Re: [Carbon-dev] LDAP integration to Carbon core
On Tue, Mar 15, 2011 at 6:49 AM, Prabath Siriwardana wrote: > > > On Tue, Mar 15, 2011 at 6:40 AM, Sanjiva Weerawarana wrote: > >> So in effect you're moving the SPOF from IS to the new LDAP instance :). > > > Yes... but if its ApacheDS we have limitations in FO/LB setups - which our > embedded LDAP based on. So, in this case we can use OpenLDAP - with HA > setup.. [sent a link on that to stratos-dev] > Is the only reason to go with OpenLDAP to use HA? If so we can do the same thing described in that article with Carbon+ApacheDS; that was basic Linux HA and it works for anything. I think its the wrong message to say that ApacheDS is only good for embedded cases .. it we can't trust it for our needs why are we telling others to use it?? Sanjiva. -- Sanjiva Weerawarana, Ph.D. Founder, Chairman & CEO; WSO2, Inc.; http://wso2.com/ email: sanj...@wso2.com; phone: +94 11 763 9614; cell: +94 77 787 6880 | +1 650 265 8311 blog: http://sanjiva.weerawarana.org/ Lean . Enterprise . Middleware ___ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
Re: [Carbon-dev] LDAP integration to Carbon core
On Tue, Mar 15, 2011 at 6:40 AM, Sanjiva Weerawarana wrote: > So in effect you're moving the SPOF from IS to the new LDAP instance :). Yes... but if its ApacheDS we have limitations in FO/LB setups - which our embedded LDAP based on. So, in this case we can use OpenLDAP - with HA setup.. [sent a link on that to stratos-dev] > > OK that's fine (fewer pieces in that to fail so its better) but you didn't > answer my second question .. is the standalone LDAP a Carbon server with > just the LDAP component in it? > Sorry - I missed it. The standalone LDAP server is not a Carbon server - it would be an OpenLDAP instance.. Thanks & regards, -Prabath > > Sanjiva. > > > On Sun, Mar 13, 2011 at 8:59 AM, Prabath Siriwardana wrote: > >> >> >> On Sun, Mar 13, 2011 at 8:09 AM, Sanjiva Weerawarana wrote: >> >>> Prabath why do we not want to use embedded LDAP for Stratos? >> >> >> Say, we have embedded LDAP - and assume it's running with IS >> [identity.cloud] [that is in the same JVM] - then we need all the other >> servers, connecting to this LDAP >> >> Say we have two AppServer nodes, two ESB nodes - all need to connect to >> the same LDAP - running under IS. >> >> We also need two IS instances at least [considering FO/LB].. >> >> Which LDAP should this second IS connect to..? It also has to connect to >> the Embedded LDAP of the 1st IS node. >> >> Then - we are creating a single point of failure at IS - node-1. >> >> IS Node -1 is down --> Embedded LDAP is down --> 2nd IS Node cannot >> function -although it's up. >> >> If we use a separate LDAP server - then we remove the single point of >> failure from IS and move it to the standalone LDAP server. >> >> To get rid of that, we can use LDAP clustering.. >> >> Please let me know if I am not clear... >> >> Thanks & regards, >> -Prabath >> >> >> >>> >>> If its a separate LDAP is it still a Carbon server running just the LDAP >>> component? If not why not? >>> >>> Sanjiva. >>> >>> On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana >>> wrote: >>> In the case of Stratos - we do not need to have the embedded LDAP - but it will be a separate LDAP server. We need to test the OU based tenant isolation we did with LDAP in Stratos.. Thanks & regards, -Prabath On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote: > > > On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote: > >> Have you tested this with Stratos? > > Not with a complete Stratos setup. > How I tested this was: installing multi tenancy feature to IS using > necessary stratos components built from stratos branch. > > Do we need to do any LDAP initialization when the tenant >> ConfigurationContext is created? > > Sorry, at the moment I do not have an idea what is tenant > ConfiguratioContext. > > But, as I understood your question, if you use embedded-ldap server in > carbon core, you do not have to initialize LDAP since it is started with > carbon server. > If you use an external LDAP, then you need to start up a LDAP server > and point the user-mgt.xml to that. > >> >> >> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe >> wrote: >> >>> >>> >>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara >>> wrote: >>> Hi Azeez, Please find answers inline. Thanks AmilaJ On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote: Can somebody briefly explain what were the changes that were carried out to Carbon core to make this work? Where these ports can be defined The apacheds server code is wrapped as an OSGi bundle in orbit/apacheds component. org.wso2.carbon.ldap.server is the component which is responsible for managing LDAP server. It starts, stops LDAP server, in addition it also does partition management. >>> >>> Hi, >>> >>> This component starts before user core in carbon. >>> >>> Can I please know how have we specified that this component starts >>> before user-core? >>> >>> The LDAP server specific configurations reside in a file called embedded-ldap.xml in repository/conf (In configuration segment). You can change parameters like, ports, connection passwords in this file. In addition to LDAP server specific configurations, it also has KDC specific configurations. ,what the following messages mean etc. Log messages starting with org.apache.directory.server.ldap.LdapServer are coming from apacheds implementation. LDAP server needs a schema to construct the initial LDAP tree structure. The default schema for the LDAP server is located at repository/data as a zip file (is-default-sch
Re: [Carbon-dev] LDAP integration to Carbon core
So in effect you're moving the SPOF from IS to the new LDAP instance :). OK that's fine (fewer pieces in that to fail so its better) but you didn't answer my second question .. is the standalone LDAP a Carbon server with just the LDAP component in it? Sanjiva. On Sun, Mar 13, 2011 at 8:59 AM, Prabath Siriwardana wrote: > > > On Sun, Mar 13, 2011 at 8:09 AM, Sanjiva Weerawarana wrote: > >> Prabath why do we not want to use embedded LDAP for Stratos? > > > Say, we have embedded LDAP - and assume it's running with IS > [identity.cloud] [that is in the same JVM] - then we need all the other > servers, connecting to this LDAP > > Say we have two AppServer nodes, two ESB nodes - all need to connect to the > same LDAP - running under IS. > > We also need two IS instances at least [considering FO/LB].. > > Which LDAP should this second IS connect to..? It also has to connect to > the Embedded LDAP of the 1st IS node. > > Then - we are creating a single point of failure at IS - node-1. > > IS Node -1 is down --> Embedded LDAP is down --> 2nd IS Node cannot > function -although it's up. > > If we use a separate LDAP server - then we remove the single point of > failure from IS and move it to the standalone LDAP server. > > To get rid of that, we can use LDAP clustering.. > > Please let me know if I am not clear... > > Thanks & regards, > -Prabath > > > >> >> If its a separate LDAP is it still a Carbon server running just the LDAP >> component? If not why not? >> >> Sanjiva. >> >> On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana wrote: >> >>> In the case of Stratos - we do not need to have the embedded LDAP - but >>> it will be a separate LDAP server. We need to test the OU based tenant >>> isolation we did with LDAP in Stratos.. >>> >>> Thanks & regards, >>> -Prabath >>> >>> >>> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote: >>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote: > Have you tested this with Stratos? Not with a complete Stratos setup. How I tested this was: installing multi tenancy feature to IS using necessary stratos components built from stratos branch. Do we need to do any LDAP initialization when the tenant > ConfigurationContext is created? Sorry, at the moment I do not have an idea what is tenant ConfiguratioContext. But, as I understood your question, if you use embedded-ldap server in carbon core, you do not have to initialize LDAP since it is started with carbon server. If you use an external LDAP, then you need to start up a LDAP server and point the user-mgt.xml to that. > > > On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote: > >> >> >> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote: >> >>> Hi Azeez, >>> >>> Please find answers inline. >>> >>> Thanks >>> AmilaJ >>> >>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote: >>> Can somebody briefly explain what were the changes that were carried >>> out to >>> Carbon core to make this work? Where these ports can be defined >>> >>> The apacheds server code is wrapped as an OSGi bundle in >>> orbit/apacheds component. org.wso2.carbon.ldap.server is the >>> component >>> which is responsible for managing LDAP server. It starts, stops LDAP >>> server, in addition it also does partition management. >> >> Hi, >> >> >>> This component >>> starts before user core in carbon. >>> >> >> Can I please know how have we specified that this component starts >> before user-core? >> >> The LDAP server specific configurations reside in a file called >>> embedded-ldap.xml in repository/conf (In configuration >>> segment). You can change parameters like, ports, connection passwords >>> in this file. In addition to LDAP server specific configurations, it >>> also has KDC specific configurations. >>> >>> ,what the following messages mean etc. >>> >>> Log messages starting with >>> org.apache.directory.server.ldap.LdapServer >>> are coming from apacheds implementation. >>> LDAP server needs a schema to construct the initial LDAP tree >>> structure. The default schema for the LDAP server is located at >>> repository/data as a zip file (is-default-schema.zip). Thus when we >>> start server for the first time apacheds component will extract this >>> zip file and create a schema directory. In addition, when we start >>> embedded LDAP for the first time it creates a default partition. The >>> default partition name and other properties are read from the >>> embedded-ldap.xml configuration file (). The latter >>> messages you see in the log are relevant to above actions. >>> >>> How MT ins handled >>> >>> I assume MT=Multi-tenancy. >> >> >>> Hasini: Please explain how MT is handle
Re: [Carbon-dev] LDAP integration to Carbon core
On Sun, Mar 13, 2011 at 8:09 AM, Sanjiva Weerawarana wrote:
> Prabath why do we not want to use embedded LDAP for Stratos?
Say, we have embedded LDAP - and assume it's running with IS
[identity.cloud] [that is in the same JVM] - then we need all the other
servers, connecting to this LDAP
Say we have two AppServer nodes, two ESB nodes - all need to connect to the
same LDAP - running under IS.
We also need two IS instances at least [considering FO/LB]..
Which LDAP should this second IS connect to..? It also has to connect to the
Embedded LDAP of the 1st IS node.
Then - we are creating a single point of failure at IS - node-1.
IS Node -1 is down --> Embedded LDAP is down --> 2nd IS Node cannot function
-although it's up.
If we use a separate LDAP server - then we remove the single point of
failure from IS and move it to the standalone LDAP server.
To get rid of that, we can use LDAP clustering..
Please let me know if I am not clear...
Thanks & regards,
-Prabath
>
> If its a separate LDAP is it still a Carbon server running just the LDAP
> component? If not why not?
>
> Sanjiva.
>
> On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana wrote:
>
>> In the case of Stratos - we do not need to have the embedded LDAP - but it
>> will be a separate LDAP server. We need to test the OU based tenant
>> isolation we did with LDAP in Stratos..
>>
>> Thanks & regards,
>> -Prabath
>>
>>
>> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote:
>>
>>>
>>>
>>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
>>>
Have you tested this with Stratos?
>>>
>>> Not with a complete Stratos setup.
>>> How I tested this was: installing multi tenancy feature to IS using
>>> necessary stratos components built from stratos branch.
>>>
>>> Do we need to do any LDAP initialization when the tenant
ConfigurationContext is created?
>>>
>>> Sorry, at the moment I do not have an idea what is tenant
>>> ConfiguratioContext.
>>>
>>> But, as I understood your question, if you use embedded-ldap server in
>>> carbon core, you do not have to initialize LDAP since it is started with
>>> carbon server.
>>> If you use an external LDAP, then you need to start up a LDAP server and
>>> point the user-mgt.xml to that.
>>>
On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>
>
> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
>
>> Hi Azeez,
>>
>> Please find answers inline.
>>
>> Thanks
>> AmilaJ
>>
>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
>> Can somebody briefly explain what were the changes that were carried
>> out to
>> Carbon core to make this work? Where these ports can be defined
>>
>> The apacheds server code is wrapped as an OSGi bundle in
>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
>> which is responsible for managing LDAP server. It starts, stops LDAP
>> server, in addition it also does partition management.
>
> Hi,
>
>
>> This component
>> starts before user core in carbon.
>>
>
> Can I please know how have we specified that this component starts
> before user-core?
>
> The LDAP server specific configurations reside in a file called
>> embedded-ldap.xml in repository/conf (In configuration
>> segment). You can change parameters like, ports, connection passwords
>> in this file. In addition to LDAP server specific configurations, it
>> also has KDC specific configurations.
>>
>> ,what the following messages mean etc.
>>
>> Log messages starting with org.apache.directory.server.ldap.LdapServer
>> are coming from apacheds implementation.
>> LDAP server needs a schema to construct the initial LDAP tree
>> structure. The default schema for the LDAP server is located at
>> repository/data as a zip file (is-default-schema.zip). Thus when we
>> start server for the first time apacheds component will extract this
>> zip file and create a schema directory. In addition, when we start
>> embedded LDAP for the first time it creates a default partition. The
>> default partition name and other properties are read from the
>> embedded-ldap.xml configuration file (). The latter
>> messages you see in the log are relevant to above actions.
>>
>> How MT ins handled
>>
>> I assume MT=Multi-tenancy.
>
>
>> Hasini: Please explain how MT is handled with embedded-ldap.
>>
>
> We have two ways that we can make LDAP user-store multi-tenanted.
>
> 1. Creating a new partition (i.e new directory tree) for each tenant.
> This is specific to embedded-apacheds because here we use their API.
> 2. Creating a new context ('ou' by default) under same directory tree,
> for each tenant. This is generic because here we use JNDI and hence, not
> coupled with any LDAP server implementation.
