For Sun - One LDAP 5.2 config
- For Add operation the credentials are :-
principal = "uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
credential = "STC"
Facebook Badge
Wednesday, August 13, 2008
Thursday, July 3, 2008
All about Open ESB
Architecture
NMR
Open ESB) hosts a set of pluggable component containers, which integrate various types of IT assets. These pluggable component containers are interconnected with a fast, reliable, in-memory messaging bus called the Normalized Message Router (NMR) also referred to as the JBI Bus.
Service Engines
Service Engines provide business logic and transformation services to other components, as well as consume such services.
Binding components
Binding components provide the ability to use communications protocols to both access remotely provided services, and allow remote service consumers to access services provided within the JBI environment
A Binding Component may choose to implement one or more communications protocols, offering connectivity services to SEs and thereby enabling SEs to expose their services to remote consumers as well as enabling the consumption of remote services.
JBI
- Java Business Integration (JBI) is a specification developed under the Java Community Process (JCP) for an approach to implementing a service-oriented architecture (SOA). The JCP reference is JSR 208 for JBI 1.0 and JSR 312 for JBI 2.0.
-JBI provides an environment in which plug-in components reside.
-JBI provides for interoperation between plug-in components by means of message-based service invocation.
-JBI provides a set of services to facilitate management of the JBI environment, including the installed components. This includes component installation and life cycle management services.
-the JBI environment is a container for service engines and binding components.
JBI Architecture
JBI Components
-NMR
-Service Engines
-Binding components
-Shared Libraries
Normalized Message Exchange
Delivery Channel
A DeliveryChannel represents a bidirectional communication pipe used by bindings and engines to communicate with the NMR.
Message Flow
Service Unit
Service Unit (SU) jar files package the artifacts to deploy to a specific container/component.
Descriptor - JBI.xml
The descriptor can declare what services are consumed/provided with the deployment of this SU
Service Assembly or Composite Application
A collection of service units.
Composite Application / Component Life Cycle
NMR
Open ESB) hosts a set of pluggable component containers, which integrate various types of IT assets. These pluggable component containers are interconnected with a fast, reliable, in-memory messaging bus called the Normalized Message Router (NMR) also referred to as the JBI Bus.
Service Engines
Service Engines provide business logic and transformation services to other components, as well as consume such services.
Binding components
Binding components provide the ability to use communications protocols to both access remotely provided services, and allow remote service consumers to access services provided within the JBI environment
A Binding Component may choose to implement one or more communications protocols, offering connectivity services to SEs and thereby enabling SEs to expose their services to remote consumers as well as enabling the consumption of remote services.
JBI
- Java Business Integration (JBI) is a specification developed under the Java Community Process (JCP) for an approach to implementing a service-oriented architecture (SOA). The JCP reference is JSR 208 for JBI 1.0 and JSR 312 for JBI 2.0.
-JBI provides an environment in which plug-in components reside.
-JBI provides for interoperation between plug-in components by means of message-based service invocation.
-JBI provides a set of services to facilitate management of the JBI environment, including the installed components. This includes component installation and life cycle management services.
-the JBI environment is a container for service engines and binding components.
JBI Architecture
JBI Components-NMR
-Service Engines
-Binding components
-Shared Libraries
Normalized Message Exchange
Delivery Channel
A DeliveryChannel represents a bidirectional communication pipe used by bindings and engines to communicate with the NMR.
Message Flow
Service UnitService Unit (SU) jar files package the artifacts to deploy to a specific container/component.
Descriptor - JBI.xml
The descriptor can declare what services are consumed/provided with the deployment of this SU
Service Assembly or Composite Application
A collection of service units.
Composite Application / Component Life Cycle
All About LDAP
** Directory
Directory is like a dictionary; it allows one to look up a name and retrieve items of information associated with that name.
Names in a directory are organized in a hierarchical tree.
Data cannot be deciphered by the third party and the data remains confidential between client and server.
Integrity:-
Data will not be modified in transit by that third party.
