On Sun, Mar 6, 2011 at 10:12 PM, Afkham Azeez <[email protected]> wrote:
> Is Hasini working on this? I got this to working condition about three weeks before. What is left to do in this space is moving some hard coded configurations to tenant-mgt.xml. > Can we start testing this immediately? Yes, This can be tested with stratos, as it is now. > > > On Sun, Mar 6, 2011 at 10:01 PM, Prabath Siriwardana <[email protected]>wrote: > >> In the case of Stratos - we do not need to have the embedded LDAP - but it >> will be a separate LDAP server. We need to test the OU based tenant >> isolation we did with LDAP in Stratos.. > > +1 > >> Thanks & regards, >> -Prabath >> >> >> On Sun, Mar 6, 2011 at 2:56 PM, Hasini Gunasinghe <[email protected]>wrote: >> >>> >>> >>> On Sun, Mar 6, 2011 at 1:06 PM, Afkham Azeez <[email protected]> wrote: >>> >>>> Have you tested this with Stratos? >>> >>> Not with a complete Stratos setup. >>> How I tested this was: installing multi tenancy feature to IS using >>> necessary stratos components built from stratos branch. >>> >>> Do we need to do any LDAP initialization when the tenant >>>> ConfigurationContext is created? >>> >>> Sorry, at the moment I do not have an idea what is tenant >>> ConfiguratioContext. >>> >>> But, as I understood your question, if you use embedded-ldap server in >>> carbon core, you do not have to initialize LDAP since it is started with >>> carbon server. >>> If you use an external LDAP, then you need to start up a LDAP server and >>> point the user-mgt.xml to that. >>> >>>> >>>> >>>> On Sun, Mar 6, 2011 at 11:45 AM, Hasini Gunasinghe <[email protected]>wrote: >>>> >>>>> >>>>> >>>>> On Sat, Mar 5, 2011 at 11:13 PM, Amila Jayasekara <[email protected]>wrote: >>>>> >>>>>> Hi Azeez, >>>>>> >>>>>> Please find answers inline. >>>>>> >>>>>> Thanks >>>>>> AmilaJ >>>>>> >>>>>> On Fri, Mar 4, 2011 at 5:59 PM, Afkham Azeez <[email protected]> wrote: >>>>>> Can somebody briefly explain what were the changes that were carried >>>>>> out to >>>>>> Carbon core to make this work? Where these ports can be defined >>>>>> >>>>>> The apacheds server code is wrapped as an OSGi bundle in >>>>>> orbit/apacheds component. org.wso2.carbon.ldap.server is the component >>>>>> which is responsible for managing LDAP server. It starts, stops LDAP >>>>>> server, in addition it also does partition management. >>>>> >>>>> Hi, >>>>> >>>>> >>>>>> This component >>>>>> starts before user core in carbon. >>>>>> >>>>> >>>>> Can I please know how have we specified that this component starts >>>>> before user-core? >>>>> >>>>> The LDAP server specific configurations reside in a file called >>>>>> embedded-ldap.xml in repository/conf (In <EmbeddedLDAP> configuration >>>>>> segment). You can change parameters like, ports, connection passwords >>>>>> in this file. In addition to LDAP server specific configurations, it >>>>>> also has KDC specific configurations. >>>>>> >>>>>> ,what the following messages mean etc. >>>>>> >>>>>> Log messages starting with org.apache.directory.server.ldap.LdapServer >>>>>> are coming from apacheds implementation. >>>>>> LDAP server needs a schema to construct the initial LDAP tree >>>>>> structure. The default schema for the LDAP server is located at >>>>>> repository/data as a zip file (is-default-schema.zip). Thus when we >>>>>> start server for the first time apacheds component will extract this >>>>>> zip file and create a schema directory. In addition, when we start >>>>>> embedded LDAP for the first time it creates a default partition. The >>>>>> default partition name and other properties are read from the >>>>>> embedded-ldap.xml configuration file (<DefaultPartition>). The latter >>>>>> messages you see in the log are relevant to above actions. >>>>>> >>>>>> How MT ins handled >>>>>> >>>>>> I assume MT=Multi-tenancy. >>>>> >>>>> >>>>>> Hasini: Please explain how MT is handled with embedded-ldap. >>>>>> >>>>> >>>>> We have two ways that we can make LDAP user-store multi-tenanted. >>>>> >>>>> 1. Creating a new partition (i.e new directory tree) for each tenant. >>>>> This is specific to embedded-apacheds because here we use their API. >>>>> 2. Creating a new context ('ou' by default) under same directory tree, >>>>> for each tenant. This is generic because here we use JNDI and hence, not >>>>> coupled with any LDAP server implementation. >>>>> >>>>> We can use any of the above methods with embedded-ldap comes in core. >>>>> But we can only use the second method above with an external LDAP. >>>>> >>>>> Let me briefly describe implementation details of two methods. >>>>> >>>>> 1st Method: >>>>> i. In tenant-mgt.xml we specify "HybridLDAPTenantManager" as the >>>>> tenant manager which is initialized when the user-core starts. (at >>>>> DefaultRealmService.) >>>>> ii. At the start of ldap.server component, we register an >>>>> implementation of LDAPTenantManager in OSGi registry, through which >>>>> managing >>>>> partitions of tenants happens. >>>>> iii. HybridLDAPTenantManager uses a reference of an above registered >>>>> LDAPTenantManager service, to handle tenant mgt with LDAP. >>>>> iv. Users and groups of a particular tenant is stored inside