The Penrose Project

• Overview
  • News
  • FAQ
  • Features
  • Licenses
  • Download
  • Demo
• Documentation
  • Quick Start
  • Version 1.2 (in development)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Version 1.1 (stable)
    • Complete
    • Server User Guide
    • Studio User Guide
    • Developer Guide
    • Embedding Penrose
    • Javadoc
  • Use Cases
  • Community Wiki
• Developer
  • Nightly Builds
  • Code Repository
  • Road Map
  • Change Log
  • Project Management
• Support
  • WebChat
  • Forum & List
  • Bug/Feature Tracker
  • Team
  • Contact

Fedora Directory Server

Introduction

Starting from version 1.2, Penrose can be run under Fedora Directory Server using Java Backend as a plug-in.

Prerequisites

This application has been tested with Sun JDK 1.4.2 on Fedora Core 5 and 6.

Create symbolic links for Java libraries:

cd /usr/lib
ln -s $JAVA_HOME/jre/lib/i386/libjava.so
ln -s $JAVA_HOME/jre/lib/i386/libverify.so
ln -s $JAVA_HOME/jre/lib/i386/server/libjvm.so

Installing Penrose Server

Download and install Penrose Server 1.2 or later. The installation directory will be referred to as PENROSE_SERVER_HOME.

Installing Fedora Directory Server

Download Fedora DS 1.0.4 or later, then execute:

rpm -i fedora-ds-<version>-<platform>.rpm

Follow this installation guide.

The server configuration will be installed in /opt/fedora-ds/slapd-<server name>/config.

Use the console to enable the Plug-ins Log Level in the Error Log. See this.

Installing Java Backend

Download Java Backend for Fedora DS, then execute:

rpm -i --nodeps java-backend-fedora-*.rpm

The files will be installed in /usr/local/java-backend-fedora-x.x.x. We will refer to this directory as JAVA_BACKEND_HOME.

Configuring Java Backend

In Fedora DS the plugin configuration is stored as an LDAP entry under cn=plugins,cn=config.
An example configuration file can be found in JAVA_BACKEND_HOME/conf/dse.ldif.

dn: cn=Java Backend,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Java Backend
nsslapd-pluginPath: JAVA_BACKEND_HOME/lib/java-backend-fedora.so
nsslapd-pluginInitfunc: java_backend_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: java-backend
java-backend-class: <class name>
java-backend-classpath: <Java class path>
java-backend-libpath: <Java library path>
java-backend-property: <name>=<value>
java-backend-option: <JVM option>
java-backend-suffix: <name space>

In the "java-backend-class" attribute you should specify your Java backend class. This class has to implement com.identyx.javabackend.Backend interface.

In the "java-backend-classpath" attribute you can optionally specify the path to your Java classes. This attribute can be specified multiple times.

In the "java-backend-libpath" attribute you can optionally specify the path to your jar files. This attribute can be specified multiple times.

In the "java-backend-property" attribute you can optionally specify a system property and its value. This attribute can be specified multiple times.

In the "java-backend-option" attribute you can optionally specify a JVM parameter. This attribute can be specified multiple times.

In the "java-backend-suffix" attribute you can specify the LDAP suffix that will be handled by this backend. This attribute can be specified multiple times. If you specify at least one suffix, Java Backend will use the static suffix list to check the target DN of the incoming requests. If you specify no suffixes, Java Backend will check with the backend implementation which can be dynamic but possibly slower.

Assuming Penrose is installed in /usr/local/penrose-server-1.2, here is a sample of Java Backend configuration for Penrose:

dn: cn=Java Backend,cn=plugins,cn=config
objectClass: top
objectClass: nsSlapdPlugin
objectClass: extensibleObject
cn: Java Backend
nsslapd-pluginPath: /usr/local/java-backend-fedora-1.1/lib/java-backend-fedora.so
nsslapd-pluginInitfunc: java_backend_init
nsslapd-pluginType: preoperation
nsslapd-pluginEnabled: on
nsslapd-plugin-depends-on-type: database
nsslapd-pluginId: java-backend
java-backend-class: org.safehaus.penrose.backend.PenroseBackend
java-backend-libpath: /usr/local/penrose-server-1.2/lib
java-backend-libpath: /usr/local/penrose-server-1.2/lib/ext
java-backend-libpath: /usr/local/penrose-server-1.2/schema/ext
java-backend-libpath: /usr/local/penrose-server-1.2/server/lib
java-backend-libpath: /usr/local/penrose-server-1.2/server/lib/ext
java-backend-property: penrose.home=/usr/local/penrose-server-1.2
java-backend-suffix: dc=Example,dc=com
java-backend-suffix: ou=system

Configuring Fedora DS

There are two ways to add this configuration into Fedora DS:

• Add using ldapmodify
• Add directly into dse.ldif

Adding configuration using ldapmodify

Issue an ldapmodify command and bind as the directory manager, for example:

ldapmodify -D "cn=Directory Manager" -w secret -x

Copy & paste the above configuration. Then you need to restart the server.

Adding configuration directly into dse.ldif

First stop slapd:

cd /opt/fedora-ds/slapd-<server name>
./stop-slapd

Then add the above configuration into /opt/fedora-ds/slapd-<server name>/config/dse.ldif. When you are done start slapd:

./start-slapd

Log Messages

Fedora DS log messages are stored in files under /opt/fedora-ds/slapd-<server name>/logs directory. To watch Java Backend's log messages:

tail -f /opt/fedora-ds/slapd-<server name>/logs/errors

References

• Fedora Directory Server
• Administrator's Guide
• Server Plugins
• Plug-in Programmer's Guide