Differences between revisions 3 and 4
Revision 3 as of 2007-03-26 23:52:05
Size: 4674
Comment:
Revision 4 as of 2009-09-20 22:02:38
Size: 4694
Editor: localhost
Comment: converted to 1.6 markup
Deletions are marked like this. Additions are marked like this.
Line 7: Line 7:
To use this Store your app server must be setup to authenticate users using the LDAP server. For Tomcat 5 see [http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JNDIRealm this]. You cannot use the SlideRealm to authenticate users because this Store does not expose a password property. To use this Store your app server must be setup to authenticate users using the LDAP server. For Tomcat 5 see [[http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html#JNDIRealm|this]]. You cannot use the SlideRealm to authenticate users because this Store does not expose a password property.
Line 14: Line 14:
    How often, in seconds, the cache refresh thread should check for Uris in the cache that need to be refreshed. The default value is "15". See [#cacherefreshing Cache Refreshing] for more information.     How often, in seconds, the cache refresh thread should check for Uris in the cache that need to be refreshed. The default value is "15". See [[#cacherefreshing|Cache Refreshing]] for more information.
Line 17: Line 17:
    How frequently, in seconds, Uris that are marked for refreshing should be refreshed. This value must be less than the !TimeToLive and !TimeToIdle (whichever is least) parameters specified for the EHCache in order for the items to never expire. The default value is "800". See [#caching Caching] and [#cacherefreshing Cache Refreshing] for more information.     How frequently, in seconds, Uris that are marked for refreshing should be refreshed. This value must be less than the !TimeToLive and !TimeToIdle (whichever is least) parameters specified for the EHCache in order for the items to never expire. The default value is "800". See [[#caching|Caching]] and [[#cacherefreshing|Cache Refreshing]] for more information.
Line 20: Line 20:
    The maximum amount of time, in milliseconds, that retrieve* methods can take before the Uri they are retrieving is scheduled for refreshing. By tuning this parameter you can keep smaller, infrequently accessed Uris from perpetually remaining in the cache. This may improve cache performance. See [#cacherefreshing Cache Refreshing] for more information.     The maximum amount of time, in milliseconds, that retrieve* methods can take before the Uri they are retrieving is scheduled for refreshing. By tuning this parameter you can keep smaller, infrequently accessed Uris from perpetually remaining in the cache. This may improve cache performance. See [[#cacherefreshing|Cache Refreshing]] for more information.
Line 28: Line 28:
    The filter string to use for the search. Example: (objectClass=inetOrgPerson). The default value is (objectClass=*). See the [http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String,%20javax.naming.directory.SearchControls) DirContext.search()] javadoc.     The filter string to use for the search. Example: (objectClass=inetOrgPerson). The default value is (objectClass=*). See the [[http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/DirContext.html#search(javax.naming.Name,%20java.lang.String,%20javax.naming.directory.SearchControls)|DirContext.search()]] javadoc.
Line 30: Line 30:
    The Scope of the search. Can be one of OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE. The default value is ONELEVEL_SCOPE. See the [http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/SearchControls.html#OBJECT_SCOPE SearchControls] javadoc.     The Scope of the search. Can be one of OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE. The default value is ONELEVEL_SCOPE. See the [[http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/directory/SearchControls.html#OBJECT_SCOPE|SearchControls]] javadoc.
Line 34: Line 34:
    Parameters for connecting to the LDAP server. See the [http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/InitialContext.html InitialContext] javadoc.     Parameters for connecting to the LDAP server. See the [[http://java.sun.com/j2se/1.4.2/docs/api/javax/naming/InitialContext.html|InitialContext]] javadoc.
Line 36: Line 36:
[[Anchor(caching)]] <<Anchor(caching)>>
Line 39: Line 39:
This Store makes use of [http://ehcache.sourceforge.net/ EHCache]. You will need ehcache.jar in order to use this Store. When initialized the default !CacheManager is used to find a Cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore". If there is no Cache found with this name then a Cache is created with these default values: This Store makes use of [[http://ehcache.sourceforge.net/|EHCache]]. You will need ehcache.jar in order to use this Store. When initialized the default !CacheManager is used to find a Cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore". If there is no Cache found with this name then a Cache is created with these default values:
Line 48: Line 48:
To override these values you will need to create a configuration file for EHCache with a cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore" that has the settings you wish. See the documentation at the [http://ehcache.sourceforge.net/ EHCache website] for instructions. To override these values you will need to create a configuration file for EHCache with a cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore" that has the settings you wish. See the documentation at the [[http://ehcache.sourceforge.net/|EHCache website]] for instructions.
Line 50: Line 50:
[[Anchor(cacherefreshing)]] <<Anchor(cacherefreshing)>>

