>> >>>>> ,what the following messages mean etc. >>>>> >>>>> Log messages starting with org.apache.directory.server.ldap.LdapServer >>>>> are coming from apacheds implementation. >>>>> LDAP server needs a schema to construct the initial LDAP tree >>>>> structure. The default schema for the LDAP server is located at >>>>> repository/data as a zip file (is-default-schema.zip). Thus when we >>>>> start server for the first time apacheds component will extract this >>>>> zip file and create a schema directory. In addition, when we start >>>>> embedded LDAP for the first time it creates a default partition. The >>>>> default partition name and other properties are read from the >>>>> embedded-ldap.xml configuration file (<DefaultPartition>). The latter >>>>> messages you see in the log are relevant to above actions. >>>>> >>>>> How MT ins handled >>>>> >>>>> I assume MT=Multi-tenancy. >>>> >>>> >>>>> Hasini: Please explain how MT is handled with embedded-ldap. >>>>> >>>> >>>> We have two ways that we can make LDAP user-store multi-tenanted. >>>> >>>> 1. Creating a new partition (i.e new directory tree) for each tenant. >>>> This is specific to embedded-apacheds because here we use their API. >>>> 2. Creating a new context ('ou' by default) under same directory tree, >>>> for each tenant. This is generic because here we use JNDI and hence, not >>>> coupled with any LDAP server implementation. >>>> >>>> We can use any of the above methods with embedded-ldap comes in core. >>>> But we can only use the second method above with an external LDAP. >>>> >>>> Let me briefly describe implementation details of two methods. >>>> >>>> 1st Method: >>>> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the >>>> tenant manager which is initialized when the user-core starts. (at >>>> DefaultRealmService.) >>>> ii. At the start of ldap.server component, we register an >>>> implementation of LDAPTenantManager in OSGi registry, through which >>>> managing >>>> partitions of tenants happens. >>>> iii. HybridLDAPTenantManager uses a reference of an above registered >>>> LDAPTenantManager service, to handle tenant mgt with LDAP. >>>> iv. Users and groups of a particular tenant is stored inside its >>>> partition. >>>> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is >>>> stored in registry/JDBC database which is used to map the tenant to >>>> specific >>>> partition. >>>> >>>> I have included a class diagram and a screenshot related to this >>>> here<http://hasini-gunasinghe.blogspot.com/2011/01/tenant-management-in-wso2-carbon-with.html> >>>> . >>>> >>>> 2nd Method: >>>> i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as >>>> the tenant manager which is initialized when the user-core starts. >>>> ii. Users and groups of a particular tenant is stored under its >>>> context. >>>> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is >>>> stored in registry/JDBC database which is used to map the tenant to >>>> specific >>>> context. >>>> >>>> Common remarks regarding both the methods: >>>> 1. Hybrid approach is used where mapping between tenant and the >>>> user-mgt.xml, and other meta-data is stored in JDBC database. >>>> 2. Class names used for tenant manager at each scenario is not that >>>> clear. We may need to rename them. >>>> >>>> Thanks, >>>> Hasini. >>>> >>>> >>>> >>>> >>>> >>>>> etc. Sorry, I wasn't >>>>> > following the entire conversation. >>>>> > [2011-03-05 07:24:03,001] INFO >>>>> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting >>>>> directory >>>>> > service on port 10389 >>>>> > [2011-03-05 07:24:03,022] INFO >>>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended >>>>> Request >>>>> > Handler: 1.3.6.1.4.1.1466.20037 >>>>> > [2011-03-05 07:24:03,106] INFO >>>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended >>>>> Request >>>>> > Handler: 1.3.6.1.4.1.18060.0.1.6 >>>>> > [2011-03-05 07:24:03,116] INFO >>>>> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of >>>>> an LDAP >>>>> > Service (10389) is completed. >>>>> > [2011-03-05 07:24:03,116] INFO >>>>> > {org.apache.directory.server.ldap.LdapServer} - Ldap service >>>>> started. >>>>> > [2011-03-05 07:24:03,116] INFO >>>>> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server >>>>> started. >>>>> > [2011-03-05 07:24:03,139] INFO >>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>>> Partition >>>>> > directory - >>>>> > >>>>> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root >>>>> > already exists. >>>>> > [2011-03-05 07:24:03,140] INFO >>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>>> > Partitionroot created from existing partition directory. <-- >>>>> Partitionroot >>>>> > or Partition Root >>>>> > [2011-03-05 07:24:03,211] INFO >>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>>> > Partitionroot added to directory service. >>>>> >>>>> Do we have to show all these INFO messages? >>>>> >>>>> We can get rid of some of above log messages, if you think that they >>>>> are redundant. We can suppress the INFO messages comming from apacheds >>>>> implementation in log4j properties file. Also we can remove some log >>>>> messages from the code. >>>>> >>>>> >>>>> > >>>>> > -- >>>>> > Afkham Azeez >>>>> > Senior Software Architect & Senior Manager; WSO2, Inc.; >>>>> http://wso2.com, >>>>> > >>>>> > Member; Apache Software Foundation; http://www.apache.org/ >>>>> > email: az...@wso2.com cell: +94 77 3320919 >>>>> > blog: http://blog.afkham.org >>>>> > twitter: http://twitter.com/afkham_azeez >>>>> > linked-in: http://lk.linkedin.com/in/afkhamazeez >>>>> > >>>>> > Lean . Enterprise . Middleware >>>>> > >>>>> > _______________________________________________ >>>>> > Carbon-dev mailing list >>>>> > Carbon-dev@wso2.org >>>>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>> > >>>>> > >>>>> >>>> >>>> >>> >>> >>> -- >>> *Afkham Azeez* >>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>> , >>> * >>> * >>> *Member; Apache Software Foundation; >>> **http://www.apache.org/*<http://www.apache.org/> >>> * >>> email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 >>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>> * >>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>> * >>> * >>> *Lean . Enterprise . Middleware* >>> >>> >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > > -- > Thanks & Regards, > Prabath > > http://blog.facilelogin.com > http://RampartFAQ.com > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev