Dashboard > Penrose 1.0 > ... > Modules > LDAP Sync Module
Penrose 1.0
LDAP Sync Module
Added by Endi S. Dewata, last edited by Endi S. Dewata on Nov 02, 2006  (view change)
Labels: 
(None)


Introduction

LDAP Sync Module synchronizes Penrose's directory entries to an external LDAP server. This way you can take advantage of your LDAP server strengths (performance, reliability, scalability, etc.) while utilizing Penrose for virtualization services.

In this configuration Penrose sits between the LDAP server and the data sources. Penrose will act as a master and the LDAP server will be the replica. You can perform updates on Penrose or the data sources, the changes will be replicated to the LDAP server.

Once you configured LDAP Sync properly, you should now send all read operations (bind, search, and compare) to the LDAP server, not Penrose. This way the read performance is only limited by your LDAP server, Penrose is no longer a bottleneck.

For write operations (add, modify, modrdn, and delete), they should still be directed to Penrose. The LDAP sync module will update the LDAP server accordingly. Alternatively, for a more seamless integration, you can send all read and write operations to your LDAP server, but you will need to configure a referral in your LDAP server to forward the write operations to Penrose.

Configure Persistent Cache

First you need to enable Persistent Cache. Make sure this feature has been configured correctly before proceeding to the next step.

Configure Polling Connector

Then you need to enable Polling Connector. Make sure this feature has been configured correctly before proceeding to the next step.

Initialize LDAP Server

Export the entire content of Penrose tree, for example:

ldapsearch -h localhost -p 10389 -D uid=admin,ou=system -w secret -x -b "dc=Example,dc=com" -L > example.ldif

Then import the entries into the LDAP server, for example:

ldapadd -h localhost -p 10389 -D cn=Manager,dc=Example,dc=com -w secret -x -f example.ldif

Configure LDAP Connection

Create a connection to your LDAP server. Make sure the user you specify in the bind DN has write access to the LDAP server. See Connections.

Configure LDAP Sync Module

Edit PENROSE_SERVER_HOME/conf/modules.xml:

<modules>

  <module name="LDAP Sync">
    <module-class>org.safehaus.penrose.ldap.LDAPSyncModule</module-class>
    <parameter>
      <param-name>connection</param-name>
      <param-value>...</param-value>
    </parameter>
  </module>

</modules>

Specify the name of the LDAP connection you created earlier in the "connection" parameter.

Configure Referral (Optional)

If your LDAP server supports referral, it can be used to redirect update operations to Penrose. Basically the goal is to make your LDAP server read-only to anybody except a special user. This user is the same one that you use when configuring the LDAP connection in Penrose above.

Here are some examples on configuring referral:
Site running on a free Atlassian Confluence Open Source Project License granted to Safehaus. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.4 Build:#809 Jun 12, 2007) - Bug/feature request - Contact Administrators