Space Index

0-9 ... 0 A ... 11 B ... 3 C ... 23 D ... 12 E ... 18 F ... 6 G ... 4 H ... 2 I ... 12 J ... 5 K ... 2 L ... 11 M ... 11 N ... 6 O ... 5 P ... 113 Q ... 2 R ... 9 S ... 16 T ... 2 U ... 2 V ... 3 W ... 3 X ... 0 Y ... 1 Z ... 0 !@#$ ... 0
0-9	A About Penrose import.css = decks.css !penroselogo.gif! Penrose is a virtual directory server. A Virtual Directory does not store any information itself, unlike other LDAP implementations. Requests received from LDAP client applications are processed by Penrose and passed on to the data source hosting ... Access Control Access control is supported starting from Penrose 0.9.4. The access control instruction (ACI) can be defined in the conf/mapping.xml. ... ... ... ACL Support virtual directory in Penrose can be configured to grant/deny certain access rights to certain users using ACL. The ACL specifies the target (entire object or certain attributes only), the scope (base, one level, subtree), the action (grant or deny ... Active Directory Installing Active Directory Increasing Search Limit Increase the MaxPageSize to 2000. See LDAP policy http://support.microsoft.com/default.aspx?scid=kb;enus;315071. Enabling SSL In general Penrose can connect to Active Directory without SSL. However ... Active Directory Support Penrose supports using Active Directory as a data source via its LDAP interface. Penrose does not support Windows specific protocols or API. Penrose does not support Kerberos authentication against Active Directory. Penrose does not support authentication ... Adapters Adapters provides a way to access resources that are going to be mapped into the virtual directory. Adapters configuration can be found in PENROSEHOME/conf/server.xml. JDBC org.safehaus.penrose.connection.JDBCAdapter JNDI org.safehaus.penrose.connection.JNDIAdapter ... Apache Directory What's the relationship between Apache Directory and Penrose? Penrose uses Apache Directory Server http://directory.apache.org as one of its protocol listeners. For a real world usage, user can replace Penrose listener with their favorite directory server through various ... Architecture Penrose Server Architecture !penrosearchv1.png align=center ASL2 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document ... Attribute Value Modification What is Attribute Value Modification? In many cases, it may be necessary to change the actual attribute values being returned to the client. For example: Changing the sequence of the surname and given name in the common name if the common name is stored as "Morrison, Brad", a method in the Java ... Authentication Penrose supports authentication (LDAP bind operation) against password stored in database or LDAP. In some cases the password is retrievable, so Penrose can compare it directly. In other cases, the password is not retrievable, for instance in LDAP and Active Directory. In that case Penrose ...
B Bug Reporting I think I found a bug in Penrose. Where do I report it? The first thing you should do is search for any existing bugs in Penrose's bug tracking system: http://jira.safehaus.org http://jira.safehaus.org/secure/BrowseProject.jspa?id ... Building Penrose Server Ant Targets The build.xml provides the following targets: Target Description clean Remove generated files update Perform SVN update build Compile and build penrosex.x.x.jar docs Generate javadoc dist Create distribution tree distsrc Create source ... Building Penrose Studio Prerequisites Install the required software Machine Setup on your machine. Source Code Get the source code from the Code Repository or download the source distribution Download. We'll refer the source directory as PENROSESTUDIOSOURCE. Ant Targets The build.xml provides the following ...	C CA eTrust Directory Overview Companies can use their existing CA eTrust directory as a futureproof identity backbone by leveraging Penrose virtual directory. In the diagram below, Penrose can use CA eTrust directory to store its cached entries. The cache entries will be made ... CA SiteMinder penrosesminder.jpg! System Requirement The instruction in this document was tested on this environment: Windows Server 2003 Microsoft IIS 6.0 JRE 1.4.2 Penrose 0.9.4 SiteMinder 6.0 Installing SiteMinder Install ServletExec The installation file can be found in SiteMinder Policy Server's ... Cache Penrose uses 2level cache: source cache and entry cache. The source cache caches the data read from the datasources. The entry cache caches the LDAP entries generated by the mappings. Each source and entry mapping has its own cache ... CDDL COMMON DEVELOPMENT AND DISTRIBUTION LICENSE (CDDL) Version 1.0 1. Definitions. 