Date: 2005-02-09T23:16:13 Editor: JamesMason Wiki: Jakarta-Slide Wiki Page: JNDIPrincipalStoreSetup URL: http://wiki.apache.org/jakarta-slide/JNDIPrincipalStoreSetup
Copied information from javadoc New Page: #pragma section-numbers off The JNDI!PrincipalStore is a read-only Store implementation for retrieving Slide users and roles from an LDAP server. It has been tested with Novell's eDirectory version 8.6.2. Other LDAP servers should work. == Prerequisites == To use this Store your app server must be setup to authenticate users using the LDAP server. For Tomcat 5 see [http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JNDIRealm this]. You cannot use the SlideRealm to authenticate users because this Store does not expose a password property. == Store Parameters == Parameters used in Domain.xml when setting up the Store. `cache.refresh.checkrate` How often, in seconds, the cache refresh thread should check for Uris in the cache that need to be refreshed. The default value is "15". See [#cacherefreshing Cache Refreshing] for more information. `cache.refresh.rate` How frequently, in seconds, Uris that are marked for refreshing should be refreshed. This value must be less than the !TimeToLive and !TimeToIdle (whichever is least) parameters specified for the EHCache in order for the items to never expire. The default value is "800". See [#caching Caching] and [#cacherefreshing Cache Refreshing] for more information. `cache.refresh.threshold` The maximum amount of time, in milliseconds, that retrieve* methods can take before the Uri they are retrieving is scheduled for refreshing. By tuning this parameter you can keep smaller, infrequently accessed Uris from perpetually remaining in the cache. This may improve cache performance. See [#cacherefreshing Cache Refreshing] for more information. `jndi.container` The base LDAP context you wish to search. Example: ou=Users,o=Company `jndi.attributes.rdn` The attribute used to uniquely identify the objects you're fetching. Usually uid or cn. `jndi.attributes.userprincipalname` The attribute used to provide a user/role name which is mapped into Slide instead of the path name. This attribute is optional. `jndi.search.filter` The filter string to use for the search. Example: (objectClass=inetOrgPerson). The default value is (objectClass=*). See the [http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String,%20javax.naming.directory.SearchControls) DirContext.search()] javadoc. `jndi.search.scope` The Scope of the search. Can be one of OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE. The default value is ONELEVEL_SCOPE. See the [http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/SearchControls.html#OBJECT_SCOPE SearchControls] javadoc. `jndi.search.attributes` A comma delimited list of the attributes you want returned with your search results. Example: givenName, uid, mail. The default value is cn. `java.naming.*` Parameters for connecting to the LDAP server. See the [http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/InitialContext.html InitialContext] javadoc. [[Anchor(caching)]] == Caching == This Store makes use of [http://ehcache.sourceforge.net/ EHCache]. You will need ehcache.jar in order to use this Store. When initialized the default !CacheManager is used to find a Cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore". If there is no Cache found with this name then a Cache is created with these default values: * name = org.apache.slide.store.txjndi.JNDI!PrincipalStore * maxElementsInMemory = 200 * eternal = false * timeToIdleSeconds = 900 * timeToLiveSeconds = 900 * overflowToDisk = true To override these values you will need to create a configuration file for EHCache with a cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore" that has the settings you wish. See the documentation at the [http://ehcache.sourceforge.net/ EHCache website] for instructions. [[Anchor(cacherefreshing)]] == Cache Refreshing == Because the data delivered by this Store is managed externally to Slide the data cache must be periodically expired to pick up any changes. Because creating object Nodes can take a long time for LDAP queries that return a lot of objects, larger queries need to be preemptively refreshed before a user makes a request to an expired object. The retrieveObject() and retrieveNodeDescriptor() methods monitor the amount of time it takes them to return for each Uri. If the method takes longer than a specified amount of time (configured with the cache.refresh.threshold parameter) the Uri is marked as needing to be refreshed. Upon initialization the Store spawns a child thread that periodically checks for Uris that need to be refreshed. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