>
> We can use any
Re: [Carbon-dev] LDAP integration to Carbon core
Prabath why do we not want to use embedded LDAP for Stratos?
If its a separate LDAP is it still a Carbon server running just the LDAP
component? If not why not?
Sanjiva.
On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana wrote:
> In the case of Stratos - we do not need to have the embedded LDAP - but it
> will be a separate LDAP server. We need to test the OU based tenant
> isolation we did with LDAP in Stratos..
>
> Thanks & regards,
> -Prabath
>
>
> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote:
>
>>
>>
>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
>>
>>> Have you tested this with Stratos?
>>
>> Not with a complete Stratos setup.
>> How I tested this was: installing multi tenancy feature to IS using
>> necessary stratos components built from stratos branch.
>>
>> Do we need to do any LDAP initialization when the tenant
>>> ConfigurationContext is created?
>>
>> Sorry, at the moment I do not have an idea what is tenant
>> ConfiguratioContext.
>>
>> But, as I understood your question, if you use embedded-ldap server in
>> carbon core, you do not have to initialize LDAP since it is started with
>> carbon server.
>> If you use an external LDAP, then you need to start up a LDAP server and
>> point the user-mgt.xml to that.
>>
>>>
>>>
>>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>>>
On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
> Hi Azeez,
>
> Please find answers inline.
>
> Thanks
> AmilaJ
>
> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
> Can somebody briefly explain what were the changes that were carried
> out to
> Carbon core to make this work? Where these ports can be defined
>
> The apacheds server code is wrapped as an OSGi bundle in
> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
> which is responsible for managing LDAP server. It starts, stops LDAP
> server, in addition it also does partition management.
Hi,
> This component
> starts before user core in carbon.
>
Can I please know how have we specified that this component starts
before user-core?
The LDAP server specific configurations reside in a file called
> embedded-ldap.xml in repository/conf (In configuration
> segment). You can change parameters like, ports, connection passwords
> in this file. In addition to LDAP server specific configurations, it
> also has KDC specific configurations.
>
> ,what the following messages mean etc.
>
> Log messages starting with org.apache.directory.server.ldap.LdapServer
> are coming from apacheds implementation.
> LDAP server needs a schema to construct the initial LDAP tree
> structure. The default schema for the LDAP server is located at
> repository/data as a zip file (is-default-schema.zip). Thus when we
> start server for the first time apacheds component will extract this
> zip file and create a schema directory. In addition, when we start
> embedded LDAP for the first time it creates a default partition. The
> default partition name and other properties are read from the
> embedded-ldap.xml configuration file (). The latter
> messages you see in the log are relevant to above actions.
>
> How MT ins handled
>
> I assume MT=Multi-tenancy.
> Hasini: Please explain how MT is handled with embedded-ldap.
>
We have two ways that we can make LDAP user-store multi-tenanted.
1. Creating a new partition (i.e new directory tree) for each tenant.
This is specific to embedded-apacheds because here we use their API.
2. Creating a new context ('ou' by default) under same directory tree,
for each tenant. This is generic because here we use JNDI and hence, not
coupled with any LDAP server implementation.
We can use any of the above methods with embedded-ldap comes in core.
But we can only use the second method above with an external LDAP.
Let me briefly describe implementation details of two methods.
1st Method:
i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
tenant manager which is initialized when the user-core starts. (at
DefaultRealmService.)
ii. At the start of ldap.server component, we register an
implementation of LDAPTenantManager in OSGi registry, through which
managing
partitions of tenants happens.
iii. HybridLDAPTenantManager uses a reference of an above registered
LDAPTenantManager service, to handle tenant mgt with LDAP.
iv. Users and groups of a particular tenant is stored inside its
partition.
v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
stored in registry/JDBC database which is used to map the tenant to
specific
partition.
I have included a class diagram and a sc
Re: [Carbon-dev] LDAP integration to Carbon core
On Sun, Mar 6, 2011 at 10:12 PM, Afkham Azeez wrote:
> Is Hasini working on this?
I got this to working condition about three weeks before. What is left to do
in this space is moving some hard coded configurations to tenant-mgt.xml.
> Can we start testing this immediately?
Yes, This can be tested with stratos, as it is now.
>
>
> On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana wrote:
>
>> In the case of Stratos - we do not need to have the embedded LDAP - but it
>> will be a separate LDAP server. We need to test the OU based tenant
>> isolation we did with LDAP in Stratos..
>
> +1
>
>> Thanks & regards,
>> -Prabath
>>
>>
>> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote:
>>
>>>
>>>
>>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
>>>
Have you tested this with Stratos?
>>>
>>> Not with a complete Stratos setup.
>>> How I tested this was: installing multi tenancy feature to IS using
>>> necessary stratos components built from stratos branch.
>>>
>>> Do we need to do any LDAP initialization when the tenant
ConfigurationContext is created?
>>>
>>> Sorry, at the moment I do not have an idea what is tenant
>>> ConfiguratioContext.
>>>
>>> But, as I understood your question, if you use embedded-ldap server in
>>> carbon core, you do not have to initialize LDAP since it is started with
>>> carbon server.
>>> If you use an external LDAP, then you need to start up a LDAP server and
>>> point the user-mgt.xml to that.
>>>
On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>
>
> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
>
>> Hi Azeez,
>>
>> Please find answers inline.
>>
>> Thanks
>> AmilaJ
>>
>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
>> Can somebody briefly explain what were the changes that were carried
>> out to
>> Carbon core to make this work? Where these ports can be defined
>>
>> The apacheds server code is wrapped as an OSGi bundle in
>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
>> which is responsible for managing LDAP server. It starts, stops LDAP
>> server, in addition it also does partition management.
>
> Hi,
>
>
>> This component
>> starts before user core in carbon.
>>
>
> Can I please know how have we specified that this component starts
> before user-core?
>
> The LDAP server specific configurations reside in a file called
>> embedded-ldap.xml in repository/conf (In configuration
>> segment). You can change parameters like, ports, connection passwords
>> in this file. In addition to LDAP server specific configurations, it
>> also has KDC specific configurations.
>>
>> ,what the following messages mean etc.
>>
>> Log messages starting with org.apache.directory.server.ldap.LdapServer
>> are coming from apacheds implementation.
>> LDAP server needs a schema to construct the initial LDAP tree
>> structure. The default schema for the LDAP server is located at
>> repository/data as a zip file (is-default-schema.zip). Thus when we
>> start server for the first time apacheds component will extract this
>> zip file and create a schema directory. In addition, when we start
>> embedded LDAP for the first time it creates a default partition. The
>> default partition name and other properties are read from the
>> embedded-ldap.xml configuration file (). The latter
>> messages you see in the log are relevant to above actions.
>>
>> How MT ins handled
>>
>> I assume MT=Multi-tenancy.
>
>
>> Hasini: Please explain how MT is handled with embedded-ldap.
>>
>
> We have two ways that we can make LDAP user-store multi-tenanted.
>
> 1. Creating a new partition (i.e new directory tree) for each tenant.
> This is specific to embedded-apacheds because here we use their API.
> 2. Creating a new context ('ou' by default) under same directory tree,
> for each tenant. This is generic because here we use JNDI and hence, not
> coupled with any LDAP server implementation.
>
> We can use any of the above methods with embedded-ldap comes in core.
> But we can only use the second method above with an external LDAP.
>
> Let me briefly describe implementation details of two methods.
>
> 1st Method:
> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
> tenant manager which is initialized when the user-core starts. (at
> DefaultRealmService.)
>ii. At the start of ldap.server component, we register an
> implementation of LDAPTenantManager in OSGi registry, through which
> managing
> partitions of tenants happens.
> iii. HybridLDAPTenantManager uses a reference of an above registered
> LDAPTenantManager service, to handle tenant mgt with LDAP.
> iv. Users and group
Re: [Carbon-dev] LDAP integration to Carbon core
On Sat, Mar 5, 2011 at 10:15 PM, Hasini Gunasinghe wrote:
>
>
> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
>>
>> Hi Azeez,
>>
>> Please find answers inline.
>>
>> Thanks
>> AmilaJ
>>
>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
>> Can somebody briefly explain what were the changes that were carried out
>> to
>> Carbon core to make this work? Where these ports can be defined
>>
>> The apacheds server code is wrapped as an OSGi bundle in
>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
>> which is responsible for managing LDAP server. It starts, stops LDAP
>> server, in addition it also does partition management.
>
> Hi,
>
>>
>> This component
>> starts before user core in carbon.
>
>
Can I please know how have we specified that this component starts before
user-core?
Hi Hasini,
Please look at felix plugin configuration in
org.wso2.carbon.ldap.server/pom.xml. The tag suppose to
do this. But i am also having difficulty recalling where we have
defined term "UserCore". Will get back to you on this after
investigating further.
Thanks
AmilaJ
>>
>> The LDAP server specific configurations reside in a file called
>> embedded-ldap.xml in repository/conf (In configuration
>> segment). You can change parameters like, ports, connection passwords
>> in this file. In addition to LDAP server specific configurations, it
>> also has KDC specific configurations.
>>
>> ,what the following messages mean etc.
>>
>> Log messages starting with org.apache.directory.server.ldap.LdapServer
>> are coming from apacheds implementation.
>> LDAP server needs a schema to construct the initial LDAP tree
>> structure. The default schema for the LDAP server is located at
>> repository/data as a zip file (is-default-schema.zip). Thus when we
>> start server for the first time apacheds component will extract this
>> zip file and create a schema directory. In addition, when we start
>> embedded LDAP for the first time it creates a default partition. The
>> default partition name and other properties are read from the
>> embedded-ldap.xml configuration file (). The latter
>> messages you see in the log are relevant to above actions.
>>
>> How MT ins handled
>>
> I assume MT=Multi-tenancy.
>
>>
>> Hasini: Please explain how MT is handled with embedded-ldap.
>
>
> We have two ways that we can make LDAP user-store multi-tenanted.
> 1. Creating a new partition (i.e new directory tree) for each tenant. This
> is specific to embedded-apacheds because here we use their API.
> 2. Creating a new context ('ou' by default) under same directory tree, for
> each tenant. This is generic because here we use JNDI and hence, not coupled
> with any LDAP server implementation.
> We can use any of the above methods with embedded-ldap comes in core. But we
> can only use the second method above with an external LDAP.
> Let me briefly describe implementation details of two methods.
> 1st Method:
> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the tenant
> manager which is initialized when the user-core starts. (at
> DefaultRealmService.)
> ii. At the start of ldap.server component, we register an implementation
> of LDAPTenantManager in OSGi registry, through which managing partitions of
> tenants happens.
> iii. HybridLDAPTenantManager uses a reference of an above registered
> LDAPTenantManager service, to handle tenant mgt with LDAP.
> iv. Users and groups of a particular tenant is stored inside its
> partition.
> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is stored
> in registry/JDBC database which is used to map the tenant to specific
> partition.
> I have included a class diagram and a screenshot related to this here.
> 2nd Method:
> i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the
> tenant manager which is initialized when the user-core starts.
> ii. Users and groups of a particular tenant is stored under its context.
> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
> stored in registry/JDBC database which is used to map the tenant to specific
> context.
> Common remarks regarding both the methods:
> 1. Hybrid approach is used where mapping between tenant and the
> user-mgt.xml, and other meta-data is stored in JDBC database.
> 2. Class names used for tenant manager at each scenario is not that clear.
> We may need to rename them.
> Thanks,
> Hasini.
>
>
>
>>
>> etc. Sorry, I wasn't
>> > following the entire conversation.
>> > [2011-03-05 07:24:03,001] INFO
>> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory
>> > service on port 10389
>> > [2011-03-05 07:24:03,022] INFO
>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
>> > Handler: 1.3.6.1.4.1.1466.20037
>> > [2011-03-05 07:24:03,106] INFO
>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
>> > Handler: 1.3.6.1.4.1.18060.0.1.6
>> > [2011-03-05 07:24:03,116] INFO
>> > {org.apac
Re: [Carbon-dev] LDAP integration to Carbon core
On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana wrote:
> In the case of Stratos - we do not need to have the embedded LDAP - but it
> will be a separate LDAP server. We need to test the OU based tenant
> isolation we did with LDAP in Stratos..
+1.
Also if we are switching to a LDAP based userstore, then we might have to
migrate the existing jdbc based user base to the LDAP server.
Thanks,
Thilina
>
> Thanks & regards,
> -Prabath
>
>
> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote:
>
>>
>>
>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
>>
>>> Have you tested this with Stratos?
>>
>> Not with a complete Stratos setup.
>> How I tested this was: installing multi tenancy feature to IS using
>> necessary stratos components built from stratos branch.
>>
>> Do we need to do any LDAP initialization when the tenant
>>> ConfigurationContext is created?
>>
>> Sorry, at the moment I do not have an idea what is tenant
>> ConfiguratioContext.
>>
>> But, as I understood your question, if you use embedded-ldap server in
>> carbon core, you do not have to initialize LDAP since it is started with
>> carbon server.
>> If you use an external LDAP, then you need to start up a LDAP server and
>> point the user-mgt.xml to that.
>>
>>>
>>>
>>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>>>
On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
> Hi Azeez,
>
> Please find answers inline.
>
> Thanks
> AmilaJ
>
> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
> Can somebody briefly explain what were the changes that were carried
> out to
> Carbon core to make this work? Where these ports can be defined
>
> The apacheds server code is wrapped as an OSGi bundle in
> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
> which is responsible for managing LDAP server. It starts, stops LDAP
> server, in addition it also does partition management.