1.1. "Contributor" means each individual or entity that creates or contributes to the creation of Modifications. 1.2. "Contributor Version" means the combination of the Original Software, prior Modifications used by a Contributor ... Change Log History of Changes Version 1.2.4 Version 1.2.3 Version 1.2.2 Version 1.2.1 Version 1.2 Version 1.1 Client Sessions Creating New Connection To interact with Penrose Service first you will need to create a new connection: PenroseConnection connection = penrose.openConnection(); Closing Connection When you are done, you need to close the session: connection.close Code Repository Checking out the code from Git Repository Penrose Server: Public Clone URL: git://github.com/identity/penroseserver.git Penrose Studio: Public Clone URL: git://github.com/identity/penrosestudio.git Commercial software also offers a commercial license. Commercial license has more flexibility: If you plan to include this software as part as your commercial offering, you don't need to publish your software as open source. Developers of this software can provide ... Common Errors various errors encountered in the use of Penrose are primarily categorized by the location they are reported. From there, errors are generally listed by system or by exact phrase. These phrases are then routed to one more layer which suggests specific problems that may cause each error and solutions ... Confluence Tables Listing in Confluence mysql> show tables; Tablesinconfluence ATTACHMENTDATA ATTACHMENTS BANDANA BODYCONTENT CLUSTERSAFETY CONFANCESTORS CONFVERSION CONTENT CONTENTLOCK CONTENTLABEL CONTENTPERM CONTENTPERMSET DECORATOR DRAFT EXTRNLNKS INDEXQUEUEENTRIES LABEL LINKS NOTIFICATIONS OSPROPERTYENTRY PAGETEMPLATES PLUGINDATA SPACEGROUPS ... Connecting to Penrose Servers See the tutorial at: http://penrose.safehaus.org/tutorials/connecting.htm Connecting with LDAP Client Use your favorite LDAP browser and enter the following parameters: Parameter Value Hostname localhost Port 10389 Bind DN uid=admin,ou=system Bind Password secret Base DN dc=Example,dc=com For security ... Connections connections configuration you can specify how to connect to the data sources. Connections configuration can be found in PENROSEHOME/conf/sources.xml. ... ... ... Name ... Contact Identyx http://www.identyx.com now offers production support, customization and installation for Penrose. Please inquire here http://penrose.safehaus.org/contact.html. Contributing Patches We love us some patch goodness. If you want to change something in Penrose or fix a bug you've run across, there's no faster way to make it happen than to do it yourself. Please submit the patch description using our JIRA ... Contributor FAQ Identyx is opening the Penrose Subversion repository to allow checkins from external contributors. This document provides answers to frequently asked questions about the Penrose Subversion approach and policies for contributors. How do I become a contributor? Contributors generally start ... Creating Connections See the tutorial at: http://penrose.safehaus.org/tutorials/createconnection.htm Creating Entries See the tutorial at: http://penrose.safehaus.org/tutorials/creatingentry.htm Creating LDAP Connector Overview This document describes how configure LDAP Connector in MailMarshal for retrieving user groups information from Microsoft SQL Server using Penrose Server as an LDAP gateway. This document assumes that Penrose Server has been configured properly ... Creating Modules Tutorial is not available yet Creating Sources See the tutorial at: http://penrose.safehaus.org/tutorials/createsource.htm Creating User Groups MailMarshal Configurator, go to Configurator Root \> MailMarshal Configurator \> Policy Elements \> User Groups. Click New User Group to start the wizard.\\ !newuserwiz.png! \\ Click Next to continue.\\ !newugselectugtype.png! \\ Select the new connector from the dropdown list. Click Next ... Custom Adapters Introduction Many applications support using LDAP for authentication and authorization. Apache HTTP server is an example of such applications. See http://httpd.apache.org/docs/2.0/mod/modauthldap.html. You can use Penrose as an LDAP server to delegate these functionalities to your ...