KeyStore :-
A KeyStore consists of a database containing a private key and an associated
certificate, or an associated certificate chain. The certificate chain consists of the
client certificate and one or more certification authority (CA) certificates.
TrustStore:-
A TrustStore contains only the certificates trusted by the client. It is a repository of certificates.
Steps to create a keystore,trust store for server :-
1. Generate certificate .keystore.jks
C:\jdk1.5.0_13\bin>keytool -genkey -alias server -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
What is your first and last name? [Unknown]: raghuvir
What is the name of your organizational unit? [Unknown]: india
What is the name of your organization? [Unknown]: sun
What is the name of your City or Locality? [Unknown]: blr
What is the name of your State or Province? [Unknown]: karnataka
What is the two-letter country code for this unit? [Unknown]: ka
Is CN=raghuvir, OU=india, O=sun, L=blr, ST=karnataka, C=ka correct? [no]: yes
2. Export it into file server.cer
C:\jdk1.5.0_13\bin>keytool -export -alias server -storepass changeit -file server.cer -keystore keystore.jks
Certificate stored in file
3. Import server.cer into the trust store (cacerts.jks)
C:\jdk1.5.0_13\bin>keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit
Owner: CN=raghuvir, OU=india, O=sun, L=blr, ST=karnataka, C=kaIssuer: CN=raghuvir, OU=india, O=sun, L=blr, ST=karnataka, C=ka
Serial number: 4892be08Valid from: Fri Aug 01 13:10:56 IST 2008 until: Thu Oct 30 13:10:56 IST 2008Certificate fingerprints: MD5: A3:BD:00:49:35:3B:99:BB:82:15:B9:B0:68:5C:6B:86 SHA1: 09:07:4D:46:8A:22:2A:BE:7C:F4:0C:1E:C5:41:F9:84:B8:83:F3:13Trust this certificate? [no]: yesCertificate was added to keystore[Storing cacerts.jks]
Steps to creat a client keystore and trust store :-
1. Generate client certificate : keystore.jks
C:\jdk1.5.0_13\bin>keytool -genkey -alias client-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -dname "CN=client_hostname, OU=John,O=Sun, L=Bangalore, S=Karnataka, C=IN"
2. Export client certificate to a file called client.cer
C:\jdk1.5.0_13\bin>keytool -export -alias client-alias -storepass changeit -file client.cer -keystore keystore.jks
Certificate stored in file
3.Create truststore from client.cer , cacerts.jks
C:\jdk1.5.0_13\bin>keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore cacerts.jks -keypass changeit -storepass changeit
Owner: CN=client_hostname, OU=John, O=Sun, L=Bangalore, ST=Karnataka, C=INIssuer: CN=client_hostname, OU=John, O=Sun, L=Bangalore, ST=Karnataka, C=INSerial number: 4892cc92Valid from: Fri Aug 01 14:12:58 IST 2008 until: Thu Oct 30 14:12:58 IST 2008Certificate fingerprints: MD5: 17:C0:51:E9:BB:42:A1:83:20:B3:AD:64:46:1D:F9:19 SHA1: 54:61:C1:14:B0:21:FD:34:6B:EB:EE:32:50:C8:7A:9D:7A:60:FF:96Trust this certificate? [no]: yes
Certificate was added to keystore[Storing cacerts.jks]
Access Control :-
Using access control, you can control access to the entire directory, a subtree of the directory, specific entries in the directory (including entries defining configuration tasks), or a specific set of entry attributes.