its >>>>> partition. >>>>> v. In stratos-tenant-mgt component, tenant specific user-mgt.xml is >>>>> stored in registry/JDBC database which is used to map the tenant to >>>>> specific >>>>> partition. >>>>> >>>>> I have included a class diagram and a screenshot related to this >>>>> here<http://hasini-gunasinghe.blogspot.com/2011/01/tenant-management-in-wso2-carbon-with.html> >>>>> . >>>>> >>>>> 2nd Method: >>>>> i. In tenant-mgt.xml we specify "CommonHybridLDAPTenantManager" as >>>>> the tenant manager which is initialized when the user-core starts. >>>>> ii. Users and groups of a particular tenant is stored under its >>>>> context. >>>>> iii. In stratos-tenant-mgt component, tenant specific user-mgt.xml is >>>>> stored in registry/JDBC database which is used to map the tenant to >>>>> specific >>>>> context. >>>>> >>>>> Common remarks regarding both the methods: >>>>> 1. Hybrid approach is used where mapping between tenant and the >>>>> user-mgt.xml, and other meta-data is stored in JDBC database. >>>>> 2. Class names used for tenant manager at each scenario is not that >>>>> clear. We may need to rename them. >>>>> >>>>> Thanks, >>>>> Hasini. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> etc. Sorry, I wasn't >>>>>> > following the entire conversation. >>>>>> > [2011-03-05 07:24:03,001] INFO >>>>>> > {org.wso2.carbon.ldap.server.DirectoryActivator} - Starting >>>>>> directory >>>>>> > service on port 10389 >>>>>> > [2011-03-05 07:24:03,022] INFO >>>>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended >>>>>> Request >>>>>> > Handler: 1.3.6.1.4.1.1466.20037 >>>>>> > [2011-03-05 07:24:03,106] INFO >>>>>> > {org.apache.directory.server.ldap.LdapServer} - Added Extended >>>>>> Request >>>>>> > Handler: 1.3.6.1.4.1.18060.0.1.6 >>>>>> > [2011-03-05 07:24:03,116] INFO >>>>>> > {org.apache.directory.server.ldap.LdapServer} - Successful bind of >>>>>> an LDAP >>>>>> > Service (10389) is completed. >>>>>> > [2011-03-05 07:24:03,116] INFO >>>>>> > {org.apache.directory.server.ldap.LdapServer} - Ldap service >>>>>> started. >>>>>> > [2011-03-05 07:24:03,116] INFO >>>>>> > {org.wso2.carbon.apacheds.impl.ApacheLDAPServer} - LDAP server >>>>>> started. >>>>>> > [2011-03-05 07:24:03,139] INFO >>>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>>>> Partition >>>>>> > directory - >>>>>> > >>>>>> /Users/azeez/projects/wso2/org/trunk/carbon/products/appserver/modules/distribution/target/wso2appserver-4.1.0-SNAPSHOT/repository/data/org.wso2.carbon.directory/root >>>>>> > already exists. >>>>>> > [2011-03-05 07:24:03,140] INFO >>>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>>>> > Partitionroot created from existing partition directory. <-- >>>>>> Partitionroot >>>>>> > or Partition Root >>>>>> > [2011-03-05 07:24:03,211] INFO >>>>>> > {org.wso2.carbon.apacheds.impl.ApacheDirectoryPartitionManager} - >>>>>> > Partitionroot added to directory service. >>>>>> >>>>>> Do we have to show all these INFO messages? >>>>>> >>>>>> We can get rid of some of above log messages, if you think that they >>>>>> are redundant. We can suppress the INFO messages comming from apacheds >>>>>> implementation in log4j properties file. Also we can remove some log >>>>>> messages from the code. >>>>>> >>>>>> >>>>>> > >>>>>> > -- >>>>>> > Afkham Azeez >>>>>> > Senior Software Architect & Senior Manager; WSO2, Inc.; >>>>>> http://wso2.com, >>>>>> > >>>>>> > Member; Apache Software Foundation; http://www.apache.org/ >>>>>> > email: [email protected] cell: +94 77 3320919 >>>>>> > blog: http://blog.afkham.org >>>>>> > twitter: http://twitter.com/afkham_azeez >>>>>> > linked-in: http://lk.linkedin.com/in/afkhamazeez >>>>>> > >>>>>> > Lean . Enterprise . Middleware >>>>>> > >>>>>> > _______________________________________________ >>>>>> > Carbon-dev mailing list >>>>>> > [email protected] >>>>>> > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>>>>> > >>>>>> > >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> *Afkham Azeez* >>>> Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com >>>> , >>>> * >>>> * >>>> *Member; Apache Software Foundation; >>>> **http://www.apache.org/*<http://www.apache.org/> >>>> * >>>> email: **[email protected]* <[email protected]>* cell: +94 77 3320919 >>>> blog: **http://blog.afkham.org* <http://blog.afkham.org>* >>>> twitter: >>>> **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> >>>> * >>>> linked-in: **http://lk.linkedin.com/in/afkhamazeez* >>>> * >>>> * >>>> *Lean . Enterprise . Middleware* >>>> >>>> >>> >>> _______________________________________________ >>> Carbon-dev mailing list >>> [email protected] >>> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >>> >>> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> http://blog.facilelogin.com >> http://RampartFAQ.com >> > > > > -- > *Afkham Azeez* > Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, > * > * > *Member; Apache Software Foundation; > **http://www.apache.org/*<http://www.apache.org/> > * > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > >
_______________________________________________ Carbon-dev mailing list [email protected] http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
