You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Muralidhar Yaragalla <ya...@gmail.com> on 2010/04/13 17:43:55 UTC

hi need best suggestion

Hi Guys, we have the following situation:-

                           We have an application running on tomcat. We  are
storing user information on APCAHEDS using some other application. But
whenever there is a change in the user information my application (which is
running on tomcat)  has to be notified and upon notification it has to
update its local user database against LDAP. 

 

So what is the best way of doing this?

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Thank you so much for the link.

-----Original Message-----
From: Cook, Lee (IS) (Contr) [mailto:R.Lee.Cook@ngc.com] 
Sent: Tuesday, April 13, 2010 10:12 PM
To: users@directory.apache.org
Subject: RE: hi need best suggestion

Muralidhar,
I just got this same requirement from my 'customer' also.
We need to notify another application which has non-ldap
Users database when changes occur to our Ldap attributes.
I was experimenting with ApacheDS, but my client uses 
MS Active Directory, for which I found this article
Which discusses Ldap Change Notifications via ldap search filter
And result set.
http://msdn.microsoft.com/en-us/library/aa772153(VS.85).aspx

I have no idea if ApacheDS offers a similar notification function?

Lee
-----Original Message-----
From: Muralidhar Yaragalla [mailto:yaragallamurali@gmail.com] 
Sent: Tuesday, April 13, 2010 12:33 PM
To: users@directory.apache.org
Subject: RE: hi need best suggestion

Hi this is a special requirement. Actually I also don't like to do this
that
way but the client is not technically good enough. Even though we said
this
is not the right approach he wants this way. I just don't want to argue
with
him so I said we will do it that way.

Anyway I just want to know the best way of updating the loacldatabases
against LDAP.

-----Original Message-----
From: Stefan Zoerner [mailto:stefan@labeo.de] 
Sent: Tuesday, April 13, 2010 9:54 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

Muralidhar Yaragalla wrote:
>                            We have an application running on tomcat.
We
are
> storing user information on APCAHEDS using some other application. But
> whenever there is a change in the user information my application
(which
is
> running on tomcat)  has to be notified and upon notification it has to
> update its local user database against LDAP. 
> 
> So what is the best way of doing this?
> 

Perhaps I am totally wrong and don't understand your requirements, but 
why not using a JNDI Realm within Tomcat which directly connects to 
ApacheDS directly instead of using a "local user database" (what exactly

is this database?).

Greetings from Hanover,
     StefanZ

RE: hi need best suggestion

Posted by "Cook, Lee (IS) (Contr)" <R....@ngc.com>.

Muralidhar,
I just got this same requirement from my 'customer' also.
We need to notify another application which has non-ldap
Users database when changes occur to our Ldap attributes.
I was experimenting with ApacheDS, but my client uses 
MS Active Directory, for which I found this article
Which discusses Ldap Change Notifications via ldap search filter
And result set.
http://msdn.microsoft.com/en-us/library/aa772153(VS.85).aspx

I have no idea if ApacheDS offers a similar notification function?

Lee
-----Original Message-----
From: Muralidhar Yaragalla [mailto:yaragallamurali@gmail.com] 
Sent: Tuesday, April 13, 2010 12:33 PM
To: users@directory.apache.org
Subject: RE: hi need best suggestion

Hi this is a special requirement. Actually I also don't like to do this
that
way but the client is not technically good enough. Even though we said
this
is not the right approach he wants this way. I just don't want to argue
with
him so I said we will do it that way.

Anyway I just want to know the best way of updating the loacldatabases
against LDAP.

-----Original Message-----
From: Stefan Zoerner [mailto:stefan@labeo.de] 
Sent: Tuesday, April 13, 2010 9:54 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

Muralidhar Yaragalla wrote:
>                            We have an application running on tomcat.
We
are
> storing user information on APCAHEDS using some other application. But
> whenever there is a change in the user information my application
(which
is
> running on tomcat)  has to be notified and upon notification it has to
> update its local user database against LDAP. 
> 
> So what is the best way of doing this?
> 

Perhaps I am totally wrong and don't understand your requirements, but 
why not using a JNDI Realm within Tomcat which directly connects to 
ApacheDS directly instead of using a "local user database" (what exactly

is this database?).

Greetings from Hanover,
     StefanZ

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Hi this is a special requirement. Actually I also don't like to do this that
way but the client is not technically good enough. Even though we said this
is not the right approach he wants this way. I just don't want to argue with
him so I said we will do it that way.

Anyway I just want to know the best way of updating the loacldatabases
against LDAP.

-----Original Message-----
From: Stefan Zoerner [mailto:stefan@labeo.de] 
Sent: Tuesday, April 13, 2010 9:54 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

Muralidhar Yaragalla wrote:
>                            We have an application running on tomcat. We
are
> storing user information on APCAHEDS using some other application. But
> whenever there is a change in the user information my application (which
is
> running on tomcat)  has to be notified and upon notification it has to
> update its local user database against LDAP. 
> 
> So what is the best way of doing this?
> 

Perhaps I am totally wrong and don't understand your requirements, but 
why not using a JNDI Realm within Tomcat which directly connects to 
ApacheDS directly instead of using a "local user database" (what exactly 
is this database?).

