Introduction
There is two ways to initialize the server :
- As a standelone server
- As an embeded server
Both initialization are different, for the user perspective, but not from the developper perspective, as the first initializtion system embed the server, just adding some specific mechanism to stop the server (remember that the server can be launched as a daemon)
The server initialization is done in two steps. The first one read the confuguration, and set all the necessary structures, and the second step start the server.
Initialization
This is done by reading the server.xml file, which is a Spring based document. As we refer many classes into this file, they will be instanciated on the fly.
The following classes are created :
Object |
Class |
Description |
---|---|---|
environment |
HashTable |
Initialize the euthentication objects for Ldap, Kerberos, Naming, ChangePW, and set of binary attributes |
configuration |
MutableServerStartupConfiguration |
Initialize the server |
systemPartitionConfiguration |
MutableBTreePartitionConfiguration |
Configuration of the system partition |
examplePartitionConfiguration |
MutableBTreePartitionConfiguration |
Configuration of an example partition |
The following schema represent the properties set by this configuration file :
Configuration initialization
During this phase, we instanciate the MutableServerStartupConfiguration, which will initialize a lot of structures, through the call to those three methods :
- setDefaultAuthenticatorConfigurations
- setDefaultBootstrapSchemas
- setDefaultInterceptorConfigurations
setDefaultAuthenticatorConfigurations
This method initialize the authentication methods. At the moment, we support only Simple authentication (ie with a password) or Anonymous authentication.
Each authenticator is stored in a MutableAuthenticatorConfiguration object, which associate a name and a dedicated class.
Should those authenticator be plugins ?
We could declare those authenticator as plugins into the server.xml file, allowing us to easily add some new authenticator. However, this will introduce some weakness in the security system. If somebody add a faked authentication class, and modify the configuration file to load this plugin, what could happen?
SASL
SASL authentication should still be implemented...
For information about authentication mechanisms, open this page : Authentication Mechanisms in ADS
setDefaultBootstrapSchemas
In this method, we will load all the default schemas, which are :
- CoreSchema
- CosineSchema
- ApacheSchema
- InetorgpersonSchema
- JavaSchema
- SystemSchema
- CollectiveSchema
Those schema are transofmed into classes by a maven plugin, and they initiate all the needed structures to handle Ldap ObjectClass, Attributes, Comparator, MatchingRules, etc...
The description of this setup can be found in this page : Schema loading
It can be noted that at this stage, we don't load any other schema. Users defined schema are loaded after the initialization of the server has been done.
Double schema loading ?
It can be noted that all the default schema loaded in this section are also declared in the server.xml file. It is questionnable to load those default schema in this part, and it may be decided to remove this step in the default initialization...
setDefaultInterceptorConfigurations
Here, we will create the list of all existing interecptors. Each interceptor is an instance of the MutableInterceptorConfiguration class.
The instanciated interceptors are :
- normalizationService
- authenticationService
- referralService
- authorizationService
- defaultAuthorizationService
- exceptionService
- schemaService
- subentryService
- operationalAttributeService
- collectiveAttributeService
- eventService
- triggerService
For more informations about Interceptors, go to this page : Interceptors
Other parameters
When this basic initialization is done, this phase is achieved by the loading of default values :
Parameter |
Default value |
Description |
---|---|---|
enableNetworking |
TRUE |
Used if we allow the server to accept network communication (if the server is embeded, it can be set to FALSE) |
synchPeriodMillis |
20 000 ms |
Interval between each flush to the disk of modifed data. Can be set to 0 if the user wants all data to be flushed on disk as soon as they are modified, but this has a huge negative impact on performance. |
ldapPort |
389 |
Default LDAP port. |
ldapsPort |
686 |
Default LDAPS port. |
ldapsCertificateFile |
<basedir>/certificates/server.cert |
Default certificate file storage |
ldapsCertificatePassword |
"changeit" |
Default SSL password |
enableLdaps |
FALSE |
LDAPS is not enabled by default |
enableKerberos |
FALSE |
KERBEROS is not enabled by default |
enableChangePassword |
FALSE |
ChangePW is not enabled by default |
enableNtp |
FALSE |
NTP is not enabled by default |
ldifDirectory |
null |
The dirctory in which ldif files will be read |
[]