Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2014-01-22

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
23:59 aldaris joined #openam
00:28 MegaMatt joined #openam
07:23 aldaris joined #openam
09:14 aldaris joined #openam
09:30 aldaris1 joined #openam
10:11 Wusel_ joined #openam
10:11 Wusel_ hey guys
10:12 Wusel_ I'm new to OpenAM and just copied the war (10.0 from stable community releases) into tomcat
10:13 Wusel_ I've a Apache Directory Server running and want OpenAM to use it as data storage
10:14 Wusel_ is there some kind of a tutorial how to set up ApacheDS with OpenAM?
10:20 aldaris joined #openam
10:34 aldaris joined #openam
10:58 aldaris joined #openam
11:07 aldaris joined #openam
11:32 aldaris joined #openam
11:49 Wusel_ it seems that this is not possible
11:49 Wusel_ but use apacheds as user storage?
11:50 aldaris should be possible to use ApacheDS for user data
11:50 aldaris config data must be stored in embedded DJ or external DJ/external DSEE
11:54 Wusel_ is there a working tutorial about how to set up an apacheds or any other ldap server for this?
11:54 Wusel_ especially importing the scheme
11:54 Wusel_ ?
11:54 MegaMatt joined #openam
11:55 Wusel_ aldaris ?
11:55 Zendron joined #openam
11:56 MegaMatt ??
11:56 aldaris nope
11:56 aldaris there is no official Apache DS guide
11:56 aldaris if you get it to work, feel free to blog about it :p
11:56 Wusel_ and e.g. for openldap?
11:56 aldaris how difficult it is to set up a basic Apache DS?
11:57 aldaris there are more non-official guides for openldap
11:57 aldaris but I wouldn't recommend using openldap with openam
11:57 Wusel_ why?
11:58 aldaris due to the lack of standard persistent search implementation OpenAM has to less aggresively cache things, which kills performance a bit
12:00 Wusel_ is it recommended to use any other ldap server instead of opendj?
12:01 aldaris as OpenDJ is our product, of course we recommend that
12:01 aldaris personally I had my share of fun with AD and DSEE
12:01 Wusel_ the point is, we've already a running apacheds and it would be great if we could use it
12:01 aldaris I'm pretty sure if it is achievable
12:01 aldaris does ApacheDS support persistent search?
12:02 MegaMatt The persistent search request control (OID: 2.16.840.1.113730.3.4.3).
12:02 aldaris thanks!
12:03 MegaMatt It's in the release notes ;) ... I was just looking at this yesterday.. http://docs.forgerock.org/en/openam/11.0.​0/release-notes/#data-store-requirements
12:03 asyd /s 14
12:03 asyd oups
12:03 aldaris Wusel_ I would suggest to run an ldapsearch on the root DSE ("") and ask for the supportedControls attribute
12:04 aldaris if you see the OID listed there then you'll have a good time integrating with AM
12:04 asyd any roadmap for opendj ldap backend? ;)
12:04 Wusel_ ok I'll try
12:04 aldaris asyd, for what?
12:05 asyd aldaris: openam -> opendj -> another LDAP server
12:05 MegaMatt asyd: For the embedded DS? I doubt that would change ;)
12:06 aldaris OpenDJ 3 aims for proxy capabilities afaik
12:06 aldaris maybe OpenDJ 4 will act as a virtual directory
12:07 asyd MegaMatt: no
12:07 MegaMatt Oh as a proxy? I thought that was a roadmap ;)
12:31 Wusel_ aldaris: what has the ldapsearch to reply to support persistent search
12:32 aldaris the OID of the psearch control
12:32 aldaris do you have the output?
12:32 Wusel_ yea
12:32 Wusel_ many lines
12:32 Wusel_ ;D
12:32 aldaris do you see 2.16.840.1.113730.3.4.3
12:33 Wusel_ no :(
12:38 Wusel_ so apacheds and openam is not possible?
12:39 aldaris it is possible
12:39 aldaris it is only a bit more painful
12:52 Wusel_ painful? :P
12:52 Wusel_ openDJ is also opensource, isn't it?
12:54 aldaris it is, yes
12:56 aldaris painful as in the psearch based cache won't work for you, which means that you'll get stale data back from AM. Once you disable that cache layer, things should work as expected, however the performance may be worse
13:02 Wusel_ is it possible to access openDJ as general ldap-server from other applications?
13:02 Wusel_ e.g. for owncloud or an ftp-server?
13:02 aldaris OpenDJ as generic as it possibly can
13:03 aldaris I think I should be fair and warn you about the license model of OpenDJ
13:04 aldaris only the major versions are available in source and binary for community members. Using our binaries in production environments isn't allowed, hence you would have to build OpenDJ for yourself
13:06 Wusel_ building shouldn't be that hard
13:06 aldaris yepp, that is true
13:07 aldaris not having access to maintenance releases may be more worrisome
13:07 aldaris but the source of trunk is always open, so if you are DEV-ish enough you can port fixes from trunk to your own version..
13:08 Wusel_ well i just need one ldap-server
13:08 Wusel_ in the end nobody cares which one I've chosen
13:09 Wusel_ apacheds: u dont recommend it
13:09 aldaris I never said that
13:09 Wusel_ :P
13:09 aldaris I'm saying that it won't be as well integrated as OpenDJ
13:10 Wusel_ but on my own I'm not able to get it working with apacheds
13:10 Wusel_ ;)
13:10 aldaris depends on how well you know directories really :p
13:10 aldaris plus I can always help you through the magic of IRC
13:11 Wusel_ uh magic ;)
13:11 aldaris I've never tried to set up apache ds with openam, so it is a nice of a challenge :p
13:11 Wusel_ i thought I only need to import the right scheme and then it would work
13:11 aldaris the schema isn't even really needed
13:11 aldaris the schema is a good thing to have
13:12 aldaris some features may not work without it, but most of those features aren't really interesting
13:12 Wusel_ i just want to manage the users
13:12 aldaris OpenAM is not for managing users darn it
13:12 aldaris use LDAP for that :D
13:13 Wusel_ well
13:13 Wusel_ but openam reads the users from ldap
13:13 aldaris yeah, it does
13:13 aldaris there is phpldapadmin as well, that does it too :)
13:13 Wusel_ and I read that openam has restful api to add users
13:13 aldaris openDJ has REST interface as well
13:14 aldaris and it works even better than AM's
13:14 Wusel_ ok
13:14 aldaris if you only want to use OpenAM to manage users in a directory, then you don't really need OpenAM at all…
13:14 Wusel_ no :)
13:15 Wusel_ i want to use is for SSO
13:15 aldaris if REST is a requirement then think about using OpenDJ with the REST interface
13:15 aldaris see 2.6.0 release notes
13:15 aldaris so now you want SSO as well? :)
13:15 aldaris then you may want to use AM after all :p
13:18 Wusel_ all I know about OpenAM is what I read since yesterday lol
13:18 MegaMatt joined #openam
13:18 Wusel_ I've to demonstrate a simple SSO with OpenAM
13:22 Wusel_ that's why it would be nice to follow a tutorial to understand things :)
13:33 aldaris joined #openam
14:30 aldaris joined #openam
18:27 jjpp joined #openam
22:33 aldaris joined #openam
22:42 tsmalmbe left #openam
22:43 tsmalmbe joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary