Services
Services are used by Penrose Server to provide interface for Penrose clients. Services are configured in conf/server.xml:
<server> <service name="..." enabled="..."> <service-class>...</service-class> <parameter> <param-name>...</param-name> <param-value>...</param-value> </parameter> </service> </server>
Each service is enabled by default. Enabled service will be started automatically when Penrose Server is started. To disable a service, specify enabled="false".
Penrose contains 2 built-in services:
- JMX
- LDAP
JMX Service
JMX Service is responsible for handling requests from JMX clients (e.g. Penrose Studio). The default service name is "JMX" and class name is "org.safehaus.penrose.management.PenroseJMXService".
| Parameter | Description | Valid Values | Default |
|---|---|---|---|
| rmiPort | RMI port | integer | 1099 |
| rmiTransportPort | RMI transport port | integer, 0 = random | 40888 |
| httpPort | HTTP port | integer | 8112 |
Note: if you are running Penrose behind a firewall, you might need to set the rmiTransportPort to a fixed number.
LDAP Service
LDAP Service is responsible for handling requests from LDAP clients (e.g. LDAP command line tool, LDAP browser). By default Penrose is configured with one LDAP service, but it is possible to configure multiple LDAP services to run concurrently (with different service name and port numbers).
In Penrose 1.1, the LDAP service is configured as follows:
<service name="LDAP">
<service-class>org.safehaus.penrose.ldap.PenroseLDAPService</service-class>
<parameter>
<param-name>...</param-name>
<param-value>...</param-value>
</parameter>
</service>
Available parameters are:
| Parameter | Description | Valid Values | Default |
|---|---|---|---|
| ldapPort | LDAP port | integer | 10389 |
| allowAnonymousAccess | Allow anonymous access | boolean | true |
If you're running with JDK 1.5 or later, you can configure SSL:
| Parameter | Description | Valid Values | Default |
|---|---|---|---|
| enableLdaps | Enable SSL | boolean | false |
| ldapsPort | Secure LDAP port | integer | 10636 |
| ldapsCertificateFile | SSL Certificate keystore | string | certificates/server.cert |
| ldapsCertificatePassword | Keystore password | string | changeit |
Starting from version 1.2, Penrose comes with several choices for LDAP service:
- MINA (default)
- ApacheDS
- OpenDS
Please note that the default LDAP service might change in the future version of Penrose.
The default LDAP service is configured as follows:
<service name="LDAP">
<service-class>org.safehaus.penrose.ldap.DefaultLDAPService</service-class>
<parameter>
<param-name>...</param-name>
<param-value>...</param-value>
</parameter>
</service>
MINA LDAP Service
If you want to use MINA as the LDAP service for Penrose specifically, change the service class as follows:
<service-class>org.safehaus.penrose.mina.MinaLDAPService</service-class>
These are the available parameters for MINA LDAP service:
| Parameter | Description | Valid Values | Default |
|---|---|---|---|
| ldapPort | LDAP port | integer | 10389 |
ApacheDS LDAP Service
To use ApacheDS as the LDAP service for Penrose, change the service class as follows:
<service-class>org.safehaus.penrose.mina.ApacheDSLDAPService</service-class>
These are the available parameters for ApacheDS LDAP service:
| Parameter | Description | Valid Values | Default |
|---|---|---|---|
| ldapPort | LDAP port | integer | 10389 |
| enableLdaps | Enable SSL | boolean | false |
| ldapsPort | Secure LDAP port | integer | 10636 |
| ldapsCertificateFile | SSL Certificate keystore | string | certificates/server.cert |
| ldapsCertificatePassword | Keystore password | string | changeit |
OpenDS LDAP Service
To use OpenDS as the LDAP service for Penrose, change the service class as follows:
<service-class>org.safehaus.penrose.opends.OpenDSLDAPService</service-class>
OpenDS configuration parameters can be found in PENROSE_SERVER_HOME/config/config.ldif.