Hi,
> This component
> starts before user core in carbon.
>
Can I please know how have we specified that this component starts
before user-core?
The LDAP server specific configurations reside in a file called
> embedded-ldap.xml in repository/conf (In configuration
> segment). You can change parameters like, ports, connection passwords
> in this file. In addition to LDAP server specific configurations, it
> also has KDC specific configurations.
>
> ,what the following messages mean etc.
>
> Log messages starting with org.apache.directory.server.ldap.LdapServer
> are coming from apacheds implementation.
> LDAP server needs a schema to construct the initial LDAP tree
> structure. The default schema for the LDAP server is located at
> repository/data as a zip file (is-default-schema.zip). Thus when we
> start server for the first time apacheds component will extract this
> zip file and create a schema directory. In addition, when we start
> embedded LDAP for the first time it creates a default partition. The
> default partition name and other properties are read from the
> embedded-ldap.xml configuration file (). The latter
> messages you see in the log are relevant to above actions.
>
> How MT ins handled
>
> I assume MT=Multi-tenancy.
> Hasini: Please explain how MT is handled with embedded-ldap.
>
We have two ways that we can make LDAP user-store multi-tenanted.
1. Creating a new partition (i.e new directory tree) for each tenant.
This is specific to embedded-apacheds because here we use their API.
2. Creating a new context ('ou' by default) under same directory tree,
for each tenant. This is generic because here we use JNDI and hence, not
coupled with any LDAP server implementation.
We can use any of the above methods with embedded-ldap comes in core.
But we can only use the second method above with an external LDAP.
Let me briefly describe implementation details of two methods.
1st Method:
i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
tenant manager which is initialized when the user-core starts. (at
DefaultRealmService.)
ii. At the start of ldap.server component, we register an
implementation of LDAPTenantManager in OSGi registry, through which
managing
partitions of tenants happens.
iii. HybridLDAPTenantManager uses a reference of an above registered
LDAPTenantManager service, to handle tenant mgt with LDAP.
iv. Users and groups of a particular tenant is stored inside its
partition.
v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
stored in registry/JDBC database which is used to map the tenant to
specific
partition.
I have included a class diagram and a screenshot re
Re: [Carbon-dev] LDAP integration to Carbon core
Is Hasini working on this? Can we start testing this immediately?
On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana wrote:
> In the case of Stratos - we do not need to have the embedded LDAP - but it
> will be a separate LDAP server. We need to test the OU based tenant
> isolation we did with LDAP in Stratos..
>
> Thanks & regards,
> -Prabath
>
>
> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote:
>
>>
>>
>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
>>
>>> Have you tested this with Stratos?
>>
>> Not with a complete Stratos setup.
>> How I tested this was: installing multi tenancy feature to IS using
>> necessary stratos components built from stratos branch.
>>
>> Do we need to do any LDAP initialization when the tenant
>>> ConfigurationContext is created?
>>
>> Sorry, at the moment I do not have an idea what is tenant
>> ConfiguratioContext.
>>
>> But, as I understood your question, if you use embedded-ldap server in
>> carbon core, you do not have to initialize LDAP since it is started with
>> carbon server.
>> If you use an external LDAP, then you need to start up a LDAP server and
>> point the user-mgt.xml to that.
>>
>>>
>>>
>>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>>>
On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
> Hi Azeez,
>
> Please find answers inline.
>
> Thanks
> AmilaJ
>
> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
> Can somebody briefly explain what were the changes that were carried
> out to
> Carbon core to make this work? Where these ports can be defined
>
> The apacheds server code is wrapped as an OSGi bundle in
> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
> which is responsible for managing LDAP server. It starts, stops LDAP
> server, in addition it also does partition management.
Hi,
> This component
> starts before user core in carbon.
>
Can I please know how have we specified that this component starts
before user-core?
The LDAP server specific configurations reside in a file called
> embedded-ldap.xml in repository/conf (In configuration
> segment). You can change parameters like, ports, connection passwords
> in this file. In addition to LDAP server specific configurations, it
> also has KDC specific configurations.
>
> ,what the following messages mean etc.
>
> Log messages starting with org.apache.directory.server.ldap.LdapServer
> are coming from apacheds implementation.
> LDAP server needs a schema to construct the initial LDAP tree
> structure. The default schema for the LDAP server is located at
> repository/data as a zip file (is-default-schema.zip). Thus when we
> start server for the first time apacheds component will extract this
> zip file and create a schema directory. In addition, when we start
> embedded LDAP for the first time it creates a default partition. The
> default partition name and other properties are read from the
> embedded-ldap.xml configuration file (). The latter
> messages you see in the log are relevant to above actions.
>
> How MT ins handled
>
> I assume MT=Multi-tenancy.
> Hasini: Please explain how MT is handled with embedded-ldap.
>
We have two ways that we can make LDAP user-store multi-tenanted.
1. Creating a new partition (i.e new directory tree) for each tenant.
This is specific to embedded-apacheds because here we use their API.
2. Creating a new context ('ou' by default) under same directory tree,
for each tenant. This is generic because here we use JNDI and hence, not
coupled with any LDAP server implementation.
We can use any of the above methods with embedded-ldap comes in core.
But we can only use the second method above with an external LDAP.
Let me briefly describe implementation details of two methods.
1st Method:
i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
tenant manager which is initialized when the user-core starts. (at
DefaultRealmService.)
ii. At the start of ldap.server component, we register an
implementation of LDAPTenantManager in OSGi registry, through which
managing
partitions of tenants happens.
iii. HybridLDAPTenantManager uses a reference of an above registered
LDAPTenantManager service, to handle tenant mgt with LDAP.
iv. Users and groups of a particular tenant is stored inside its
partition.
v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
stored in registry/JDBC database which is used to map the tenant to
specific
partition.
I have included a class diagram and a screenshot related to this
here
Re: [Carbon-dev] LDAP integration to Carbon core
In the case of Stratos - we do not need to have the embedded LDAP - but it
will be a separate LDAP server. We need to test the OU based tenant
isolation we did with LDAP in Stratos..
Thanks & regards,
-Prabath
On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe wrote:
>
>
> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
>
>> Have you tested this with Stratos?
>
> Not with a complete Stratos setup.
> How I tested this was: installing multi tenancy feature to IS using
> necessary stratos components built from stratos branch.
>
> Do we need to do any LDAP initialization when the tenant
>> ConfigurationContext is created?
>
> Sorry, at the moment I do not have an idea what is tenant
> ConfiguratioContext.
>
> But, as I understood your question, if you use embedded-ldap server in
> carbon core, you do not have to initialize LDAP since it is started with
> carbon server.