The aci attribute has the following syntax:
aci: (target)(version 3.0;acl "name";permission bindRules;)
The following is an example of a complete LDIF ACI:
aci: (target="ldap:///uid=bjensen,dc=example,dc=com" (targetattr=*)(version 3.0; acl "example"; allow (write) userdn=ldap:///self;)
In this example, the ACI states that the user bjensen has rights to modify all attributes in her own directory entry.
target can be
target -> ldap:///distinguished_name
targetattr -> attribute
Adding an ACI at the Command-Line
Use the following ldapmodify command to give say for
example Charlene Daniels full rights to the directory:
ldapmodify -h myServer -p 5201 -D "cn=directory manager" -w passworddn: o=MyCorp,dc=example,dc=comchangetype: modifyadd: aciaci: (targetattr=*)(version 3.0; aci "give charlene full rights"; allow(all) userdn = ldap:///uid=cdaniels,ou=People,o=MyCorp,dc=example,dc=com;)
The following LDIF example allows members of the Engineering Admins group to modify the departmentNumber and manager attributes of all entries in the Engineering business category. This example uses LDAP filtering to select all entries with businessCategory attributes set to Engineering:
dn: dc=example,dc=comobjectClass: topobjectClass: organizationaci: (targetattr="departmentNumber manager") (targetfilter="(businessCategory=Engineering)") (version 3.0; acl "eng-admins-write"; allow (write) groupdn ="ldap:///cn=Engineering Admins, dc=example,dc=com";)
Referrals:-
Referral contains one or more LDAP URLs of Objects which is returned to the client.
The following table shows the values defined for this property. If this property has not been set, then the default is to ignore referrals.
ignore Ignore referrals
follow Automatically follow any referrals
throw Throw a ReferralException for each referral
Directory is like a dictionary; it allows one to look up a name and retrieve items of information associated with that name.
Names in a directory are organized in a hierarchical tree.
**Object and classes :- Data stored in LDAP is stored in objects. These objects contain a number of attributes, which are basically a set of key/value pairs.
** Directory service
A directory service is simply the software system that stores and organizes information in a directory, and provides access to that information.
** Difference b/w Directory service and Database
The major difference with databases and directories is at the system level where a database is used to automate a process with a dedicated (relational) data model, but a directory is used to hold "identified" objects that can be used by many applications in random ways.
**The Lightweight Directory Access Protocol
The Lightweight Directory Access Protocol, or LDAP , is an application protocol for querying and modifying directory services running over TCP/IP.[1]
**Entries, Attributes, and Values
Entry
cn: John Doe
mail: johndoe@sun.com
mail: jdoe@stc.com
telephoneNumber: 471-6000 x.1234
Attributes :- cn , mail, telephoneNumber
Values :- John Doe ,johndoe@sun.com,jdoe@stc.com
** LDAP Directory Structure
Tree structure.
Top most - root
higher levels of hirearchy - groupings or organizations.
leaf nodes - individual persons
** Distinguished Names & Relative Distinguished Names
distinguished name of the John Doe entry is:
cn=John Doe, ou=People, dc=sun.com
cn=John Doe, ou=People is a RDN relative to the root RDN dc=sun.com.
Another example would be uid=bjensen,ou=People,dc=example,dc=com
**LDAP Service
A directory service is a distributed database application designed to manage the entries
and attributes in a directory.
**LDAP Client
A directory client accesses a directory service using the LDAP protocol. A directory client may use one of several client APIs available in order to access the directory service.
**Working of Client
By connecting to an LDAP server, the LDAP BC/eWay enables to search, compare, and modify an LDAP directory using the LDAP protocol.
**Referrals
referral is information that a server sends back to the client indicating that the requested information can be found at another location (possibly at another server).
Type :-
The type describes what the information is; the value is the information itself.
cn: person5
Here "cn" is the type and "person5" is the value.
Attribute:-
attribute is comprised of a type and one or more values that describe a particular trait of the object’s entry.
Entry:-
An entry, the base unit of the LDAP, is a collection of attributes which contain information that describes it.
Object Classes:-
The object classes are required or allowed and are defined with one or more attributes which are also required or allowed.
LDAP Schema:-
LDAP Schema defines what can be stored in the directory. It includes object classes and attributes.
**SSL with LDAP
SSL:-Secure Socket Layer (SSL) technology allows web browsers and web servers to communicate over a secure connection. Uses Encryption , Decryption .
SSL uses public key cryptography, which is based on key pairs. Public key , private key.
