Thursday Nov 06, 2008

GlassFish v3 Prelude and LDAP

Glassfish V3Today, Sun announced the immediate availability of GlassFishTM Application Server v3 Prelude and its commercially supported counterpart, Sun GlassFish Enterprise Server v3 Prelude.

The list of benefits and features of GlassFish v3 Prelude is long and impressive.
One thing I did not see on the list but is present and working very well is LDAP support.

In the OpenDS project we document "How to secure web applications deployed in GlassFish with OpenDS". The example is written for GlassFish v2 but continues to work with GlassFish v3 Prelude.

You can also run OpenDS LDAP directory server, embedded in a Web Application deployed in GlassFish
Or deploy OpenDS DSML Gateway in GlassFish 

Learn more about GlassFish v3 Prelude in these three videos: Introducing GlassFish v3 Prelude, What's New in GlassFish v3 Prelude?, and Java EE 6 and GlassFish. Or on The Aquarium UStream.TV channel.

Edit on Nov 7th.

I forgot to mention that there will be a chapter dedicated to OpenDS on the coming book : GlassFish in Action (and it looks like the chapter is already available in the Manning Early Access Program). 

Technorati Tags: , , , , ,

Thursday Oct 02, 2008

Code for Freedom 2008

 Communities Univ Codeforfreedom Images L0 CodecontestSun announced Code For Freedom 2008, an open source code contest opened to any student of an accredited Indian Educational institution.

With this contest Sun intend to involve the large student community to join the open source movement by contributing to the various open source initiatives that Sun espouses.

The various Sun Technologies one can work on are: GlassFish, GridEngine, JavaDB,, Mobile & Embedded, MySQL, NetBeans, OpenDS, Open ESB, OpenJDK, OpenCDS, Open HA, Cluster,, OpenSPARC, OpenSSO, OpenSolaris, PostgreSQL, VirtualBox.

The complete details are here.

Have fun !

Technorati Tags: , , , , , ,

Monday Sep 29, 2008

Another OpenDS - GlassFish tutorial

Java evangelist John Yeary just posted a detailed, well illustrated tutorial for setting up LDAP based authentication and authorization with GlassFish and OpenDS. The tutorial is similar to the one published on OpenDS Wiki a while ago, but adds the required steps to enable SSL and completely secure the authentication phase.

Technorati Tags: , , , , ,

Friday Jan 25, 2008

A successful technical software event...

The Technical software event organized last week in Grenoble Engineering Center has been a great success. Kudos to Dominique, a great G.O.

The attendance exceeded our expectations (and almost our room capacity). There was more than 190 persons over the 4 days, an average of 100 attendees per day (and nearly 120 on the first dat), coming from 20 different countries.

DSC_8015.jpgOn the Thursday and Friday, all the Campus Ambassadors from France attended the presentations and some additional meetings with their mentors and Dan Berg, CTO GSS & VP EMEA Systems Engineering.



Below some of our guest speakers : Dan Berg, Alban Richard -Director of the Directory Services Engineering and Grenoble Site Leader-, Roman Strobl -aka Mr. NetBeans-, Gilles Gravier -OpenSolaris and open source enthousiast-, Alexis Moussine-Pouchkine -GlassFish evangelist and emeritus skier-.

DSC_8019-tm.jpg DSC_7977.jpg DSC_8029.jpg DSC_8004.jpg DSC_7982.jpg

DSC_8025.jpgOn Friday, I presented an introduction to the OpenDS project (PDF) in the general session and in the afternoon a 2 hours session demoing the basic features and principles of OpenDS. There is some feedback to the developer team with regards to dsconfig and usability, an area where we haven't really focused so far.

There has been other reports on the event, by Dominique [1], [2], [3]. [4], Alexis.

Technorati Tags: , , , , , , ,

Monday Sep 17, 2007

Glassfish v2 and Directory Services... with OpenDS

While on the same subject of the interaction between Glassfish and directory servers, Trey Drake posted a few months ago details on how to integrate OpenDS and Glassfish for authentication and authorization.

But there are other ways to leverage OpenDS and Glassfish. As OpenDS is a pure Java application, it can be embedded in other Java application or web application, running in the same JVM. And with its built-in multi-master replication, OpenDS can provide high-availability for users and groups within a cluster of Sun Java System Application Servers.

Technorati Tags: , , , , ,

Glassfish v2 and Directory Services...

Glassfish v2 and its companion Sun branded product Sun Java System Application Server 9.1 are being released today, delivering enterprise grade application servers.

Glassfish and Sun Directory Server Enterprise Edition have been playing well with each other for a long time now.

On one side, Glassfish v2 delivers by default an LDAP realm allowing centralization of Users and Groups into Sun Directory Server, integrating the application server with enterprises identity management solutions.

On the other side, Directory Server Enterprise Edition 6.x contains a couple of web applications (the Directory Service Control Center and Directory Editor) that can be easily deployed in Glassfish v2. The following blog posts are providing the details:

Technorati Tags: , , , , , ,

Tuesday Jul 10, 2007

Deploying Directory Service Control Center in Glassfish v2...