> If you use an external LDAP, then you need to start up a LDAP server and
> point the user-mgt.xml to that.
>
>>
>>
>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>>
>>>
>>>
>>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
>>>
Hi Azeez,
Please find answers inline.
Thanks
AmilaJ
On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
Can somebody briefly explain what were the changes that were carried out
to
Carbon core to make this work? Where these ports can be defined
The apacheds server code is wrapped as an OSGi bundle in
orbit/apacheds component. org.wso2.carbon.ldap.server is the component
which is responsible for managing LDAP server. It starts, stops LDAP
server, in addition it also does partition management.
>>>
>>> Hi,
>>>
>>>
This component
starts before user core in carbon.
>>>
>>> Can I please know how have we specified that this component starts before
>>> user-core?
>>>
>>> The LDAP server specific configurations reside in a file called
embedded-ldap.xml in repository/conf (In configuration
segment). You can change parameters like, ports, connection passwords
in this file. In addition to LDAP server specific configurations, it
also has KDC specific configurations.
,what the following messages mean etc.
Log messages starting with org.apache.directory.server.ldap.LdapServer
are coming from apacheds implementation.
LDAP server needs a schema to construct the initial LDAP tree
structure. The default schema for the LDAP server is located at
repository/data as a zip file (is-default-schema.zip). Thus when we
start server for the first time apacheds component will extract this
zip file and create a schema directory. In addition, when we start
embedded LDAP for the first time it creates a default partition. The
default partition name and other properties are read from the
embedded-ldap.xml configuration file (). The latter
messages you see in the log are relevant to above actions.
How MT ins handled
I assume MT=Multi-tenancy.
>>>
>>>
Hasini: Please explain how MT is handled with embedded-ldap.
>>>
>>> We have two ways that we can make LDAP user-store multi-tenanted.
>>>
>>> 1. Creating a new partition (i.e new directory tree) for each tenant.
>>> This is specific to embedded-apacheds because here we use their API.
>>> 2. Creating a new context ('ou' by default) under same directory tree,
>>> for each tenant. This is generic because here we use JNDI and hence, not
>>> coupled with any LDAP server implementation.
>>>
>>> We can use any of the above methods with embedded-ldap comes in core. But
>>> we can only use the second method above with an external LDAP.
>>>
>>> Let me briefly describe implementation details of two methods.
>>>
>>> 1st Method:
>>> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
>>> tenant manager which is initialized when the user-core starts. (at
>>> DefaultRealmService.)
>>>ii. At the start of ldap.server component, we register an
>>> implementation of LDAPTenantManager in OSGi registry, through which managing
>>> partitions of tenants happens.
>>> iii. HybridLDAPTenantManager uses a reference of an above registered
>>> LDAPTenantManager service, to handle tenant mgt with LDAP.
>>> iv. Users and groups of a particular tenant is stored inside its
>>> partition.
>>> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
>>> stored in registry/JDBC database which is used to map the tenant to specific
>>> partition.
>>>
>>> I have included a class diagram and a screenshot related to this
>>> here
>>> .
>>>
>>> 2nd Method:
>>>i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the
>>> tenant manager which is initialized when the user-core starts.
>>> ii. Users and groups of a particular tenant is stored under its
>>> context
Re: [Carbon-dev] LDAP integration to Carbon core
On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez wrote:
> Have you tested this with Stratos?
Not with a complete Stratos setup.
How I tested this was: installing multi tenancy feature to IS using
necessary stratos components built from stratos branch.
Do we need to do any LDAP initialization when the tenant
> ConfigurationContext is created?
Sorry, at the moment I do not have an idea what is tenant
ConfiguratioContext.
But, as I understood your question, if you use embedded-ldap server in
carbon core, you do not have to initialize LDAP since it is started with
carbon server.
If you use an external LDAP, then you need to start up a LDAP server and
point the user-mgt.xml to that.
>
>
> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>
>>
>>
>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
>>
>>> Hi Azeez,
>>>
>>> Please find answers inline.
>>>
>>> Thanks
>>> AmilaJ
>>>
>>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
>>> Can somebody briefly explain what were the changes that were carried out
>>> to
>>> Carbon core to make this work? Where these ports can be defined
>>>
>>> The apacheds server code is wrapped as an OSGi bundle in
>>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
>>> which is responsible for managing LDAP server. It starts, stops LDAP
>>> server, in addition it also does partition management.
>>
>> Hi,
>>
>>
>>> This component
>>> starts before user core in carbon.
>>>
>>
>> Can I please know how have we specified that this component starts before
>> user-core?
>>
>> The LDAP server specific configurations reside in a file called
>>> embedded-ldap.xml in repository/conf (In configuration
>>> segment). You can change parameters like, ports, connection passwords
>>> in this file. In addition to LDAP server specific configurations, it
>>> also has KDC specific configurations.
>>>
>>> ,what the following messages mean etc.
>>>
>>> Log messages starting with org.apache.directory.server.ldap.LdapServer
>>> are coming from apacheds implementation.
>>> LDAP server needs a schema to construct the initial LDAP tree
>>> structure. The default schema for the LDAP server is located at
>>> repository/data as a zip file (is-default-schema.zip). Thus when we
>>> start server for the first time apacheds component will extract this
>>> zip file and create a schema directory. In addition, when we start
>>> embedded LDAP for the first time it creates a default partition. The
>>> default partition name and other properties are read from the
>>> embedded-ldap.xml configuration file (). The latter
>>> messages you see in the log are relevant to above actions.
>>>
>>> How MT ins handled
>>>
>>> I assume MT=Multi-tenancy.
>>
>>
>>> Hasini: Please explain how MT is handled with embedded-ldap.
>>>
>>
>> We have two ways that we can make LDAP user-store multi-tenanted.
>>
>> 1. Creating a new partition (i.e new directory tree) for each tenant. This
>> is specific to embedded-apacheds because here we use their API.
>> 2. Creating a new context ('ou' by default) under same directory tree, for
>> each tenant. This is generic because here we use JNDI and hence, not coupled
>> with any LDAP server implementation.
>>
>> We can use any of the above methods with embedded-ldap comes in core. But
>> we can only use the second method above with an external LDAP.
>>
>> Let me briefly describe implementation details of two methods.
>>
>> 1st Method:
>> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the
>> tenant manager which is initialized when the user-core starts. (at
>> DefaultRealmService.)
>>ii. At the start of ldap.server component, we register an
>> implementation of LDAPTenantManager in OSGi registry, through which managing
>> partitions of tenants happens.
>> iii. HybridLDAPTenantManager uses a reference of an above registered
>> LDAPTenantManager service, to handle tenant mgt with LDAP.
>> iv. Users and groups of a particular tenant is stored inside its
>> partition.
>> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
>> stored in registry/JDBC database which is used to map the tenant to specific
>> partition.
