THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
anchortop
- ApacheDS Core:
Server's core contains all backend subsystems. It depends on protocol and uses it with seda to service LDAP requests. The core contains the JNDI provider, interceptor framework, interceptor services, the schema subsystem and the database subsystem. Hence the core is the heart of the server.
- ApacheDS Shared:
Created to eliminate cyclic project dependencies between the core and the maven plug-in. Any code shared across modules in general can go here so long as it does not depend on other modules.
...
At this point in time, Geronimo only provides LDAP viewing capabilities, editing is not there yet but adding this feature is in plan for the next releases of Geronimo. You will have to use an external LDAP client such as ldapbrowser/editor, jxplorer or gq for editing the configurations of the Directory Server in Geronimo.
This article is organized in the following sections:
...
Starting the LDAP server
In this release of Geronimo, the Apache Directory v0.92 is already included with the distribution although it is not started by default. You can either start the server from command line using the deployer tool or via the Geronimo Administration Console.
...
LDAP sample application
For your conveniece convenience we have prodived provided the sample application and deployment plans packaged into a zip file.
Download the sample application from the following URL:
After extracting the zip file a ldap-sample-app directory is created, from now on this directory will be referred as <ldap_home>.
At this point it is assumed that you have installed an LDAP client and you are capable of exporting/importing an .ldif file to a directory server.
Add LDAP entries
Source Code
You can checkout the source code of this sample from SVN:
svn checkout http://svn.apache.org/repos/asf/geronimo/samples/trunk/samples/ldap-sample-app
Add LDAP entries
Ensure that Geronimo is up and running and the Directory service is started. Ensure that Geronimo is up and running and the Directory service is started. Start your LDAP client and create a new connection profile with the following values:
Host: | <localhost> |
Port: | 1389 10389 |
Base DN: | ou=system |
User DN: | uid=admin,ou=system |
Password: | secret |
Once you connect to the Geronimo Directory server you will see the initial configuration, this configuration can be exported as a backup in a ldif file. Depending the LDAP client you are using the export/import steps will be different. When you For example, to export the initial configuration you get an ldif file with a content similar as the one shown in the following example.
...
| borderStyle | solid |
|---|---|
| title | export.ldif |
using the ldapsearch tool execute the following command:
ldapsearch -h localhost -p 10389 -b "ou=system" -D "
...
uid=admin,
...
ou=system" -w secret -x "(objectclass=*)"
When you export the initial configuration you get an ldif file with a content similar as the one shown in the following example.
...
Now you need to import the entries needed to run the sample application. Packaged with the sample application is a sample .ldif file with all the entries necessary to run the LDAP sample application, this file is located in <ldap_home>/ldap-sample.ldif. To import the data with ldapmodify tool execute the following command:
ldapmodify -h localhost -p 10389 -D "uid=admin,ou=system" -w secret -x -a -f <ldap_home>/ldap-sample.ldif
The following example shows the content of the ldap-sample.ldif file.
...
...
Once the file is imported you should get a confirmation that five entries were successfully imported.
...
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ldap-realm.xml and the content is illustrated in the following example.
...
This deployment plan tell Geronimo all the connection and search paraments against the LDAP database. This plan also specifies to record each login attempt into the login-attempts.log log file.
...
Once deployed you should see a confirmation message similar to the following example:No Format
#000000
Back to Top
For further details refer to the LDAP Realm section.
...
The deployment plans are located in the <ldap_home>/WEB-INF directory. Clearly, geronimo-web.xml is the Geronimo specific deployment plan. It provides the details on what security realm to use and user role mappings as well as the Geronimo specific namespace used to identify the elements in the security configuration. Common to other types of applications, not just security, the deployment plan also provides the main namespace for the deployment plan, a module identification (optional), a parent module configuration ID (also optional) and a context root. The following example illustrates the Geronimo specific deployment plan.
...
The first part of the deployment plan is straight forward. However, the security configuration is tricky. The <security-realm-name> is described in the <security> element through a sequence of declarations in the <realms> element.
While the web.xml specifies the security roles, the geronimo-web.xml maps to which specific users or groups in the Geronimo security realms they belong to. If there is a user that is not logged in, it defaults to what is defined in the <default-principal> element.
There are two roles that are issued in this project: content-administrator and guest. And they each hold two principals: a GeronimoGroupPrincipal and a GeronimoUserPrincipal. Since the 'designated-run-as' flag is turned on for some principals, they will be the ones used if the deployable has a run-as role set in the web.xml.
Note that these role mappings will be overridden by the actual roles (what users pertaining to what groups) defined in the LDAP server. Ultimately it is the realm defined in the application deployment plan who determines the velidation validation method. Nevertheless, for this particular example, you still need to define principals and role mappings as determined in the XML schemas
The web.xml deployment descriptor shown in the following example (also located in the <ldap_home>/WEB-INF diretory) adds security constraints based on the location of the files.
...
...
Package the sample application
...
This command will package all the existing files and directories inside <ldap_home>. Although not needed inside the .war file, the ldap-realm.xml and ldap-sample.ldif files will also be included.
Deploy and test the application
To deploy the LDAP sample application make sure the Geronimo server is up and running. Open a command line window, change directory to <geronimo_home>/bin and run the following command:
...
Once the Web application is successfully deployed you should see a confirmation message similar as the one shown in the following example:
No Format
To test the LDAP application open a Web browser and access the following URL:
...