How to introduce a custom object class to embedded LDAP of Identity Server

WSO2 Identity Server (IS) 3.2.0 comes with an embedded-apacheds ldap as the default user store. We can introduce new attributes to embedded-ldap through custom object classes, in order to use them when persisting user information in  IS.

I have described how to write a custom object class and introduce it to a stand alone LDAP server in my previous post.

In this post I intend to describe how to import a custom object class to Identity Server's default user store and how to use it when adding users to IS.

Step 1: Write your custom object class with the required additional attributes and save it with .ldif extension. 

Before defining attributes in your custom object class, make sure to check what are the attributes that are already supportted  by LDAP  for creating user entries, so that you can use them without defining new attributes and also can avoid conflicts with existing attribute names.

Following is the custom object class that we will import into embedded-apacheds of IS.

dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( 2.25.128424792425578037463837247958458780603.6
        NAME 'nicNumber'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeTypes: ( 2.25.128424792425578037463837247958458780603.7
        NAME 'passportNumber'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-
add: objectClasses
objectClasses: ( 2.25.128424792425578037463837247958458780603.8
    NAME 'samplePerson'
    DESC 'samplePerson'
    SUP wso2Person
    STRUCTURAL
    MAY  ( nicNumber $ passportNumber)
 )

This object class named: 'samplePerson' defines two new attributes to store NIC No. and Passport No. of a user. 

Note the line 19 which implies that 'samplePerson' inherits the 'wso2Person' which is once again a custom object class that we have already introduced to embedded-ldap of IS.

Step 2: Download the latest IS build from here. [IS 3.2.0 is not released yet and a latest build from trunk is hosted in this location.]

Step 3: Start Identity Server and connect to its embedded-ldap through Apache Directory Studio. If you are not familiar with Apache Directory Studio before, this post describes how to perform this step.

Step 4: Import the ldif file containing the new object class definition into the LDAP instance of IS.
You can do it as follows:
i). Locate the 'LDAP Browser' window in Apache Directory Studio as shown below.

                                                                      figure 1
ii). Right click on the 'ou=schema' context entry, select 'import->LDIF import' and point to the samplePerson ldif file and import it.
If you do not see any errors, that means ldif is successfully imported.

Step 6: Use the new object class for creating users in Identity Server.

To reflect the effect of the new object class in embedded-ldap, we need to restart the the Identity Server and also need to do some configuration level changes.

i).  Shutdown the IS.
ii). Locate 'embedded-ldap.xml' and 'user-mgt.xml' config files in [IS_HOME]/repository/conf folder and do the following changes.

• Find the 'EmbeddedLDAP' element in embedded-ldap.xml and change its 'AdminEntryObjectClass' property value to 'samplePerson'.

samplePerson

• Find 'UserStoreManager' element in 'user-mgt.xml' and change its 'UserEntryObjectClass' property to 'samplePerson' so that when adding users in IS, user entries will be created with new objectClass.

samplePerson 

iii). Delete the directory named: 'root' located in the path: [IS_HOME]/repository/data/org.wso2.carbon.directory. - so that default partition will be created again at the restart with admin user entry constructed with new objectClass.

iv). Start Identity Server.

v). Login to the management console with admin, admin credentials and add a new user through 'Users and Roles' tab in left hand panel.

vi). Now view the ldap user entry of the newly added user through 'LDAP Browser' window of Apache Directoy Studio.

                                                          figure 2
As you can see in the above figure 2, new user entry is constructed with the objecClass 'samplePerson'.

Step 7: You can use newly introduced attributes in user's profile of IS through 'Claim Management', which you will find in the left hand panel of  the management console.

Voilà, we are done.. :)

Connecting to the user store of Identity Server through Apache Directory Studio

WSO2 Identity Server (IS) 3.2.0 will be shipped with an embedded-apacheds ldap as the default user store.

We may need to connect it to through a UI tool in order to browse the structure and entries, importing ldif files etc..

This simple post describes how to connect to Identity Server's embedded-ldap through Apache Directory Studio tool.

