Installation

Olog is a Java EE5 REST-style web service. The directory data is held in a relational database, and authentication/authorization info as well as the user/group relations are taken from an LDAP server or Unix "id".

Prerequisites

  • Glassfish v3 application server
  • SQL database with JDBC driver, e.g. mySQL
  • LDAP server, e.g. OpenLDAP or unix "id"

Installation Process

Install Glassfish v3

Download and install Glassfish v3 from java.net following the instructions for your platform.

Install mySQL and JDBC Drivers

  • If your site is running a mySQL server, you can skip the next step, and have the database manager create the olog tables and user for you.
  • Download and install mySQL from MySQL.com following the instructions for your platform.
    Alternatively: Install the mySQL server from your distribution using a package manager.
  • Create the olog tables using the sql/olog.sql script in the distribution tar. Unless you are running the mySQL server locally on your machine with access restricted to localhost, it is strongly advisable to create a user for the Olog service and give it sufficient rights on the olog database. Having the Olog service access the database as root is a possible security hole.
  • Download the JDBC driver from MySQL.com. Extract the driver mysql-connector-java-<n>.<n>.<n>-bin.jar from the archive and drop it into GLASSFISH_HOME/lib.

Create the Database Connection

  • Start your Glassfish application server (through Netbeans or by running asadmin start-domain domain1 (asadmin.bat on Windows) inside GLASSFISH_HOME/bin.
  • Login to the Glassfish admin console (default: http://localhost:4848). The default user and password are "admin" / "adminadmin".
  • Open "Common Tasks" / "Resources" / "JDBC" / "Connection Pools".
  • Create a new Connection Pool called "OlogPool", selecting "javax.sql.ConnectionPoolDataSource" as your "Resource Type" and "MySQL" as "Database vendor".
  • Fill in the details according to your mySQL installation. Minimum are:
    • Server Name (e.g. "localhost")
    • Database Name ("olog")
    • User Name (for access to olog, as set in mySQL)
    • Password (for that user name, as set in mySQL)
  • After finishing, click on the Connection Pool you just created. If you configured the pool correctly, clicking "Ping" will return a "Ping Succeeded" message.
  • Open "Common Tasks" / "Resources" / "JDBC" / "JDBC Resources".
  • Create a new JNDI resource called "jdbc/olog", selecting the Connection Pool you just created.

Install an LDAP Server

  • If your site is running an LDAP server, you can skip the next step, and have the LDAP manager show you the structure and how to query it.
  • Download and install slapd from OpenLDAP.org following the instructions for your platform.
    Alternatively: Install the slapd daemon from your distribution using a package manager.
  • Set up users and groups. The ldif/cftest.ldif file in the distribution shows the LDAP entries I create to run the integration tests. That should give you an idea about the structures that Olog expects.

Create the LDAP Connection for Authentication/Authorization

  • Login to the Glassfish admin console.
  • Open "Common Tasks" / "Configuration" / "Security" / "Realms".
  • Create a new realm called "olog", setting the "Class Name" to "com.sun.enterprise.security.auth.realm.ldap.LDAPRealm", and the "JAAS Context" to "ldapRealm". "Directory" and "Base DN" should reflect your LDAP configuration. (My integration tests use "ldap://localhost:389" as "Directory" and "dc=cf-test,dc=bnl,dc=gov" as "Base DN" which connects to a slapd on localhost that has loaded the definitions from cftest.ldif.
  • Add a property called "group-search-filter" with the value "memberUid=%s" to make authentication work using the usual posixGroup definitions in the LDAP server.

Create the LDAP Connection for Testing Group Membership

  • Login to the Glassfish admin console.
  • Open "Common Tasks" / "Resources" / "JNDI" / "Custom Resources".
  • Create a new resource called "ologGroups", setting the "Resource Type" to "javax.naming.directory.Directory", and the "Factory Class" to "com.sun.jndi.ldap.LdapCtxFactory".
  • Add two additional properties "URL" and "javax.naming.security.principal" reflecting your LDAP configuration. (My integration test use "URL" = "ldap://localhost/dc=cf-test,dc=bnl,dc=gov" and "javax.naming.security.principal" = "cn=olog,dc=nsls2,dc=bnl,dc=gov".)

Deploy the Olog Application

  • Drop the Olog WAR file war/olog-service.war into GLASSFISH_HOME/domains/domain1/autodeploy. (You may have to create the autodeploy directory if it doesn't exist yet.)
    Alternatively: Call asadmin deploy <WAR-file> (asadmin.bat on Windows) inside GLASSFISH_HOME/bin.

Checking the Installation

Using a Browser

Once deployed, Olog should be listening for requests.

For a Glassfish default installation on localhost, a list of all logs in your database, try pointing your browser to "http://localhost:8080/Olog/resources/logs".

Using a Generic Client

For in-depth testing of the service, I recommend using the rest-client application, that allows a complete detailed specification of a request and its payload, giving a lot more options than using a browser.