Greetings from Hanover,
     StefanZ

Re: hi need best suggestion

Posted by Stefan Zoerner <st...@labeo.de>.

Muralidhar Yaragalla wrote:
>                            We have an application running on tomcat. We  are
> storing user information on APCAHEDS using some other application. But
> whenever there is a change in the user information my application (which is
> running on tomcat)  has to be notified and upon notification it has to
> update its local user database against LDAP. 
> 
> So what is the best way of doing this?
> 

Perhaps I am totally wrong and don't understand your requirements, but 
why not using a JNDI Realm within Tomcat which directly connects to 
ApacheDS directly instead of using a "local user database" (what exactly 
is this database?).

Greetings from Hanover,
     StefanZ

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Thank you so much. This is good enough for me. 

-----Original Message-----
From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
Sent: Tuesday, April 13, 2010 11:24 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

On Tue, Apr 13, 2010 at 8:48 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> Is there any examples of how to use this class? Really thanks for pointing
> to these links which are really helpful. Does jndi support this?

the test class I referred uses JNDI and is a good example of how to
use psearch, other than this I have no examples.

Kiran Ayyagari

Re: hi need best suggestion

Posted by Kiran Ayyagari <ay...@gmail.com>.

On Tue, Apr 13, 2010 at 8:48 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> Is there any examples of how to use this class? Really thanks for pointing
> to these links which are really helpful. Does jndi support this?

the test class I referred uses JNDI and is a good example of how to
use psearch, other than this I have no examples.

Kiran Ayyagari

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Thank you. I will check the tutorial.

-----Original Message-----
From: Stefan Seelmann [mailto:seelmann@apache.org] 
Sent: Tuesday, April 13, 2010 11:35 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

Check javax.naming.event package and the "Event Notification" section of
the JNDI tutorial.

Muralidhar Yaragalla wrote:
> Is there any examples of how to use this class? Really thanks for pointing
> to these links which are really helpful. Does jndi support this?
> 
> -----Original Message-----
> From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
> Sent: Tuesday, April 13, 2010 10:54 PM
> To: users@directory.apache.org
> Subject: Re: hi need best suggestion
> 
> hi Murali,
> 
>   Stefan Seelmann pointed to me on IRC that persistent search[1] would
> be the right solution to get the updates
>   from the ApacheDS.
> 
>   The PersistentSearchIT[2] class shows how to use it
> 
>   [1] http://www.ietf.org/proceedings/50/I-D/ldapext-psearch-03.txt
> 
>   [2]
>
http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/
>
java/org/apache/directory/server/operations/search/PersistentSearchIT.java?v
> iew=markup
> 
> thanks Seelmann
> 
> Kiran Ayyagari
>

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Thank you. Will check this.

-----Original Message-----
From: Stefan Seelmann [mailto:seelmann@apache.org] 
Sent: Tuesday, April 13, 2010 11:35 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

Check javax.naming.event package and the "Event Notification" section of
the JNDI tutorial.

Muralidhar Yaragalla wrote:
> Is there any examples of how to use this class? Really thanks for pointing
> to these links which are really helpful. Does jndi support this?
> 
> -----Original Message-----
> From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
> Sent: Tuesday, April 13, 2010 10:54 PM
> To: users@directory.apache.org
> Subject: Re: hi need best suggestion
> 
> hi Murali,
> 
>   Stefan Seelmann pointed to me on IRC that persistent search[1] would
> be the right solution to get the updates
>   from the ApacheDS.
> 
>   The PersistentSearchIT[2] class shows how to use it
> 
>   [1] http://www.ietf.org/proceedings/50/I-D/ldapext-psearch-03.txt
> 
>   [2]
>
http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/
>
java/org/apache/directory/server/operations/search/PersistentSearchIT.java?v
> iew=markup
> 
> thanks Seelmann
> 
> Kiran Ayyagari
>

Re: hi need best suggestion

Posted by Stefan Seelmann <se...@apache.org>.

Check javax.naming.event package and the "Event Notification" section of
the JNDI tutorial.

Muralidhar Yaragalla wrote:
> Is there any examples of how to use this class? Really thanks for pointing
> to these links which are really helpful. Does jndi support this?
> 
> -----Original Message-----
> From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
> Sent: Tuesday, April 13, 2010 10:54 PM
> To: users@directory.apache.org
> Subject: Re: hi need best suggestion
> 
> hi Murali,
> 
>   Stefan Seelmann pointed to me on IRC that persistent search[1] would
> be the right solution to get the updates
>   from the ApacheDS.
> 
>   The PersistentSearchIT[2] class shows how to use it
> 
>   [1] http://www.ietf.org/proceedings/50/I-D/ldapext-psearch-03.txt
> 
>   [2]
> http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/
> java/org/apache/directory/server/operations/search/PersistentSearchIT.java?v
> iew=markup
> 
> thanks Seelmann
> 
> Kiran Ayyagari
>

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Is there any examples of how to use this class? Really thanks for pointing
to these links which are really helpful. Does jndi support this?