1. Download and install Apache Directory Studio from here.

2. Start Identity Server and connect to its embedded-ldap from Apache Directory Studio as shown below.

step 2.1:

step 2.2:
Fill the following details in the new connection window you get:

step 2.3:
Click Next and fill the authentication details in the next window as follows.
DN of the bind user: uid=admin,ou=system
Bind password: 'admin'.

You may skip the other steps in the wizard and finish creating the connection.

Now you can view the ldap structure of IS's default user store in the LDAP Browser window as shown below.

One tiny tip before we windup- when ever you do an update to the embedded-ldap through IS, make sure to click the 'refresh' button in the LDAP Browser window shown above, in order to observe the changes through ApacheDS Studio UI tool.

Wihidum -- Our Final Year Project...

After nearly a one year completing our final year research project, I thought of writing about it in my blog.

In the FYP, our research was to come up with proper communication algorithms for a hierarchy of distributed broker nodes, which acts as one unit to constitute a distributed middleware. 

Message communication was based on WS-Eventing. After researching, we designed and implemented two algorithms named tree and cluster. The respective names imply the topology that the broker nodes are arranged in the hierarchy. We also did a performance testing on the two topologies and analyzed the results in our research.

Here, I should thankfully mention the valuable guidance and help provided by two supervisors of the project-- Dr.Srinath Perera and Mrs. Vishaka Nanayakkara. I am also thankful to all the members of our team, specially Dilshan Kanchana and Chamini Hasanga for the hard work and effort put on this project. We carried out this with a team of four including me, Dilshan, Chamini and Prabath.

Following is the set of slides that I presented for the CSnES conference which is a local conference, regarding the project Wihidum.

I will upload the research paper too soon.

Wihidum-Distributed Broker Hierarchy based on WS-Eventing

View more presentations from HasiniG

SOA Security in a Nutshell

I am on my April vacation of one week. I decided to dedicate this week to learn security stuff--mainly related to SOA-security, which was my passion from university time and now I am duty bounded as well to learn them as a member of WSO2 security team. :)

During my learning process, I came across many useful and valuable articles mostly written by senior members of WSO2 security team. 

I was particularly amazed by the following presentation by Prabath Siriwardena. The flow of the presentation is fantastic which takes a reader with zero or less knowledge in security from very basics --through all the SOA security concepts --to building a real enterprise security solution using WSO2 product stack at the end. It aligns with human thinking pattern very well so that we can go through all 244 slides  at once with full concentration without getting bored at all.

Presentation is self explanatory to its max such that without speaker, we can understand everything very well. I must say it is a very creative, innovative and comprehensive presentation or rather a great source of knowledge.

Thanks a lot Prabath aiya...

Summer School - Security in SOA

View more presentations from WSO2

In tribute to a great teacher : Mr. Rienzie Gunaratne

Last Saturday (2nd April 2011) evening, when I was watching ICC world cup finals, I heard a very shocking and a sad news that one of my great teachers, Mr. Rienzie Gunaratne (72) has passed away.

If I consider myself has gained some kind of success at this age of mine, he is surely  one important pillar of that success. He was by profession a lecturer at teacher's training college-Maharagama. I joined his English classes at the grade of 8. Soon I found his teaching very methodical and very inspiring which led to the ultimate results of me winning subject prize for English at grade 9 and obtaining distinctions for both English language and English literature subjects at GCE O/L examination.

But it is not the part that I am going to talk about here and it is not the part which had a lasting impact on my life.

Two things that made lasting impacts on us were: the public speaking training sessions he conducted in each day of English language classes and great life time lessons he taught us, the morals he cultivated in us during English literature classes in early mornings of Saturdays for 3 years.

Talking about the first thing above; apart from the subject curriculum, he took an innovative approach in improving public speaking skills of his students by having prepared speeches and news diary sessions where we got a chance to use our creativity skills and imaginations skills while learning techniques such as keeping eye-contact and composing speeches at a very young age of 13-14 years. And that practice has helped me many times during my university life.

The second and the most important impact we had from him was the universal lessons we learned from him in his literature class. 

He was not satisfied with the formal curriculum and genuinely wanted us to learn the beauty of literature where he had selected a valuable set of poems from great old literature and taught us the hidden messages in them relating to the real life, in a very convincing manner.

Even today, after about nine years, those poems help me to be inspired, be happy during the difficult times of life. I go through them or keep me reminded about them whenever I feel down, frustrated, less motivated and so on..

I would like to share some of those great poems here with you too....

The value of perseverance for one's life and the moral of not giving up was emphasized when he taught us the following poem:

"Drive the nail aright boys
hit it on the head
Strike with all your might boys
while the iron is red
When you have work to do boys,
do it with a will
They who reach the top boys
first must climb the hill
Standing at the bottom boys
looking at the sky
How can you get up boys 
if you never try
Though you stumble oft boys,
never be downcast
Try and try again boys
you will win at last."

Even today I can remember that he did not forget to mention that the above poem addresses 'boys' because at the time the poem was written, only the boys were privileged to have education and mentioned us that it equally applies to girls as well in todays world.

He taught us the importance of hard work through the following quote by Henry Wadsworth Longfellow.

"The height by great men reached and kept
were not attained by sudden flight
But they, while their companions slept,
were toiling upward in the night. "

The poem that I love the most among the ones that I learned from him is the poem "IF" by Rudyard Kipling. The way he taught us this poem, has helped me sometimes to use those lessons to face the challenges and complications of life and society.

"If you can keep your head when all about you
Are losing theirs and blaming it on you,
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or being lied about, don't deal in lies,
Or being hated, don't give way to hating,
And yet don't look too good, nor talk too wise:

If you can dream - and not make dreams your master,
If you can think - and not make thoughts your aim;
If you can meet with Triumph and Disaster
And treat those two impostors just the same;
If you can bear to hear the truth you've spoken
Twisted by knaves to make a trap for fools,
Or watch the things you gave your life to, broken,
And stoop and build 'em up with worn-out tools:

If you can make one heap of all your winnings
And risk it all on one turn of pitch-and-toss,
And lose, and start again at your beginnings
And never breath a word about your loss;
If you can force your heart and nerve and sinew
To serve your turn long after they are gone,
And so hold on when there is nothing in you
Except the Will which says to them: "Hold on!"

If you can talk with crowds and keep your virtue,
Or walk with kings - nor lose the common touch,
If neither foes nor loving friends can hurt you,
If all men count with you, but none too much;
If you can fill the unforgiving minute
With sixty seconds' worth of distance run,

Yours is the Earth and everything that's in it,
And - which is more - you'll be a Man, my son!"

--Rudyard Kipling (1865-1936)

Two novels Oliver Twist and Mill On the Floss that he walked us through were like two universities teaching the kids of that age about the society and the people. I still can remember that while he was teaching us Oliver Twist and explaining how the gangs of evil will be dissolved with in a short time and how the humane people thrive in the society one day,  he predicted with confidence that same thing happened to the evil gang of Oliver Twist will happen to the LTTE one day, which came true after about 8 years of his statement.

So let me ask from myself, isn't he a philosopher in that aspect?

I can continue the list of great things he taught us like this, but I would like to stop by mentioning a poem he used to teach us the uncertainty of life or the short-lived nature of life. It is the poem "To Daffodils"-by Robert Herrick as follows:

"Fair Daffodils, we weep to see
You haste away so soon;
As yet the early-rising sun
Has not attain’d his noon.
Stay, stay,
Until the hasting day
Has run
But to the even-song;
And, having pray’d together, we
Will go with you along.

We have short time to stay, as you,
We have as short a spring;
As quick a growth to meet decay,
As you, or anything.
We die
As your hours do, and dry
Away,
Like to the summer’s rain;
Or as the pearls of morning’s dew,
Ne’er to be found again."

But I doubt whether I fully understood the universal truth conveyed by the above poem, and that may be why I feel so sad when our teacher has faced the reality spoken by this poem.

Sir, the memories of yours will last with us till our deaths and the legacy that you left behind to this world, through your students, will do a lasting contribution to this world too.

Today, on the day of your funeral Sir; hiding my tears, I would like to say that I was so much lucky to have met a person like you in my life and have got values added from you, and also that I would determine to be more of the person you wanted us to be in order to contribute to this world for its betterment.

Related article:

In this article another student of him speaks about his greatness: http://www.nation.lk/2007/02/18/eyefea3.htm