In the case of Stratos - we do not need to have the embedded LDAP - but it will be a separate LDAP server. We need to test the OU based tenant isolation we did with LDAP in Stratos..
Thanks & regards, -Prabath On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe <[email protected]> wrote: > > > On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez <[email protected]> wrote: > >> Have you tested this with Stratos? > > Not with a complete Stratos setup. > How I tested this was: installing multi tenancy feature to IS using > necessary stratos components built from stratos branch. > > Do we need to do any LDAP initialization when the tenant >> ConfigurationContext is created? > > Sorry, at the moment I do not have an idea what is tenant > ConfiguratioContext. > > But, as I understood your question, if you use embedded-ldap server in > carbon core, you do not have to initialize LDAP since it is started with > carbon server. > If you use an external LDAP, then you need to start up a LDAP server and > point the user-mgt.xml to that. > >> >> >> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe <[email protected]>wrote: >> >>> >>> >>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara <[email protected]>wrote: >>> >>>> Hi Azeez, >>>> >>>> Please find answers inline. >>>> >>>> Thanks >>>> AmilaJ >>>> >>>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez <[email protected]> wrote: >>>> Can somebody briefly explain what were the changes that were carried out >>>> to >>>> Carbon core to make this work? Where these ports can be defined >>>> >>>> The apacheds server code is wrapped as an OSGi bundle in >>>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component >>>> which is responsible for managing LDAP server. It starts, stops LDAP >>>> server, in addition it also does partition management. >>> >>> Hi, >>> >>> >>>> This component >>>> starts before user core in carbon. >>>> >>> >>> Can I please know how have we specified that this component starts before >>> user-core? >>> >>> The LDAP server specific configurations reside in a file called >>>> embedded-ldap.xml in repository/conf (In <EmbeddedLDAP> configuration >>>> segment). You can change parameters like, ports, connection passwords >>>> in this file. In addition to LDAP server specific configurations, it >>>> also has KDC specific configurations. >>>> >>>> ,what the following messages mean etc. >>>> >>>> Log messages starting with org.apache.directory.server.ldap.LdapServer >>>> are coming from apacheds implementation. >>>> LDAP server needs a schema to construct the initial LDAP tree >>>> structure. The default schema for the LDAP server is located at >>>> repository/data as a zip file (is-default-schema.zip). Thus when we >>>> start server for the first time apacheds component will extract this >>>> zip file and create a schema directory. In addition, when we start >>>> embedded LDAP for the first time it creates a default partition. The >>>> default partition name and other properties are read from the >>>> embedded-ldap.xml configuration file (<DefaultPartition>). The latter >>>> messages you see in the log are relevant to above actions. >>>> >>>> How MT ins handled >>>> >>>> I assume MT=Multi-tenancy. >>> >>> >>>> Hasini: Please explain how MT is handled with embedded-ldap. >>>> >>> >>> We have two ways that we can make LDAP user-store multi-tenanted. >>> >>> 1. Creating a new partition (i.e new directory tree) for each tenant. >>> This is specific to embedded-apacheds because here we use their API. >>> 2. Creating a new context ('ou' by default) under same directory tree, >>> for each tenant. This is generic because here we use JNDI and hence, not >>> coupled with any LDAP server implementation. >>> >>> We can use any of the above methods with embedded-ldap comes in core. But >>> we can only use the second method above with an external LDAP. >>> >>> Let me briefly describe implementation details of two methods. >>> >>> 1st Method: >>> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the >>> tenant manager which is initialized when the user-core starts. (at >>> DefaultRealmService.) >>> ii. At the start of ldap.server component, we register an >>> implementation of LDAPTenantManager in OSGi registry, through which managing >>> partitions of tenants happens. >>> iii. HybridLDAPTenantManager uses a reference of an above registered >>> LDAPTenantManager service, to handle tenant mgt with LDAP. >>> iv. Users and groups of a particular tenant is stored inside its >>> partition. >>> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is >>> stored in registry/JDBC database which is used to map the tenant to specific >>> partition. >>> >>> I have included a class diagram and a screenshot related to this >>> here<http://hasini-gunasinghe.blogspot.com/2011/01/tenant-management-in-wso2-carbon-with.html> >>> . >>> >>> 2nd Method: >>> i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as the >>> tenant manager which is initialized when the user-core starts. >>> ii. Users and groups of a particular tenant is stored under its >>> context. >>> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is >>> stored in registry/JDBC database which is used to map the tenant to specific >>> context. >>> >>> Common remarks regarding both the methods: >>> 1. Hybrid approach is used where mapping between tenant and the >>> user-mgt.xml, and other meta-data is stored in JDBC database. >>> 2. Class names used for tenant manager at each scenario is not that >>> clear. We may need to rename them. >>> >>> Thanks, >>> Hasini. >>> >>> >>> >>> >>> >>>> etc. Sorry, I wasn't >>>> > following the entire conversation. >>>> > [2011-03-05 07:24:03,001] INFO >>>> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting directory >>>> > service on port 10389 >>>> > [2011-03-05 07:24:03,022] INFO >>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended >>>> Request >>>> > Handler: 1.3.6.1.4.1.1466.20037 >>>> > [2011-03-05 07:24:03,106] INFO >>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended >>>> Request >>>> > Handler: 1.3.6.1.4.1.18060.0.1.6 >>>> > [2011-03-05 07:24:03,116] INFO >>>> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of an >>>> LDAP >>>> > Service (10389) is completed. >>>> > [2011-03-05 07:24:03,116] INFO >>>> > {org.apache.directory.server.ldap.LdapServer} - Ldap service started. >>>> > [2011-03-05 07:24:03,116] INFO >>>> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server >>>> started. >>>> > [2011-03-05 07:24:03,139] INFO >>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>> Partition >>>> > directory - >>>> > >>>> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root >>>> > already exists. >>>> > [2011-03-05 07:24:03,140] INFO >>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>> > Partitionroot created from existing partition directory. <-- >>>> Partitionroot >>>> > or Partition Root >>>> > [2011-03-05 07:24:03,211] INFO >>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>> > Partitionroot added to directory service. >>>> >>>> Do we have to show all these INFO messages? >>>> >>>> We can get rid of some of above log messages, if you think that they >>>> are redundant. We can suppress the INFO messages comming from apacheds >>>> implementation in log4j properties file. Also we can remove some log >>>> messages from the code. >>>> >>>> >>>> > >>>> > -- >>>> > Afkham Azeez >>>> > Senior Software Architect & Senior Manager; WSO2, Inc.; >>>> http://wso2.com, >>>> > >>>> > Member; Apache Software Foundation; http://www.apache.org/ >>>> > email: [email protected] cell: +94 77 3320919 >>>> > blog: http://blog.afkham.org >>>> > twitter: http://twitter.com/afkham_azeez >>>> > linked-in: http://lk.linkedin.com/in/afkhamazeez >>>> > >>>> > Lean . Enterprise . Middleware >>>> > >>>> > _______________________________________________ >>>> > Carbon-dev mailing list >>>> > [email protected] >>>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>> > >>>> > >>>> >>> >>> >> >> >> -- >> *Afkham Azeez* >> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, >> * >> * >> *Member; Apache Software Foundation; >> **http://www.apache.org/*<http://www.apache.org/> >> * >> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >> twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >> * >> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >> * >> * >> *Lean . Enterprise . Middleware* >> >> > > _______________________________________________ > Carbon-dev mailing list > [email protected] > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thanks & Regards, Prabath http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