The JNDI!PrincipalStore is a read-only Store implementation for retrieving Slide users and roles from an LDAP server. It has been tested with Novell's eDirectory version 8.6.2. Other LDAP servers should work.

Prerequisites

To use this Store your app server must be setup to authenticate users using the LDAP server. For Tomcat 5 see this. You cannot use the SlideRealm to authenticate users because this Store does not expose a password property.

Store Parameters

Parameters used in Domain.xml when setting up the Store.

cache.refresh.checkrate

  • How often, in seconds, the cache refresh thread should check for Uris in the cache that need to be refreshed. The default value is "15". See Cache Refreshing for more information.

cache.refresh.rate

  • How frequently, in seconds, Uris that are marked for refreshing should be refreshed. This value must be less than the TimeToLive and TimeToIdle (whichever is least) parameters specified for the EHCache in order for the items to never expire. The default value is "800". See Caching and Cache Refreshing for more information.

cache.refresh.threshold

  • The maximum amount of time, in milliseconds, that retrieve* methods can take before the Uri they are retrieving is scheduled for refreshing. By tuning this parameter you can keep smaller, infrequently accessed Uris from perpetually remaining in the cache. This may improve cache performance. See Cache Refreshing for more information.

jndi.container

  • The base LDAP context you wish to search. Example: ou=Users,o=Company

jndi.attributes.rdn

  • The attribute used to uniquely identify the objects you're fetching. Usually uid or cn.

jndi.attributes.userprincipalname

  • The attribute used to provide a user/role name which is mapped into Slide instead of the path name. This attribute is optional.

jndi.search.filter

  • The filter string to use for the search. Example: (objectClass=inetOrgPerson). The default value is (objectClass=*). See the DirContext.search() javadoc.

jndi.search.scope

  • The Scope of the search. Can be one of OBJECT_SCOPE, ONELEVEL_SCOPE, SUBTREE_SCOPE. The default value is ONELEVEL_SCOPE. See the SearchControls javadoc.

jndi.search.attributes

  • A comma delimited list of the attributes you want returned with your search results. Example: givenName, uid, mail. The default value is cn.

java.naming.*

  • Parameters for connecting to the LDAP server. See the InitialContext javadoc.

Caching

This Store makes use of EHCache. You will need ehcache.jar in order to use this Store. When initialized the default CacheManager is used to find a Cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore". If there is no Cache found with this name then a Cache is created with these default values:

  • name = org.apache.slide.store.txjndi.JNDI!PrincipalStore

  • maxElementsInMemory = 200
  • eternal = false
  • timeToIdleSeconds = 900
  • timeToLiveSeconds = 900
  • overflowToDisk = true

To override these values you will need to create a configuration file for EHCache with a cache named "org.apache.slide.store.txjndi.JNDI!PrincipalStore" that has the settings you wish. See the documentation at the EHCache website for instructions.

Cache Refreshing

Because the data delivered by this Store is managed externally to Slide the data cache must be periodically expired to pick up any changes. Because creating object Nodes can take a long time for LDAP queries that return a lot of objects, larger queries need to be preemptively refreshed before a user makes a request to an expired object.

The retrieveObject() and retrieveNodeDescriptor() methods monitor the amount of time it takes them to return for each Uri. If the method takes longer than a specified amount of time (configured with the cache.refresh.threshold parameter) the Uri is marked as needing to be refreshed. Upon initialization the Store spawns a child thread that periodically checks for Uris that need to be refreshed.

JNDIPrincipalStoreSetup (last edited 2009-09-20 22:02:38 by localhost)