Monday Sep 17, 2007

Glassfish v2 and Directory Services... with OpenDS

While on the same subject of the interaction between Glassfish and directory servers, Trey Drake posted a few months ago details on how to integrate OpenDS and Glassfish for authentication and authorization.

But there are other ways to leverage OpenDS and Glassfish. As OpenDS is a pure Java application, it can be embedded in other Java application or web application, running in the same JVM. And with its built-in multi-master replication, OpenDS can provide high-availability for users and groups within a cluster of Sun Java System Application Servers.

Technorati Tags: , , , , ,

Glassfish v2 and Directory Services...

Glassfish v2 and its companion Sun branded product Sun Java System Application Server 9.1 are being released today, delivering enterprise grade application servers.

Glassfish and Sun Directory Server Enterprise Edition have been playing well with each other for a long time now.

On one side, Glassfish v2 delivers by default an LDAP realm allowing centralization of Users and Groups into Sun Directory Server, integrating the application server with enterprises identity management solutions.

On the other side, Directory Server Enterprise Edition 6.x contains a couple of web applications (the Directory Service Control Center and Directory Editor) that can be easily deployed in Glassfish v2. The following blog posts are providing the details:

Technorati Tags: , , , , , ,

Tuesday Jul 10, 2007

Deploying Directory Service Control Center in Glassfish v2...

Directory Server Enterprise Edition 6.1 introduced the ability to deploy the Console GUI (Directory Services Control Center alias DSCC) in any supported Application Server when installing using the Zip distribution (with Native distribution, aka Java ES installation, DSCC is deployed in Sun Web Console and already fully functional).
Note that as of today only Sun Application Server 8.2 and Tomcat 5.5 are supported.

So here's a description on how to install DSEE 6.1, deploy DSCC in Glassfish v2 and use it to create new instances of Directory Server.

Installing DSEE 6.1

Download the DSEE 6.1 full install tar.gz file.
Expand it in a temporary directory.

/tmp/dsee61 > ls
dsee_data    dsee_deploy  idsktune

Install DSEE. With DSEE 6.1, there is no longer the choice to install just a part of DSEE. All binaries are installed, but no service is running. It will be up to you to chose which service (DS or DPS...) to enable and configure.
The -I option prevents interaction and does an implicit approval of the license. The -N option removes the checks for cacao ports, and does not enable it, although it is configured.

/tmp/dsee61 > dsee_deploy install -i /local/demo/dsee61 -I -N
Sun Microsystems, Inc. ("Sun") SOFTWARE LICENSE AGREEMENT ("SLA") and
ENTITLEMENT for SOFTWARE
... < Full license text here> ...

By using the --no-inter option, you have implicitly accepted the license

Checking running Directory Server instances
Checking running Directory Proxy Server instances
Unzipping sun-ldap-base.zip ...
Unzipping sun-ldap-dsrk6.zip ...
Unzipping sun-ldap-dsrk-man.zip ...
Unzipping sun-ldapcsdk-tools.zip ...
Unzipping sun-ldapcsdk-dev.zip ...
Unzipping sun-ldap-ljdk.zip ...
Unzipping sun-ldap-jre.zip ...
Unzipping sun-ldap-shared.zip ...
Unzipping sun-ldap-shared-l10n.zip ...
Unzipping sun-ldap-directory.zip ...
Unzipping sun-ldap-directory-l10n.zip ...
Unzipping sun-ldap-directory-config.zip ...
Unzipping sun-ldap-directory-man.zip ...
Unzipping sun-ldap-directory-dev.zip ...
Unzipping sun-ldap-mfwk.zip ...
Unzipping sun-ldap-cacao.zip ...
Unzipping sun-ldap-console-agent.zip ...
Unzipping sun-ldap-console-cli.zip ...
Unzipping sun-ldap-console-common.zip ...
Unzipping sun-ldap-console-var.zip ...
Unzipping sun-ldap-jdmk.zip ...
Unzipping sun-ldap-directory-client.zip ...
Unzipping sun-ldap-directory-client-l10n.zip ...
Unzipping sun-ldap-proxy.zip ...
Unzipping sun-ldap-proxy-l10n.zip ...
Unzipping sun-ldap-proxy-man.zip ...
Unzipping sun-ldap-proxy-client.zip ...
Unzipping sun-ldap-proxy-client-l10n.zip ...
Unzipping sun-ldap-console-gui.zip ...
Unzipping sun-ldap-console-gui-help.zip ...
Unzipping sun-ldap-console-gui-l10n.zip ...
Unzipping sun-ldap-console-gui-help-l10n.zip ...
Creating WAR file for Console