D Database Synchronization Support Penrose supports database synchronization using these methods: full synchronization using snapshot incremental update using change log Full synchronization works by periodically comparing the entire contents of the database and the target storage, and applying the difference to the target storage. Incremental ... Demo Connecting to Penrose Servers http://penrose.safehaus.org/tutorials/connecting.htm Creating Connections http://penrose.safehaus.org/tutorials/createconnection.htm Creating Sources http://penrose.safehaus.org/tutorials/createsource.htm Creating Entries http://penrose.safehaus.org/tutorials/creatingentry.htm Mapping LDAP Users http://penrose.safehaus.org ... Developer Nightly Builds Code Repository Road Map Change Log Project Mgmt http://safehaus.projectpath.com/login Developer Guide Architecture Source Relationship Graphs Subtree Search Subtree Search with Filter Machine Setup Eclipse Setup Running Penrose Server in Eclipse Running Penrose Studio in Eclipse Code Repository Building Penrose Server Building Penrose Studio Custom ... Directories Integration general, the closer information to its source, the more accurate and timely the info is likely to be, for at least 3 reasons: 1. the source of the information, by definition, the most accurate. 2. Extra delay and opportunity for error between the source and directory are eliminated 3. Depending ... Directory Firewall Penrose can be used as LDAP firewall proxy by configuring it to return only subset or different information to external clients. !fireproxy.jpg Directory Migration Both old and new data formats coexist at the same time Penrose allows you to perform Lazy migration. Lazy migrations work on a simple assumption. You constantly have two views of your data: the old data format view ... Directory Proxy Penrose can be used as a proxy to your database or LDAP servers. By setting the Cache expiration to 0, no data will be cached by Penrose, all requests from the clients will be forwarded directly to the datasources. References Proxy Mapping in Penrose PENROSE10:Proxy Mapping How ... Directory Routing Penrose allows you to associate each particular part of virtual directory tree with a particular adapter. For example an LDAP Proxy Adapter might be configured to represent users in "cn=Users, dc=penrose, dc=safehaus, dc=org" to be represented ... Directory Translator Penrose allows directory translation by transforming data onthefly. Penrose tools enable administrators to configure Penrose server to make, for example, Active Directory to look like Sun One Documentation Penrose 2.0 Documentation PENROSE20:Documentation Penrose 1.2 Documentation PENROSE12:Documentation Penrose 1.01.1 Documentation PENROSE10:Documentation Penrose 0.9.9 Documentation Penrose 0.9.8 Documentation Penrose 0.9.7 Documentation Download Latest Releases On this page you can find the binary and source distributions of Penrose. The the latest release is Penrose 2.0 Release Penrose20:Penrose 2.0 Release The stable release is Penrose 1.2 Release PENROSE12:Penrose 1.2 Release. If you find ...	E Eclipse Setup Creating Penrose Project To create the Penrose project, go to File \> New \> Project ... !eclipsepenrose1.png! Then click Next. !eclipsepenrose2.png! Enter the project name and source directory that you check out from SVN. !eclipsepenrose3.png! Finally click Finish. Creating Penrose ... Embedding Penrose Initializing Penrose Service Client Sessions LDAP Operations Events Penrose API http://penrose.safehaus.org/javadoc Engine Penrose allows you to implement your own join engine. See Engine API http://penrose.safehaus.org/javadoc/org/safehaus/penrose/engine/packagesummary.html. The configuration is located in PENROSEHOME/conf/server.xml: DEFAULT org.safehaus.penrose.engine.Engine ... Enterprise Apps Enterprise Applications such as CRM, Portal and Financial Reporting needs a unified view of employees, partners or customers. Penrose can facilitate the unification process by combining all of identities information so it is readily available in one place. It can do so without ... Enterprise Certificate Authority Introduction This page describes how to setup Enterprise Certificate Authority on Windows Server 2003. Install Internet Information Services (IIS) You need to install IIS first. Install Enterprise Certificate Authority Go to Start > Settings > Control Panel ... Entries Entry Definition There are 2 types of entries: Static entry This entry has a constant RDN, it represents a single entry in the resulting virtual directory. Dynamic entry This entry has a dynamic RDN, it represents multiple entries in the resulting virtual directory. An ... Entry Attributes An attribute in an entry is defined as follows: ... Attribute Name The "name" contains the attribute name, e.g. cn, ou. Penrose currently does not validate the attribute names nor the values against the schema. Attribute ... Entry Sources and Fields source in an entry is defined as follows: ... ... ... Source ... eTrust Directory Integration - eTrust Directory Configuration Create New DSA Penrose's sample mapping uses dc=Example,dc=com suffix. See PENROSESERVERHOME\conf\mapping.xml. Create a new DSA with this suffix. In DXHOME\bin execute: dxnewdsa example example 19589 dc com dc ... eTrust Directory Integration - eTrust Directory Installation Install eTrust Directory Download eTrust Directory 8.1 from http://supportconnectw.ca.com/public/etrust/etrustdir/downloads/etrustdirupdates.asp. Install eTrust Directory on a server machine. The default installation directory on Windows Server 2003 is C:\Program Files\CA ... eTrust Directory Integration - MySQL Configuration Create Users Create sa user: grant all privileges on . to 'sa'@'%' identified by 'secret' with grant option; This user will be used by the system administrator. Create penrose user: grant all privileges on . to 'penrose'@'%' identified by 'penrose' with grant option; This user will be used ... eTrust Directory Integration - MySQL Installation Installation Download MySQL 5.0 from http://www.mysql.com. On Windows Server 2003 the default installation directory is C:\Program Files\MySQL\MySQL Server 5.0. This directory will be referred to as MYSQLHOME eTrust Directory Integration - Penrose Configuration Configure Connections Add a connection to eTrust Directory. Edit PENROSESERVERHOME\conf\connections.xml: JDBC driver com.mysql.jdbc.Driver password eTrust Directory Integration - Penrose Installation Install Penrose Server Download the latest nightly build for Penrose Server 0.9.9 from http://dist.safehaus.org/penrose/nightly. Penrose Server should be installed on the same machine as the eTrust Directory. On Windows Server 2003 the default installation directory is C ... eTrust Directory Integration - Updating Datasource Introduction In this test case several update operations will be performed against the MySQL database. After a few seconds, the result of these modifications should be reflected in the eTrust Directory. Connect to the "example" database as the "sa" user with password "secret" and perform the following operations. Add ... eTrust Directory Integration - Updating eTrust Directory Introduction In this test case several update operations will be performed against eTrust Directory. After a few seconds, the result of these modifications should be reflected in MySQL database. Connect to eTrust Directory as "uid=manager,ou=Users,dc=Example,dc=com ... Events See Event API http://penrose.safehaus.org/javadoc/org/safehaus/penrose/event/packagesummary.html. Adding Listeners penrose.addAddListener(listener); penrose.addBindListener(listener) penrose.addCompareListener(listener) penrose.addConnectionListener(listener) penrose.addDeleteListener(listener) penrose.addModifyListener(listener) penrose.addSearchListener(listener) Removing Listeners penrose.removeAddListener ... Expressions Penrose uses BeanShell http://www.beanshell.org expressions to perform mappings/transformations between attributes and source fields. Mapping To map a source field to an attribute, you can consider the source as a Java object and the fields as the object properties. To map an ...
F FAQ General What is Virtual Directory? Virtual Directory What is the difference between Virtual and Meta Directory? Virtual vs Meta Directory Use Cases Why do you want to use Virtual Directory? Virtual Directory Usage What is Schema ... Features Penrose Server Available on any platform where Java is supported Conversion and manipulation of Attribute values Namespace handling and Intelligent LDAP Queries routing Join and Cache PENROSE10:Cache engine Allow both inmemory and persistent cache Bidirectional synchronization ... Features, Configuration, and Extension Penrose comes with some builtin features including ACL, cache, proxy, etc. However, to use these features they have to be configured in XML files (directory.xml, modules.xml, etc.). If certain features are not available in Penrose (e.g. Web services, stored procedures), Penrose ... Fedora and Red Hat DS Support Penrose can use Fedora/Red Hat DS as a data source. Penrose supports synchronization via snapshots or change log. Penrose does not support FDS/RHDS replication protocol. Penrose can run under FDS/RHDS via ... Firewall Proxy How to specify proxy settings for firewall? Run the following before running Penrose tools: export PENROSEOPTS="Dhttp.proxyHost= Dhttp.proxyPort= FLOSS Penrose developers Exception for Free/Libre and Open Source Softwareonly Applications Using Penrose Client Libraries (the "FLOSS Exception"). version 0.6, May 29, 2007 Exception Intent We want specified Free/Libre and Open Source Software ...	G Geronimo Overview Apache Geronimo now includes Apache Directory which allows Geronimo to provide and build on a unified security layer for applications. Geronimo can now offer a framework for certificate management and platform for singlesignon Getting Support Penrose is an open source project with a strong user community. There are a number of channels from which you can obtain support. Community Support Channels # First read the documentation PENROSE10:Documentation. If you're starting out with Penrose make sure ... Global Address List Let say your company utilizes CRM system which contains all your customers information. Penrose allows you to repurpose that informaton and turnit into a global address list (GAL GPL Exception I never heard of this GPL exception, are you sure you can do this? Penrose developers hold copyright to all the Penrose code. We can include additional license provisions, in this case a FLOSS exception, to our software. MySQL has ...
H Home What is it? Penrose is a javabased virtual directory server. Virtual directory enables federating (aggregating) identity data from multiple heterogeneous sources like directory, databases, flat files, and web services realtime and makes it available to identity consumers via ... HOWTO PENROSE HOWTO Penrose and Active Directory Synchronization HOWTO	I Identity Correlation Penrose can be used to correlate identities from different realms. If there is a common attributes between the realms, you can directly join the realms using the common attributes. For instance, Realm1 contains Name and SSN, Realm2 contains Email and SSN. With Penrose ... Identity Joining Identity Joining By joining and "federating" sources of identity data, virtual directory can provide application developers a centralized place to seek user information for authorization and authentication purposes. !vddiagram.png align=center Including Penrose in non-GPL software Can my BSD/LGPL licensed software includes Penrose without violating your GPL license? Yes, you can. We created a FLOSS exception to address this concern. For example, if Jboss (LGPL) were to embed Penrose , that would not be a violation ... Index Information Audit extending Penrose Modules, developers can record user activities against the targeted directory. This could help businesses comply with the audit requirements regulations, such as HIPAA (Health Insurance Portability and Accountability Act), the GrahamLeachBliley Act and the SarbanesOxley Act Initializing Penrose Service Starting Penrose Service Penrose penrose = new Penrose(); penrose.init(); Stopping Penrose Service penrose.stop Installing Additional Libraries Additional Libraries Depending on your needs, you might need some additional libraries to be installed on Penrose Server and Penrose Studio. These additional libraries may include JDBC drivers, custom adapters, custom modules, 3rd party libraries, etc ... Installing JDBC Driver JDBC Drivers Both Penrose Server and Penrose Studio include the following JDBC drivers: HSQLDB JDBCODBC Bridge If you are using other database server, you need to install the JDBC driver for your database or use the JDBCODBC Bridge. Penrose ... Installing Penrose Server Windows Platforms On Windows platforms, download Download the Windows installer, then doubleclick the file. Select an installation directory (e.g. C:\Program Files\Penrose Server). We will refer the installation directory as PENROSEHOME. RedHat Linux Platforms On RedHat Linux ... Installing Penrose Studio Windows Platforms On Windows platforms, download the Windows installer, then doubleclick the file. Mac OS X Platforms On Mac OS X platforms, download the Mac OS X installer (DMG), then doubleclick the dmg file to mount the disk. You can ... Installing Security Provider Introduction To use Penrose you need to install Bouncy Castle security provider. This instruction assumes that you have installed JDK 1.4 or later in a directory that we refer as JAVAHOME. Installing Bouncy Castle Security Provider Download http://www.bouncycastle.org ... Interpreter Penrose supports transforming data being read or written to sources using any scripting language. By default Penrose uses BeanShell scripting languange. The scripting language can be configured in PENROSEHOME/conf/server.xml: DEFAULT
J JavaDocs Penrose 1.2 JavaDoc http://penrose.safehaus.org/javadoc/penrose1.2/ Penrose 1.01.1 JavaDoc http://penrose.safehaus.org/javadoc/penrose1.0/ Penrose 0.9.9 JavaDoc http://penrose.safehaus.org/javadoc/penrose0.9.9/ Penrose 0.9.8 JavaDoc http://penrose.safehaus.org/javadoc/penrose0.9.8/ Penrose 0.9.7 JavaDoc http://penrose.safehaus.org/javadoc/penrose0.9.7 JBoss Starting version 1.0, Penrose can be installed as JBoss service. Make sure you have Ant installed. Go to PENROSESERVERHOME/jboss, execute: ant This command will generate penrose.sar in this directory. Copy this file into JBOSSHOME/server/default/deploy directory ... JDK Compatibility Penrose Server requires a Sun JDK 1.5 for its security libraries. If you are using Red Hat/Fedora/ Centos/Other Linux distros, Sun JDK is may or may not installed. After installing the required JDK, you can add ... JIRA Tables Listing in JIRA mysql> show tables; Tablesinjiradb OSCURRENTSTEP OSCURRENTSTEPPREV OSHISTORYSTEP OSHISTORYSTEPPREV OSWFENTRY SEQUENCEVALUEITEM changegroup changeitem columnlayout columnlayoutitem component configurationcontext customfield customfieldoption customfieldvalue externalentities fieldconfigscheme fieldconfigschemeissuetype fieldconfiguration fieldlayout fieldlayoutitem fieldlayoutscheme fieldlayoutschemeassociation ... JMX Penrose uses MX4J to provide JMX service. The JMX service is used by Penrose Studio to communicate with Penrose Server. The MX4J configuration can be found in PENROSESERVERHOME/conf/mx4j.xml. JMX Port By default the JMX port is 1099. You can change it by editing ...	K KB Knowledge Base KB0001: Error Connecting to Penrose Server PENROSE10:KB0001 KB0002: Default username/password for Penrose Studio/LDAP Client to connect to Penrose Server PENROSE10:KB0002 Kerberos Support Penrose currently does not support Kerberos
