OpenLDAP

Introduction

Starting from version 1.0.4, Penrose can be run under OpenLDAP using Java Backend.

Prerequisites

This has been tested with Sun JDK 1.4.2 on Fedora Core 3, 4, 5 and Cygwin.

On Unix platforms, set the LD_LIBRARY_PATH environment variable to include Java libraries:

export LD_LIBRARY_PATH=$JAVA_HOME/jre/lib/i386:$JAVA_HOME/jre/lib/i386/server:$LD_LIBRARY_PATH

or create symbolic links:

cd /usr/lib
ln -s $JAVA_HOME/jre/lib/i386/libjava.so
ln -s $JAVA_HOME/jre/lib/i386/libverify.so
ln -s $JAVA_HOME/jre/lib/i386/server/libjvm.so

On Windows, make sure that the PATH environment variable includes the following:

JAVA_HOME/bin
JAVA_HOME/jre/bin/server

Installing Penrose Server

Download and install Penrose Server 1.0.4 or later. The installation directory will be referred to as PENROSE_SERVER_HOME.

Installing OpenLDAP

To run Java Backend with a pre-built OpenLDAP server, the OpenLDAP server must support modules. Otherwise you have to recompile OpenLDAP with Java Backend support.

On Fedora, the default OpenLDAP server was already built with modules support, so you can just download the RPM or execute:

yum install openldap-servers

Installing Java Backend

Download Java Backend for your platform. For Java Backend 1.1 or later execute:

rpm -i --nodeps java-backend-openldap-*.rpm

It will be installed in /usr/local/java-backend-openldap-* directory. We will refer to this directory as JAVA_BACKEND_HOME.

For older Java Backend execute:

rpm -i --nodeps openldap-servers-java-*.rpm

Configuring Java Backend

Edit /etc/openldap/slapd.conf:

modulepath    JAVA_BACKEND_HOME/lib
moduleload    back_java.la

The sample configuration is available in JAVA_BACKEND_HOME/conf directory:

database        java
class           "<class name>"
classpath       "<Java class path>"
libpath         "<Java library path>"
property        "<name>=<value>"
option          "<JVM option>"
suffix          "<name space>"

In the "class" parameter you should specify your Java backend class. This class has to implement com.identyx.javabackend.Backend interface.

In the "classpath" parameter you can optionally specify the path to your Java classes. This parameter can be specified multiple times.

In the "libpath" parameter you can optionally specify the path to your jar files. This parameter can be specified multiple times.

In the "property" parameter you can optionally specify a system property and its value. This parameter can be specified multiple times.

In the "option" parameter you can optionally specify a JVM parameter. This parameter can be specified multiple times.

In the "suffix" parameter you can specify the LDAP suffix that will be handled by this backend. You need to specify at least one suffix.

Here is an example for Java Backend 1.1 with Penrose Server 1.2:

database        java
class           "org.safehaus.penrose.backend.PenroseBackend"
libpath         "/usr/local/penrose-server-1.2/lib"
libpath         "/usr/local/penrose-server-1.2/lib/ext"
libpath         "/usr/local/penrose-server-1.2/schema/ext"
libpath         "/usr/local/penrose-server-1.2/server/lib"
libpath         "/usr/local/penrose-server-1.2/server/lib/ext"
property        "penrose.home=/usr/local/penrose-server-1.2"
suffix          "dc=Example,dc=com"
suffix          "ou=system"

Here is an example for Java Backend 1.0 with Penrose Server 1.0.4 and 1.1.x:

database        java
class           "org.safehaus.penrose.openldap.PenroseBackend"
libpath         "/usr/local/penrose-server-1.0.4/lib"
libpath         "/usr/local/penrose-server-1.0.4/lib/ext"
property        "penrose.home" "/usr/local/penrose-server-1.0.4"
suffix          "dc=Example,dc=com"
suffix          "ou=system"

Running OpenLDAP

Run OpenLDAP with debug:

slapd -d 65535

The Penrose Project

The Safehaus