Configuring Cacao at /local/demo/dsee61/dsee6/cacao_2
Setting Cacao parameter jdmk-home with default value [/local/demo/dsee61/dsee6/private]
Setting Cacao parameter java-home with default value [/local/demo/dsee61/jre]
Setting Cacao parameter nss-lib-home with default value [/local/demo/dsee61/dsee6/private/lib]
Setting Cacao parameter nss-tools-home with default value [/local/demo/dsee61/dsee6/bin]
Registering console agent into cacao
Registering JESMF agent into Cacao
You can now start your Directory Server Instances
You can now start your Directory Proxy Server Instances

Configuring Glassfish v2

I installed Glassfish v2 beta 2 build (downloaded from here <https://glassfish.dev.java.net/downloads/v2-b41d.html> , following the installation instructions)

Add the following lines in the {install-dir}/domains/domain1/config/server.policy file

// Permissions for Directory Service Control Center
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/DSCC/-"
{
permission java.security.AllPermission;
};

Deploying the web application from the local directory

Once Glassfish has been installed and started, log onto the console (default is http://localhost:4848/).

DsccdeploySelect the Application / Web Applications and click the Deploy button.

Select the Location and a Local packaged file or directory. Browse the disk to locate the dscc.war file (or type the full path directly: /local/demo/dsee61/var/dscc6/dscc.war).
Set the application name to DSCC (same as in the server.policy file).
Click Ok.

Tuning and starting Cacao

Cacao is a Agent container that is available by default on Solaris systems and has been ported to all Java Enterprise System supported platforms. On Solaris or if you have multiple installations of DSEE on the same host, you need to tune Cacao and more specifically the ports it listens to.

ludo:cacao_2 > pwd
/local/demo/dsee61/dsee6/cacao_2
ludo:cacao_2 > ./usr/sbin/cacaoadm stop
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param snmp-adaptor-port=21161
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param snmp-adaptor-trap-port=21162
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param jmxmp-connector-port=21162
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param commandstream-adaptor-port=21163
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param  rmi-registry-port=21164
ludo:cacao_2 > ./usr/sbin/cacaoadm set-param secure-webserver-port=21165
ludo:cacao_2 > ./usr/sbin/cacaoadm start

Note that you may not need to change all ports (most of them are unused), but it's safer.
DSCC makes only use of the jmxmp-connector-port

Initializing DSCC

We're almost done. But before using the console, it is still needed to initialize some parts of the system.

ludo:dsee61 > pwd
/local/demo/dsee61
ludo:dsee61 > dscc6/bin/dsccsetup initialize

\*\*\*
DSCC Application cannot be registered because it is not installed
\*\*\*
DSCC Agent is already registered
\*\*\*
Choose password for Directory Service Manager:  aPassword
Confirm password for Directory Service Manager:  aPassword
Creating DSCC registry...
DSCC Registry has been created successfully
\*\*\*

Using DSCC

You can either select the Web Application and click on Launch in the Glassfish Administration GUI
Or open your browser and type the DSCC app URL : http://ludo.france:8080/dscc

Authenticate as admin and Directory Service Manager's password (the one specified during the DSCC initialization).

And you can now create new Directory instances from the Console...
Dsccnewds Dsccnewdsdone

Or register an existing instance to DSCC Registry:

ludo:dsee61 > dscc6/bin/dsccreg add-server /local/demo/dsee61/instances/ds1
Enter DSCC administrator's password:
/local/demo/dsee61/instances/ds1 is an instance of DS
Enter password of "cn=Directory Manager" for /local/demo/dsee61/instances/ds1:
This operation will restart /local/demo/dsee61/instances/ds1.
Do you want to continue ? (y/n) y
Connecting to /local/demo/dsee61/instances/ds1
Enabling DSCC access to /local/demo/dsee61/instances/ds1
Restarting /local/demo/dsee61/instances/ds1
Registering /local/demo/dsee61/instances/ds1 in DSCC on localhost.

Once it is registered, it can be managed with DSCC.

Technorati Tags: , , ,

About

This is the blog of a senior software engineer, specialized in LDAP, Directory Server and OpenDS. Ludovic Poitou works in France at the Grenoble Engineering Center, in the Directory Services Engineering team. Outside work, I love skiing and taking photo

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today