L LDAP Interface to Database What are the benefits of providing LDAP interface access to a database? LDAP provides a centralized configuration. LDAP is well suited for authentication. LDAP is well integrated with a lot of MTA/MUA, such as sendmail/posfix. LDAP is the standard access protocol used by corporate directory ... LDAP Interface to Relational Db Penrose Configuration for Authentication Authentication LDAP Operations Bind Operation connection.bind(dn, password); Unbind Operation connection.unbind(); Search Operation List attributeNames = new ArrayList(); SearchResults results = connection.search( dn, LDAPConnection.SCOPESUB, LDAPSearchConstraints.DEREFALWAYS, "(objectClass=)", attributeNames); for (Iterator i=results.iterator(); i.hasNext(); ) Add Operation connection.add(entry ... LDAP Synchronization Support Penrose supports LDAP synchronization with these methods: full synchronization using snapshots incremental update using change log Full synchronization works by periodically comparing the contents of the LDAP server and the target storage, and applying the difference to the target storage. Incremental update ... LDAPv2 Compatibility Does Penrose support LDAP v2 clients? The default LDAP server that comes with Penrose Server only supports LDAP v3 clients. LDAP v2 clients are supported via OpenLDAP server. To run Penrose with OpenLDAP you need to install ... LDAPv3 Compatibility Penrose by default uses OpenDS as an LDAP service that supports LDAPv3 standards. This means that Penrose can accept any valid LDAPv3 requests. However, since Penrose is a virtual directory, this does not mean that all requests will translate to similar behavior ... Legal Attributions, Copyrights, Patents, and Licenses Title: "Legal" Release: penrose1.2.X Placement: Included within collection of files composing specific Identyx release. Type of File: .pdf Contents: Legal Details The information contained here relates to software used from ... Licenses Penrose has two licensing options. No matter which license you choose, the overall business benefit of the Penrose virtual directory is a dramatically lower total cost of ownership. The guiding business principle of Penrose is one of fair exchange, or Quid pro ... Liferay Resources Liferay LDAP Integration http://wiki.liferay.com/index.php/LDAP Loading an LDIF file Loading an LDIF using standard ldapadd command. Make sure that you supply the correct credential. ldapadd h localhost p 10389 D "uid=admin,ou=system" W x f addr.ldif Logging Penrose utilizes Log4j for logging. When running in the foreground, by default the output will be shown on the screen. When running in the background, by default the output will be stored in PENROSESERVERHOME/var/penrose.out. Logging Configuration The logging configuration is located in PENROSEHOME/conf/log4j.properties. log4j.debug=false log4j.rootLogger ...	M Machine Setup Java 2 SDK 1.5.x Penrose should be built with 1.5.x for compatibility reasons. Download the latest from http://java.sun.com. Install in the default directory. Set the JAVAHOME environment variable to point to the installation directory (e.g. C:\Program Files\Java ... Mail Marshal Overview This document describes how to configure Mail Marshal to load identity information from Database via Penrose. Creating LDAP Connector Creating User Groups Reloading Groups Mailing List Please follow netiquette! A mailing list is an electronic discussion forum that anyone can subscribe to. When someone sends an email message to the mailing list, a copy of that message is broadcast to everyone who is subscribed to that mailing list. Mailing lists ... Mailing List & IRC Mailing lists and IRC Mailing list etiquette Please consider the following before posting Emails to the lists: No posts with html No cross posting. Change the subject when appropriate (meaning when the conversation topic has shifted to something other than ... Mapping LDAP Groups See the tutorial at: http://penrose.safehaus.org/tutorials/mappingldapgroups.htm