Hi all, Let me add bit more context here.
Registering an organization(creating a tenant) was originated from AF in app cloud. By upon receiving a tenant registration request to AF node, AF node trigger tenant creation in Stratos nodes(namely Dev,Test,Prod Stratos manager nodes). All above nodes make use of a single LDAP and tenant admin user is created only by AF node. But other nodes kept updating the password of this tenant admin with the same value received from initial tenant registration flow. In cloud setup, we are changing the tenant creation flow as below. 1. Tenant creation is initiated by cloud management application upon organization registration. This create a tenant structure in LDAP and userstore database. 2. Tenant admin logins and click on app cloud. This triggers tenant creation process in Stratos nodes. Based on above flow, we do not have the tenant admin password in 2nd step above. I am +1 on coming up with a custom userstore manager due to 1. Minimal changes on existing flow where new userstore manager is plugged in with config changes. 2. Cloud already making use of a custom userstore manager, hence introduction of new method is simple. 3. Cloud management application already validates the password requirements in front-end layers, hence ignoring the empty password update at the backend is acceptable rather patching the kernel with API changes. thank you. On Wed, Jul 22, 2015 at 12:13 PM, Punnadi Gunarathna <[email protected]> wrote: > hi All, > > In AF latest deployment, AF has a separate UM and Registry database where > as Straos side has a separate UM and registry database. All are pointing to > same LDAP. > > Once the tenant get registered, login to AF side and click on app cloud, > a listener will be invoked in Stratos side which does addTenant process. > Since the user is logged in, the tenant password is set to a garbage value > and it will be sent to Stratos side. This will update the tenant admin > password to a garbage value with persistTenant method in TenantPesistor [1] > (Line no 204). > > We thought of writing a custom userstore and override > updateCredentialByAdmin as follows: > > Send either an empty password or a constant from AF side and password > update will not happen in override method by checking that condition. > > Please share your thoughts. > > > [1] > https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/stratos/tenant-mgt/org.wso2.carbon.tenant.mgt.core/2.2.0/src/main/java/org/wso2/carbon/tenant/mgt/core/ > -- > Thanks and Regards, > > Punnadi Gunarathna > Senior Software Engineer, > WSO2, Inc.; http://wso2.com <http://wso2> > Blog: http://hi-my-world.blogspot.com/ > Tel : 94 11 214 5345 > Fax :94 11 2145300 > > > > <http://lalajisureshika.blogspot.com/> > -- Manjula Rathnayaka Associate Technical Lead WSO2, Inc. Mobile:+94 77 743 1987
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