>>
>> I have included a class diagram and a screenshot related to this
>> here
>> .
>>
>> 2nd Method:
>>i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the
>> tenant manager which is initialized when the user-core starts.
>> ii. Users and groups of a particular tenant is stored under its context.
>> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
>> stored in registry/JDBC database which is used to map the tenant to specific
>> context.
>>
>> Common remarks regarding both the methods:
>> 1. Hybrid approach is used where mapping between tenant and the
>> user-mgt.xml, and other meta-data is stored in JDBC database.
>> 2. Class names used for tenant manager at each scenario is
Re: [Carbon-dev] LDAP integration to Carbon core
Have you tested this with Stratos? Do we need to do any LDAP initialization
when the tenant ConfigurationContext is created?
On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe wrote:
>
>
> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
>
>> Hi Azeez,
>>
>> Please find answers inline.
>>
>> Thanks
>> AmilaJ
>>
>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
>> Can somebody briefly explain what were the changes that were carried out
>> to
>> Carbon core to make this work? Where these ports can be defined
>>
>> The apacheds server code is wrapped as an OSGi bundle in
>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
>> which is responsible for managing LDAP server. It starts, stops LDAP
>> server, in addition it also does partition management.
>
> Hi,
>
>
>> This component
>> starts before user core in carbon.
>>
>
> Can I please know how have we specified that this component starts before
> user-core?
>
> The LDAP server specific configurations reside in a file called
>> embedded-ldap.xml in repository/conf (In configuration
>> segment). You can change parameters like, ports, connection passwords
>> in this file. In addition to LDAP server specific configurations, it
>> also has KDC specific configurations.
>>
>> ,what the following messages mean etc.
>>
>> Log messages starting with org.apache.directory.server.ldap.LdapServer
>> are coming from apacheds implementation.
>> LDAP server needs a schema to construct the initial LDAP tree
>> structure. The default schema for the LDAP server is located at
>> repository/data as a zip file (is-default-schema.zip). Thus when we
>> start server for the first time apacheds component will extract this
>> zip file and create a schema directory. In addition, when we start
>> embedded LDAP for the first time it creates a default partition. The
>> default partition name and other properties are read from the
>> embedded-ldap.xml configuration file (). The latter
>> messages you see in the log are relevant to above actions.
>>
>> How MT ins handled
>>
>> I assume MT=Multi-tenancy.
>
>
>> Hasini: Please explain how MT is handled with embedded-ldap.
>>
>
> We have two ways that we can make LDAP user-store multi-tenanted.
>
> 1. Creating a new partition (i.e new directory tree) for each tenant. This
> is specific to embedded-apacheds because here we use their API.
> 2. Creating a new context ('ou' by default) under same directory tree, for
> each tenant. This is generic because here we use JNDI and hence, not coupled
> with any LDAP server implementation.
>
> We can use any of the above methods with embedded-ldap comes in core. But
> we can only use the second method above with an external LDAP.
>
> Let me briefly describe implementation details of two methods.
>
> 1st Method:
> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the tenant
> manager which is initialized when the user-core starts. (at
> DefaultRealmService.)
>ii. At the start of ldap.server component, we register an implementation
> of LDAPTenantManager in OSGi registry, through which managing partitions of
> tenants happens.
> iii. HybridLDAPTenantManager uses a reference of an above registered
> LDAPTenantManager service, to handle tenant mgt with LDAP.
> iv. Users and groups of a particular tenant is stored inside its
> partition.
> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
> stored in registry/JDBC database which is used to map the tenant to specific
> partition.
>
> I have included a class diagram and a screenshot related to this
> here
> .
>
> 2nd Method:
>i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the
> tenant manager which is initialized when the user-core starts.
> ii. Users and groups of a particular tenant is stored under its context.
> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
> stored in registry/JDBC database which is used to map the tenant to specific
> context.
>
> Common remarks regarding both the methods:
> 1. Hybrid approach is used where mapping between tenant and the
> user-mgt.xml, and other meta-data is stored in JDBC database.
> 2. Class names used for tenant manager at each scenario is not that clear.
> We may need to rename them.
>
> Thanks,
> Hasini.
>
>
>
>
>
>> etc. Sorry, I wasn't
>> > following the entire conversation.
>> > [2011-03-05 07:24:03,001] INFO
>> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory
>> > service on port 10389
>> > [2011-03-05 07:24:03,022] INFO
>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
>> > Handler: 1.3.6.1.4.1.1466.20037
>> > [2011-03-05 07:24:03,106] INFO
>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
>> > Handler: 1.3.6.1.4.1.18060.0.1.6
>> > [2011-03-05 07:24:03,116] INFO
>> > {org.apache.directory.server.ldap.LdapServer
Re: [Carbon-dev] LDAP integration to Carbon core
On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara wrote:
> Hi Azeez,
>
> Please find answers inline.
>
> Thanks
> AmilaJ
>
> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
> Can somebody briefly explain what were the changes that were carried out to
> Carbon core to make this work? Where these ports can be defined
>
> The apacheds server code is wrapped as an OSGi bundle in
> orbit/apacheds component. org.wso2.carbon.ldap.server is the component
> which is responsible for managing LDAP server. It starts, stops LDAP
> server, in addition it also does partition management.
Hi,
> This component
> starts before user core in carbon.
>
Can I please know how have we specified that this component starts before
user-core?
The LDAP server specific configurations reside in a file called
> embedded-ldap.xml in repository/conf (In configuration
> segment). You can change parameters like, ports, connection passwords
> in this file. In addition to LDAP server specific configurations, it
> also has KDC specific configurations.
>
> ,what the following messages mean etc.
>
> Log messages starting with org.apache.directory.server.ldap.LdapServer
> are coming from apacheds implementation.
> LDAP server needs a schema to construct the initial LDAP tree
> structure. The default schema for the LDAP server is located at
> repository/data as a zip file (is-default-schema.zip). Thus when we
> start server for the first time apacheds component will extract this
> zip file and create a schema directory. In addition, when we start
> embedded LDAP for the first time it creates a default partition. The
> default partition name and other properties are read from the
> embedded-ldap.xml configuration file (). The latter
> messages you see in the log are relevant to above actions.
>
> How MT ins handled
>
> I assume MT=Multi-tenancy.
> Hasini: Please explain how MT is handled with embedded-ldap.
>
We have two ways that we can make LDAP user-store multi-tenanted.
1. Creating a new partition (i.e new directory tree) for each tenant. This
is specific to embedded-apacheds because here we use their API.
2. Creating a new context ('ou' by default) under same directory tree, for
each tenant. This is generic because here we use JNDI and hence, not coupled
with any LDAP server implementation.
We can use any of the above methods with embedded-ldap comes in core. But we
can only use the second method above with an external LDAP.
Let me briefly describe implementation details of two methods.