-----Original Message-----
From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
Sent: Tuesday, April 13, 2010 10:54 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

hi Murali,

  Stefan Seelmann pointed to me on IRC that persistent search[1] would
be the right solution to get the updates
  from the ApacheDS.

  The PersistentSearchIT[2] class shows how to use it

  [1] http://www.ietf.org/proceedings/50/I-D/ldapext-psearch-03.txt

  [2]
http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/
java/org/apache/directory/server/operations/search/PersistentSearchIT.java?v
iew=markup

thanks Seelmann

Kiran Ayyagari

Re: hi need best suggestion

Posted by Kiran Ayyagari <ay...@gmail.com>.

hi Murali,

  Stefan Seelmann pointed to me on IRC that persistent search[1] would
be the right solution to get the updates
  from the ApacheDS.

  The PersistentSearchIT[2] class shows how to use it

  [1] http://www.ietf.org/proceedings/50/I-D/ldapext-psearch-03.txt

  [2] http://svn.apache.org/viewvc/directory/apacheds/trunk/server-integ/src/test/java/org/apache/directory/server/operations/search/PersistentSearchIT.java?view=markup

thanks Seelmann

Kiran Ayyagari

Re: hi need best suggestion

Posted by Kiran Ayyagari <ay...@gmail.com>.

On Tue, Apr 13, 2010 at 7:40 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> So there is no way on LDAP to get the modifications happened at a particular
> point of time on a particular subcontext.

you can query on the modifyTimestamp operational attribute that is
part of each modified entry
and also you can query on createTimestamp to see if any new entries were added.

Note that in ApacheDS the modifyTimestamp attribute will only be
present if an entry gets modified

Kiran Ayyagari

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

So there is no way on LDAP to get the modifications happened at a particular
point of time on a particular subcontext.

-----Original Message-----
From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
Sent: Tuesday, April 13, 2010 10:07 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

On Tue, Apr 13, 2010 at 7:26 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> Thank u.
>
> so if my application got notified somehow and if I have to update my app
> database against LDAP I have to get all the entries for users  on LDAP and
> all the users from my database and compare them for deleted, added and
> updated users and accordingly I have to update my database every time
there
> is a change in the LDAP.   Is this right?

instead of doing it for all users it will be good if the notifying
application can also tell the tomcat based
application about which user entries were modified/added/deleted by
it, this way a whole tree scan can be avoided

Kiran Ayyagari

Re: hi need best suggestion

Posted by Kiran Ayyagari <ay...@gmail.com>.

On Tue, Apr 13, 2010 at 7:26 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> Thank u.
>
> so if my application got notified somehow and if I have to update my app
> database against LDAP I have to get all the entries for users  on LDAP and
> all the users from my database and compare them for deleted, added and
> updated users and accordingly I have to update my database every time there
> is a change in the LDAP.   Is this right?

instead of doing it for all users it will be good if the notifying
application can also tell the tomcat based
application about which user entries were modified/added/deleted by
it, this way a whole tree scan can be avoided

Kiran Ayyagari

RE: hi need best suggestion

Posted by Muralidhar Yaragalla <ya...@gmail.com>.

Thank u. 

so if my application got notified somehow and if I have to update my app
database against LDAP I have to get all the entries for users  on LDAP and
all the users from my database and compare them for deleted, added and
updated users and accordingly I have to update my database every time there
is a change in the LDAP.   Is this right?

-----Original Message-----
From: Kiran Ayyagari [mailto:ayyagarikiran@gmail.com] 
Sent: Tuesday, April 13, 2010 9:32 PM
To: users@directory.apache.org
Subject: Re: hi need best suggestion

On Tue, Apr 13, 2010 at 6:43 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> Hi Guys, we have the following situation:-
>
>                           We have an application running on tomcat. We
 are
> storing user information on APCAHEDS using some other application. But
> whenever there is a change in the user information my application (which
is
> running on tomcat)  has to be notified and upon notification it has to
> update its local user database against LDAP.

hmm, IMO it is best to notify the tomcat based application by the
application which is making changes
to the ApacheDS data. (well, this makes more sense if both
applications are controlled by you)

YMMV

Kiran Ayyagari

Re: hi need best suggestion

Posted by Kiran Ayyagari <ay...@gmail.com>.

On Tue, Apr 13, 2010 at 6:43 PM, Muralidhar Yaragalla
<ya...@gmail.com> wrote:
> Hi Guys, we have the following situation:-
>
>                           We have an application running on tomcat. We  are
> storing user information on APCAHEDS using some other application. But
> whenever there is a change in the user information my application (which is
> running on tomcat)  has to be notified and upon notification it has to
> update its local user database against LDAP.

hmm, IMO it is best to notify the tomcat based application by the
application which is making changes
to the ApacheDS data. (well, this makes more sense if both
applications are controlled by you)

YMMV

Kiran Ayyagari