On Wed, Jul 22, 2015 at 12:49 PM, Manjula Rathnayake <[email protected]> wrote:
> Hi all, > > Let me add bit more context here. > > Registering an organization(creating a tenant) was originated from AF in > app cloud. By upon receiving a tenant registration request to AF node, AF > node trigger tenant creation in Stratos nodes(namely Dev,Test,Prod Stratos > manager nodes). All above nodes make use of a single LDAP and tenant admin > user is created only by AF node. But other nodes kept updating the password > of this tenant admin with the same value received from initial tenant > registration flow. > > In cloud setup, we are changing the tenant creation flow as below. > 1. Tenant creation is initiated by cloud management application upon > organization registration. This create a tenant structure in LDAP and > userstore database. > 2. Tenant admin logins and click on app cloud. This triggers tenant > creation process in Stratos nodes. > > Based on above flow, we do not have the tenant admin password in 2nd step > above. > > I am +1 on coming up with a custom userstore manager due to > 1. Minimal changes on existing flow where new userstore manager is plugged > in with config changes. > 2. Cloud already making use of a custom userstore manager, hence > introduction of new method is simple. > 3. Cloud management application already validates the password > requirements in front-end layers, hence ignoring the empty password update > at the backend is acceptable rather patching the kernel with API changes. > IIUC this custom userstore manager needs to be used at stratos manager, correct? In our setup, we already have a custom userstore manager and we will have to override the method you have mentioned, correct? If so, what will happen when we use the same userstore manager in AF instance or the appserver where tenant creation happens? Feels like I am missing something. May be the logic on how to decide to not to update the password? > > thank you. > > > > On Wed, Jul 22, 2015 at 12:13 PM, Punnadi Gunarathna <[email protected]> > wrote: > >> hi All, >> >> In AF latest deployment, AF has a separate UM and Registry database where >> as Straos side has a separate UM and registry database. All are pointing to >> same LDAP. >> >> Once the tenant get registered, login to AF side and click on app cloud, >> a listener will be invoked in Stratos side which does addTenant process. >> Since the user is logged in, the tenant password is set to a garbage value >> and it will be sent to Stratos side. This will update the tenant admin >> password to a garbage value with persistTenant method in TenantPesistor [1] >> (Line no 204). >> >> We thought of writing a custom userstore and override >> updateCredentialByAdmin as follows: >> >> Send either an empty password or a constant from AF side and password >> update will not happen in override method by checking that condition. >> >> Please share your thoughts. >> >> >> [1] >> https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/stratos/tenant-mgt/org.wso2.carbon.tenant.mgt.core/2.2.0/src/main/java/org/wso2/carbon/tenant/mgt/core/ >> -- >> Thanks and Regards, >> >> Punnadi Gunarathna >> Senior Software Engineer, >> WSO2, Inc.; http://wso2.com <http://wso2> >> Blog: http://hi-my-world.blogspot.com/ >> Tel : 94 11 214 5345 >> Fax :94 11 2145300 >> >> >> >> <http://lalajisureshika.blogspot.com/> >> > > > > -- > Manjula Rathnayaka > Associate Technical Lead > WSO2, Inc. > Mobile:+94 77 743 1987 > -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