1st Method:
i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the tenant
manager which is initialized when the user-core starts. (at
DefaultRealmService.)
ii. At the start of ldap.server component, we register an implementation
of LDAPTenantManager in OSGi registry, through which managing partitions of
tenants happens.
iii. HybridLDAPTenantManager uses a reference of an above registered
LDAPTenantManager service, to handle tenant mgt with LDAP.
iv. Users and groups of a particular tenant is stored inside its
partition.
v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is stored
in registry/JDBC database which is used to map the tenant to specific
partition.
I have included a class diagram and a screenshot related to this
here
.
2nd Method:
i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the
tenant manager which is initialized when the user-core starts.
ii. Users and groups of a particular tenant is stored under its context.
iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is
stored in registry/JDBC database which is used to map the tenant to specific
context.
Common remarks regarding both the methods:
1. Hybrid approach is used where mapping between tenant and the
user-mgt.xml, and other meta-data is stored in JDBC database.
2. Class names used for tenant manager at each scenario is not that clear.
We may need to rename them.
Thanks,
Hasini.
> etc. Sorry, I wasn't
> > following the entire conversation.
> > [2011-03-05 07:24:03,001] INFO
> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory
> > service on port 10389
> > [2011-03-05 07:24:03,022] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
> > Handler: 1.3.6.1.4.1.1466.20037
> > [2011-03-05 07:24:03,106] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
> > Handler: 1.3.6.1.4.1.18060.0.1.6
> > [2011-03-05 07:24:03,116] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of an
> LDAP
> > Service (10389) is completed.
> > [2011-03-05 07:24:03,116] INFO
> > {org.apache.directory.server.ldap.LdapServer} - Ldap service started.
> > [2011-03-05 07:24:03,116] INFO
> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server started.
> > [2011-03-05 07:24:03,139] INFO
> > {org.wso2.carbon.apacheds.impl
Re: [Carbon-dev] LDAP integration to Carbon core
Hi Azeez,
Please find answers inline.
Thanks
AmilaJ
On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez wrote:
Can somebody briefly explain what were the changes that were carried out to
Carbon core to make this work? Where these ports can be defined
The apacheds server code is wrapped as an OSGi bundle in
orbit/apacheds component. org.wso2.carbon.ldap.server is the component
which is responsible for managing LDAP server. It starts, stops LDAP
server, in addition it also does partition management. This component
starts before user core in carbon.
The LDAP server specific configurations reside in a file called
embedded-ldap.xml in repository/conf (In configuration
segment). You can change parameters like, ports, connection passwords
in this file. In addition to LDAP server specific configurations, it
also has KDC specific configurations.
,what the following messages mean etc.
Log messages starting with org.apache.directory.server.ldap.LdapServer
are coming from apacheds implementation.
LDAP server needs a schema to construct the initial LDAP tree
structure. The default schema for the LDAP server is located at
repository/data as a zip file (is-default-schema.zip). Thus when we
start server for the first time apacheds component will extract this
zip file and create a schema directory. In addition, when we start
embedded LDAP for the first time it creates a default partition. The
default partition name and other properties are read from the
embedded-ldap.xml configuration file (). The latter
messages you see in the log are relevant to above actions.
How MT ins handled
Hasini: Please explain how MT is handled with embedded-ldap.
etc. Sorry, I wasn't
> following the entire conversation.
> [2011-03-05 07:24:03,001] INFO
> {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory
> service on port 10389
> [2011-03-05 07:24:03,022] INFO
> {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
> Handler: 1.3.6.1.4.1.1466.20037
> [2011-03-05 07:24:03,106] INFO
> {org.apache.directory.server.ldap.LdapServer} - Added Extended Request
> Handler: 1.3.6.1.4.1.18060.0.1.6
> [2011-03-05 07:24:03,116] INFO
> {org.apache.directory.server.ldap.LdapServer} - Successful bind of an LDAP
> Service (10389) is completed.
> [2011-03-05 07:24:03,116] INFO
> {org.apache.directory.server.ldap.LdapServer} - Ldap service started.
> [2011-03-05 07:24:03,116] INFO
> {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server started.
> [2011-03-05 07:24:03,139] INFO
> {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - Partition
> directory -
> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root
> already exists.
> [2011-03-05 07:24:03,140] INFO
> {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
> Partitionroot created from existing partition directory. <-- Partitionroot
> or Partition Root
> [2011-03-05 07:24:03,211] INFO
> {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
> Partitionroot added to directory service.
Do we have to show all these INFO messages?
We can get rid of some of above log messages, if you think that they
are redundant. We can suppress the INFO messages comming from apacheds
implementation in log4j properties file. Also we can remove some log
messages from the code.
>
> --
> Afkham Azeez
> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
>
> Member; Apache Software Foundation; http://www.apache.org/
> email: az...@wso2.com cell: +94 77 3320919
> blog: http://blog.afkham.org
> twitter: http://twitter.com/afkham_azeez
> linked-in: http://lk.linkedin.com/in/afkhamazeez
>
> Lean . Enterprise . Middleware
>
> ___
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
[Carbon-dev] LDAP integration to Carbon core
Can somebody briefly explain what were the changes that were carried out to
Carbon core to make this work? Where these ports can be defined, what the
following messages mean etc. How MT ins handled etc. Sorry, I wasn't
following the entire conversation.
[2011-03-05 07:24:03,001] INFO
{org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory
service on port 10389
[2011-03-05 07:24:03,022] INFO
{org.apache.directory.server.ldap.LdapServer} - Added Extended Request
Handler: 1.3.6.1.4.1.1466.20037
[2011-03-05 07:24:03,106] INFO
{org.apache.directory.server.ldap.LdapServer} - Added Extended Request
Handler: 1.3.6.1.4.1.18060.0.1.6
[2011-03-05 07:24:03,116] INFO
{org.apache.directory.server.ldap.LdapServer} - Successful bind of an LDAP
Service (10389) is completed.
[2011-03-05 07:24:03,116] INFO
{org.apache.directory.server.ldap.LdapServer} - Ldap service started.
[2011-03-05 07:24:03,116] INFO
{org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server started.
[2011-03-05 07:24:03,139] INFO
{org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - Partition
directory -
/Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root
already exists.
[2011-03-05 07:24:03,140] INFO
{org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
Partitionroot created from existing partition directory. <-- Partitionroot
or Partition Root
[2011-03-05 07:24:03,211] INFO
{org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} -
Partitionroot added to directory service.
Do we have to show all these INFO messages?
--
*Afkham Azeez*
Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
*
*
*Member; Apache Software Foundation;
**http://www.apache.org/**
twitter: **http://twitter.com/afkham_azeez*
*
linked-in: **http://lk.linkedin.com/in/afkhamazeez*
*
*
*Lean . Enterprise . Middleware*
___
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