Digital signature :-The server computes a value and encrypts the value using its private key. The encrypted value is called a digital signature.
keytool:- Keytool is used to generate certificates. The keytool stores the keys and certificates in a file termed a keystore, a repository of certificates used for identifying a client or a server. Typically, a keystore contains one client or one server's identity.
For J2EE ,the server certificate is in keystore.jks. The cacerts.jks file contains all the trusted certificates, including client certificates
Authentication:- To verify that the site(server) is who and what it claims to be. To verify that the client is who and what it claims to be .
Confidentiality:-Data cannot be deciphered by the third party and the data remains confidential between client and server.
Integrity:-
Data will not be modified in transit by that third party.
KeyStore :-
A KeyStore consists of a database containing a private key and an associated
certificate, or an associated certificate chain. The certificate chain consists of the
client certificate and one or more certification authority (CA) certificates.
TrustStore:-
A TrustStore contains only the certificates trusted by the client. It is a repository of certificates.
Steps to create a keystore,trust store for server :-
1. Generate certificate .keystore.jks
C:\jdk1.5.0_13\bin>keytool -genkey -alias server -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks
What is your first and last name? [Unknown]: raghuvir
What is the name of your organizational unit? [Unknown]: india
What is the name of your organization? [Unknown]: sun
What is the name of your City or Locality? [Unknown]: blr
What is the name of your State or Province? [Unknown]: karnataka
What is the two-letter country code for this unit? [Unknown]: ka
Is CN=raghuvir, OU=india, O=sun, L=blr, ST=karnataka, C=ka correct? [no]: yes
2. Export it into file server.cer
C:\jdk1.5.0_13\bin>keytool -export -alias server -storepass changeit -file server.cer -keystore keystore.jks
Certificate stored in file
3. Import server.cer into the trust store (cacerts.jks)
C:\jdk1.5.0_13\bin>keytool -import -v -trustcacerts -alias server-alias -file server.cer -keystore cacerts.jks -keypass changeit -storepass changeit
Owner: CN=raghuvir, OU=india, O=sun, L=blr, ST=karnataka, C=kaIssuer: CN=raghuvir, OU=india, O=sun, L=blr, ST=karnataka, C=ka
Serial number: 4892be08Valid from: Fri Aug 01 13:10:56 IST 2008 until: Thu Oct 30 13:10:56 IST 2008Certificate fingerprints: MD5: A3:BD:00:49:35:3B:99:BB:82:15:B9:B0:68:5C:6B:86 SHA1: 09:07:4D:46:8A:22:2A:BE:7C:F4:0C:1E:C5:41:F9:84:B8:83:F3:13Trust this certificate? [no]: yesCertificate was added to keystore[Storing cacerts.jks]
Steps to creat a client keystore and trust store :-
1. Generate client certificate : keystore.jks
C:\jdk1.5.0_13\bin>keytool -genkey -alias client-alias -keyalg RSA -keypass changeit -storepass changeit -keystore keystore.jks -dname "CN=client_hostname, OU=John,O=Sun, L=Bangalore, S=Karnataka, C=IN"
2. Export client certificate to a file called client.cer
C:\jdk1.5.0_13\bin>keytool -export -alias client-alias -storepass changeit -file client.cer -keystore keystore.jks
Certificate stored in file
3.Create truststore from client.cer , cacerts.jks
C:\jdk1.5.0_13\bin>keytool -import -v -trustcacerts -alias client-alias -file client.cer -keystore cacerts.jks -keypass changeit -storepass changeit
Owner: CN=client_hostname, OU=John, O=Sun, L=Bangalore, ST=Karnataka, C=INIssuer: CN=client_hostname, OU=John, O=Sun, L=Bangalore, ST=Karnataka, C=INSerial number: 4892cc92Valid from: Fri Aug 01 14:12:58 IST 2008 until: Thu Oct 30 14:12:58 IST 2008Certificate fingerprints: MD5: 17:C0:51:E9:BB:42:A1:83:20:B3:AD:64:46:1D:F9:19 SHA1: 54:61:C1:14:B0:21:FD:34:6B:EB:EE:32:50:C8:7A:9D:7A:60:FF:96Trust this certificate? [no]: yes
Certificate was added to keystore[Storing cacerts.jks]
Access Control :-
Using access control, you can control access to the entire directory, a subtree of the directory, specific entries in the directory (including entries defining configuration tasks), or a specific set of entry attributes.