Directory Server Enterprise Edition 6.1 introduced the ability to deploy the Console GUI (Directory Services Control Center alias DSCC) in any supported Application Server when installing using the Zip distribution (with Native distribution, aka Java ES installation, DSCC is deployed in Sun Web Console and already fully functional).
Note that as of today only Sun Application Server 8.2 and Tomcat 5.5 are supported.

So here's a description on how to install DSEE 6.1, deploy DSCC in Glassfish v2 and use it to create new instances of Directory Server.

Installing DSEE 6.1

Download the DSEE 6.1 full install tar.gz file.
Expand it in a temporary directory.

/tmp/dsee61 > ls
dsee_data    dsee_deploy  idsktune

Install DSEE. With DSEE 6.1, there is no longer the choice to install just a part of DSEE. All binaries are installed, but no service is running. It will be up to you to chose which service (DS or DPS...) to enable and configure.
The -I option prevents interaction and does an implicit approval of the license. The -N option removes the checks for cacao ports, and does not enable it, although it is configured.

/tmp/dsee61 > dsee_deploy install -i /local/demo/dsee61 -I -N
Sun Microsystems, Inc. ("Sun") SOFTWARE LICENSE AGREEMENT ("SLA") and
... < Full license text here> ...

By using the --no-inter option, you have implicitly accepted the license

Checking running Directory Server instances
Checking running Directory Proxy Server instances
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Unzipping ...
Creating WAR file for Console

Configuring Cacao at /local/demo/dsee61/dsee6/cacao_2
Setting Cacao parameter jdmk-home with default value [/local/demo/dsee61/dsee6/private]
Setting Cacao parameter java-home with default value [/local/demo/dsee61/jre]
Setting Cacao parameter nss-lib-home with default value [/local/demo/dsee61/dsee6/private/lib]
Setting Cacao parameter nss-tools-home with default value [/local/demo/dsee61/dsee6/bin]
Registering console agent into cacao
Registering JESMF agent into Cacao
You can now start your Directory Server Instances
You can now start your Directory Proxy Server Instances

Configuring Glassfish v2

I installed Glassfish v2 beta 2 build (downloaded from here <> , following the installation instructions)

Add the following lines in the {install-dir}/domains/domain1/config/server.policy file

// Permissions for Directory Service Control Center
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/DSCC/-"

Deploying the web application from the local directory

Once Glassfish has been installed and started, log onto the console (default is http://localhost:4848/).

DsccdeploySelect the Application / Web Applications and click the Deploy button.

Select the Location and a Local packaged file or directory. Browse the disk to locate the dscc.war file (or type the full path directly: /local/demo/dsee61/var/dscc6/dscc.war).
Set the application name to DSCC (same as in the server.policy file).
Click Ok.

Tuning and starting Cacao

Cacao is a Agent container that is available by default on Solaris systems and has been ported to all Java Enterprise System supported platforms. On Solaris or if you have multiple installations of DSEE on the same host, you need to tune Cacao and more specifically the ports it listens to.

ludo:cacao_2 > pwd
ludo:cacao_2 > ./usr/sbin/cacaoadm stop
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param snmp-adaptor-port=21161
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param snmp-adaptor-trap-port=21162
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param jmxmp-connector-port=21162
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param commandstream-adaptor-port=21163
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param  rmi-registry-port=21164
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param secure-webserver-port=21165
ludo:cacao_2 > ./usr/sbin/cacaoadm start

Note that you may not need to change all ports (most of them are unused), but it's safer.
DSCC makes only use of the jmxmp-connector-port

Initializing DSCC

We're almost done. But before using the console, it is still needed to initialize some parts of the system.

ludo:dsee61 > pwd
ludo:dsee61 > dscc6/bin/dsccsetup initialize

DSCC Application cannot be registered because it is not installed
DSCC Agent is already registered
Choose password for Directory Service Manager:  aPassword
Confirm password for Directory Service Manager:  aPassword
Creating DSCC registry...
DSCC Registry has been created successfully

Using DSCC

You can either select the Web Application and click on Launch in the Glassfish Administration GUI
Or open your browser and type the DSCC app URL : http://ludo.france:8080/dscc

Authenticate as admin and Directory Service Manager's password (the one specified during the DSCC initialization).

And you can now create new Directory instances from the Console...
Dsccnewds Dsccnewdsdone

Or register an existing instance to DSCC Registry:

ludo:dsee61 > dscc6/bin/dsccreg add-server /local/demo/dsee61/instances/ds1
Enter DSCC administrator's password:
/local/demo/dsee61/instances/ds1 is an instance of DS
Enter password of "cn=Directory Manager" for /local/demo/dsee61/instances/ds1:
This operation will restart /local/demo/dsee61/instances/ds1.
Do you want to continue ? (y/n) y
Connecting to /local/demo/dsee61/instances/ds1
Enabling DSCC access to /local/demo/dsee61/instances/ds1
Restarting /local/demo/dsee61/instances/ds1
Registering /local/demo/dsee61/instances/ds1 in DSCC on localhost.

Once it is registered, it can be managed with DSCC.

Technorati Tags: , , ,


This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo


« July 2016