Have you tested this with Stratos? Do we need to do any LDAP initialization when the tenant ConfigurationContext is created?
On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe <[email protected]> wrote: > > > On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara <[email protected]> wrote: > >> Hi Azeez, >> >> Please find answers inline. >> >> Thanks >> AmilaJ >> >> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez <[email protected]> wrote: >> Can somebody briefly explain what were the changes that were carried out >> to >> Carbon core to make this work? Where these ports can be defined >> >> The apacheds server code is wrapped as an OSGi bundle in >> orbit/apacheds component. org.wso2.carbon.ldap.server is the component >> which is responsible for managing LDAP server. It starts, stops LDAP >> server, in addition it also does partition management. > > Hi, > > >> This component >> starts before user core in carbon. >> > > Can I please know how have we specified that this component starts before > user-core? > > The LDAP server specific configurations reside in a file called >> embedded-ldap.xml in repository/conf (In <EmbeddedLDAP> configuration >> segment). You can change parameters like, ports, connection passwords >> in this file. In addition to LDAP server specific configurations, it >> also has KDC specific configurations. >> >> ,what the following messages mean etc. >> >> Log messages starting with org.apache.directory.server.ldap.LdapServer >> are coming from apacheds implementation. >> LDAP server needs a schema to construct the initial LDAP tree >> structure. The default schema for the LDAP server is located at >> repository/data as a zip file (is-default-schema.zip). Thus when we >> start server for the first time apacheds component will extract this >> zip file and create a schema directory. In addition, when we start >> embedded LDAP for the first time it creates a default partition. The >> default partition name and other properties are read from the >> embedded-ldap.xml configuration file (<DefaultPartition>). The latter >> messages you see in the log are relevant to above actions. >> >> How MT ins handled >> >> I assume MT=Multi-tenancy. > > >> Hasini: Please explain how MT is handled with embedded-ldap. >> > > We have two ways that we can make LDAP user-store multi-tenanted. > > 1. Creating a new partition (i.e new directory tree) for each tenant. This > is specific to embedded-apacheds because here we use their API. > 2. Creating a new context ('ou' by default) under same directory tree, for > each tenant. This is generic because here we use JNDI and hence, not coupled > with any LDAP server implementation. > > We can use any of the above methods with embedded-ldap comes in core. But > we can only use the second method above with an external LDAP. > > Let me briefly describe implementation details of two methods. > > 1st Method: > i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the tenant > manager which is initialized when the user-core starts. (at > DefaultRealmService.) > ii. At the start of ldap.server component, we register an implementation > of LDAPTenantManager in OSGi registry, through which managing partitions of > tenants happens. > iii. HybridLDAPTenantManager uses a reference of an above registered > LDAPTenantManager service, to handle tenant mgt with LDAP. > iv. Users and groups of a particular tenant is stored inside its > partition. > v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is > stored in registry/JDBC database which is used to map the tenant to specific > partition. > > I have included a class diagram and a screenshot related to this > here<http://hasini-gunasinghe.blogspot.com/2011/01/tenant-management-in-wso2-carbon-with.html> > . > > 2nd Method: > i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the > tenant manager which is initialized when the user-core starts. > ii. Users and groups of a particular tenant is stored under its context. > iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is > stored in registry/JDBC database which is used to map the tenant to specific > context. > > Common remarks regarding both the methods: > 1. Hybrid approach is used where mapping between tenant and the > user-mgt.xml, and other meta-data is stored in JDBC database. > 2. Class names used for tenant manager at each scenario is not that clear. > We may need to rename them. > > Thanks, > Hasini. > > > > > >> etc. Sorry, I wasn't >> > following the entire conversation. >> > [2011-03-05 07:24:03,001] INFO >> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory >> > service on port 10389 >> > [2011-03-05 07:24:03,022] INFO >> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request >> > Handler: 1.3.6.1.4.1.1466.20037 >> > [2011-03-05 07:24:03,106] INFO >> > {org.apache.directory.server.ldap.LdapServer} - Added Extended Request >> > Handler: 1.3.6.1.4.1.18060.0.1.6 >> > [2011-03-05 07:24:03,116] INFO >> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of an >> LDAP >> > Service (10389) is completed. >> > [2011-03-05 07:24:03,116] INFO >> > {org.apache.directory.server.ldap.LdapServer} - Ldap service started. >> > [2011-03-05 07:24:03,116] INFO >> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server started. >> > [2011-03-05 07:24:03,139] INFO >> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >> Partition >> > directory - >> > >> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root >> > already exists. >> > [2011-03-05 07:24:03,140] INFO >> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >> > Partitionroot created from existing partition directory. <-- >> Partitionroot >> > or Partition Root >> > [2011-03-05 07:24:03,211] INFO >> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >> > Partitionroot added to directory service. >> >> Do we have to show all these INFO messages? >> >> We can get rid of some of above log messages, if you think that they >> are redundant. We can suppress the INFO messages comming from apacheds >> implementation in log4j properties file. Also we can remove some log >> messages from the code. >> >> >> > >> > -- >> > Afkham Azeez >> > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >> , >> > >> > Member; Apache Software Foundation; http://www.apache.org/ >> > email: [email protected] cell: +94 77 3320919 >> > blog: http://blog.afkham.org >> > twitter: http://twitter.com/afkham_azeez >> > linked-in: http://lk.linkedin.com/in/afkhamazeez >> > >> > Lean . Enterprise . Middleware >> > >> > _______________________________________________ >> > Carbon-dev mailing list >> > [email protected] >> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> > >> > >> > > -- *Afkham Azeez* Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, * * *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/> * email: **[email protected]* <[email protected]>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