The aci attribute has the following syntax:
aci: (target)(version 3.0;acl "name";permission bindRules;)
The following is an example of a complete LDIF ACI:
aci: (target="ldap:///uid=bjensen,dc=example,dc=com" (targetattr=*)(version 3.0; acl "example"; allow (write) userdn=ldap:///self;)
In this example, the ACI states that the user bjensen has rights to modify all attributes in her own directory entry.
target can be
target -> ldap:///distinguished_name
targetattr -> attribute
Adding an ACI at the Command-Line
Use the following ldapmodify command to give say for
example Charlene Daniels full rights to the directory:
ldapmodify -h myServer -p 5201 -D "cn=directory manager" -w passworddn: o=MyCorp,dc=example,dc=comchangetype: modifyadd: aciaci: (targetattr=*)(version 3.0; aci "give charlene full rights"; allow(all) userdn = ldap:///uid=cdaniels,ou=People,o=MyCorp,dc=example,dc=com;)
The following LDIF example allows members of the Engineering Admins group to modify the departmentNumber and manager attributes of all entries in the Engineering business category. This example uses LDAP filtering to select all entries with businessCategory attributes set to Engineering:
dn: dc=example,dc=comobjectClass: topobjectClass: organizationaci: (targetattr="departmentNumber manager") (targetfilter="(businessCategory=Engineering)") (version 3.0; acl "eng-admins-write"; allow (write) groupdn ="ldap:///cn=Engineering Admins, dc=example,dc=com";)
Referrals:-
Referral contains one or more LDAP URLs of Objects which is returned to the client.
The following table shows the values defined for this property. If this property has not been set, then the default is to ignore referrals.
ignore Ignore referrals
follow Automatically follow any referrals
throw Throw a ReferralException for each referral
Serach in LDAP :- http://docs.sun.com/source/816-6696-10/cmdline.html#14656
1)the following call will return all entries in the directory:
ldapsearch -h myServer -p 5201 -D "cn=directory manager" -w password -b "dc=example,dc=com" -s sub "objectclass=*"
2)You can specify a search filter directly on the command line. If you do this, be sure to enclose your filter in quotation marks ("filter"). Also, do not specify the -f option. For example:
ldapsearch -h myServer -p 5201 -D "cn=directory manager" -w password -b "dc=example,dc=com" "cn=Charlene Daniels"
Wednesday, July 2, 2008
Basic Terminologies for Open esb
Coupling
coupling or dependency is the degree to which each program module relies on each one of the other modules
Loose coupling
Loose coupling describes an approach where integration interfaces are developed with minimal assumptions between the sending/receiving parties, thus reducing the risk that a change in one application/module will force a change in another application/module.
Service
A service is a function that is well-defined, self-contained, and does not depend on the context or state of other services.
SOA
-Service-Oriented Architecture (SOA) is a software architecture where functionality is grouped around business processes and packaged as interoperable services.
-SOA also describes IT infrastructure which allows different applications to exchange data with one another as they participate in business processes.
-The aim is a loose coupling of services with operating systems, programming languages and other technologies which underlie applications.
-Web services can be used to implement a service-oriented architecture.
JBI -
Java Business Integration (JBI) is a specification developed under the Java Community Process (JCP) for an approach to implementing a service-oriented architecture (SOA). The JCP reference is JSR 208 for JBI 1.0 and JSR 312 for JBI 2.0.
ESB Architecture :-
In an enterprise architecture making use of an ESB, an application will communicate via the bus, which acts as a message broker between applications.
Advantage of ESB Architecture :-
The primary advantage of such an approach is that it reduces the number of point-to-point connections required to allow applications to communicate.
What is ESB ?
1. ESB is the piece of software that lies between the business applications and enables communication among them.
2. ESB replaces all direct contact with the applications on the bus, so that all communication takes place via the bus.
3. It uses the enterprise message model which is a standard set of messages that the ESB will both transmit and receive.
Benefits
1.Faster and cheaper accommodation of existing systems.
2.Increased flexibility; easier to change as requirements change.
3.Standards-based.
Disadvantages
1.Enterprise Message Model is usually required, resulting in additional management overhead.
2.Requires ongoing management of message versions to ensure the intended benefit of loose coupling.
3.It normally requires more hardware than simple point to point messaging.
4.Extra overhead and increased latency caused by messages traversing the extra ESB layer, especially as compared to point to point communications.
Enterprise Application
-An enterprise application is typically a software application hosted on an application server which simultaneously provides services to a large number of users, via a network
-It is Java 2 Platform Enterprise Edition application is any deployable unit of J2EE functionality. This can be a single J2EE module or a group of modules packaged into an EAR file along with a J2EE application deployment descriptor.
Composite Application
-A composite application is a transactional application consisting of business functionality and information from varied information sources.
-Composite applications are both a form of integration, as well as application development.
What is Open ESB?
Project Open ESB implements an Enterprise Service Bus (ESB) runtime using Java Business Integration as the foundation. This allows easy integration of web services to create loosely coupled enterprise class composite applications.
coupling or dependency is the degree to which each program module relies on each one of the other modules
Loose coupling
Loose coupling describes an approach where integration interfaces are developed with minimal assumptions between the sending/receiving parties, thus reducing the risk that a change in one application/module will force a change in another application/module.
Service
A service is a function that is well-defined, self-contained, and does not depend on the context or state of other services.
SOA
-Service-Oriented Architecture (SOA) is a software architecture where functionality is grouped around business processes and packaged as interoperable services.
-SOA also describes IT infrastructure which allows different applications to exchange data with one another as they participate in business processes.
-The aim is a loose coupling of services with operating systems, programming languages and other technologies which underlie applications.
-Web services can be used to implement a service-oriented architecture.
JBI -
Java Business Integration (JBI) is a specification developed under the Java Community Process (JCP) for an approach to implementing a service-oriented architecture (SOA). The JCP reference is JSR 208 for JBI 1.0 and JSR 312 for JBI 2.0.
ESB Architecture :-
In an enterprise architecture making use of an ESB, an application will communicate via the bus, which acts as a message broker between applications.
Advantage of ESB Architecture :-
The primary advantage of such an approach is that it reduces the number of point-to-point connections required to allow applications to communicate.
What is ESB ?
1. ESB is the piece of software that lies between the business applications and enables communication among them.
2. ESB replaces all direct contact with the applications on the bus, so that all communication takes place via the bus.
3. It uses the enterprise message model which is a standard set of messages that the ESB will both transmit and receive.
Benefits
1.Faster and cheaper accommodation of existing systems.
2.Increased flexibility; easier to change as requirements change.
3.Standards-based.
Disadvantages
1.Enterprise Message Model is usually required, resulting in additional management overhead.
2.Requires ongoing management of message versions to ensure the intended benefit of loose coupling.
3.It normally requires more hardware than simple point to point messaging.
4.Extra overhead and increased latency caused by messages traversing the extra ESB layer, especially as compared to point to point communications.
Enterprise Application
-An enterprise application is typically a software application hosted on an application server which simultaneously provides services to a large number of users, via a network
-It is Java 2 Platform Enterprise Edition application is any deployable unit of J2EE functionality. This can be a single J2EE module or a group of modules packaged into an EAR file along with a J2EE application deployment descriptor.
Composite Application
-A composite application is a transactional application consisting of business functionality and information from varied information sources.
-Composite applications are both a form of integration, as well as application development.
What is Open ESB?
Project Open ESB implements an Enterprise Service Bus (ESB) runtime using Java Business Integration as the foundation. This allows easy integration of web services to create loosely coupled enterprise class composite applications.
Subscribe to:
Comments (Atom)