Mapping LDAP Users See the tutorial at: http://penrose.safehaus.org/tutorials/mappingldapusers.htm Mapping Rules Dynamic Entry with One Source Here we will generate a mapping that can map each row in the "groups" table to an entry in the virtual directory. Assume that we have defined a source called "g" to represent the "groups" table. Microsoft Active Directory Microsoft Active Directory can be proxied or firewalled by Penrose. Penrose can also do Pass Through Authentication to AD server. Notes The default search result limit on AD was 1000. At this point, you will need to change MaxPageSize limit settings ... Microsoft Outlook Support Penrose can be configured to serve as Microsoft Outlook address book. See Microsoft Outlook PENROSE20:Microsoft Outlook. Penrose cannot replace Active Directory for Microsoft Exchange Modules Modules provide a way to extend the functionality of the virtual directory. See Module API http://penrose.safehaus.org/javadoc/penrose0.9.7/org/safehaus/penrose/module/packagesummary.html. Module configuration can be found in PENROSEHOME/conf/modules.xml. MyModule com.mycompany.MyModule ... MySQL 5.0 Penrose and MySQL 5.0 One of the new feature of MySQL 5.0 is triggers. Triggers are eventdriven stored procedures that are attached to a specific table; the trigger code will fire for any write, even one that occurs on that table. Paired with a new polling connector from ...
N Namespace Conversion What is Namespace Conversion? For security or political reasons an organization may want to expose different parts of the directory tree to different groups of users, or hide the real structure of the directory tree. Virtual Directory allows company to show a different directory ... Navigation Overview Home News FAQ Features Licenses Download Demo Penrose10:Demo Documentation Documentation JavaDocs Use Cases Community Wiki DISC:Wiki Developer Nightly Builds Code Repository Road Map Change Log Project Mgmt ... News May 18th, 2007, Penrose 1.2 Final release The Safehaus Penrose team is proud to announce Penrose 1.2. Special thanks to Pete Rowley (FedoraDS) and Neil Wilson (OpenDS) and all the nice people who contributed to this release: Ricardo A. Gorosito ... Nightly Builds Resources Penrose Server Latest http://builds.safehaus.org/penrose/PENROSESERVERLATEST/ Penrose Studio Latest http://builds.safehaus.org/penrose/PENROSESTUDIOLATEST/ Penrose Server 2.0 http://builds.safehaus.org/penrose/PENROSESERVER20/ Penrose Studio 2.0 http://builds.safehaus.org/penrose/PENROSESTUDIO20/ Penrose Server 1.2 ... NIS Support Penrose supports using NIS as a data source. See NIS adapter PENROSE20:NIS Adapter, connection PENROSE20:NIS Connection, and source PENROSE20:NIS Source. Penrose does not support running as a NIS server NIS Synchronization Support Penrose supports NIS synchronization by periodically comparing the entire contents of the NIS server and the target storage, and applying the difference to the target storage. The target storage can be anything supported by Penrose	O Open Software License Our software is 100% GPL (General Public License); if yours is 100% GPL compliant, then you have no obligation to pay us for the licenses. This is a great opportunity for the open source community and those of you who are developing open source software. The formal ... OpenLDAP OpenLDAP can be used as a persistent entry cache for Penrose. database bdb suffix "dc=Example,dc=com" rootdn "cn=Manager,dc=Example,dc=com" rootpw secret updatedn "cn=Replicator,ou=Users,dc=Example ... OpenXchange OpenXchange uses OpenLDAP to store profiles. What happened if you want to store the profiles on your database, i.e: Postgresql. Penrose allows you to do just that. !oxsetup.jpg! Here's the instruction: 1. Download OX LDIF Static Entries here ... Operational Attribute Support default Penrose does not have operational attributes. However, operational attributes can be added in the configuration. In proxy configuration, Penrose will pass the operational attributes returned by an LDAP data source to the clients. In other configuration you can expose certain ... Overview News FAQ Features Licenses Download Demo
P Pass Through Authentication Pass Through Authentication to Active Directory In many organizations, Active Directory server is central store of user attribute information, including password. Penrose can pass through credentials to Active Directory for password authentication. Penrose can do so ... Penrose 0.9 Release New and Noteworthy Mapping tool will be available June 3rd. You can however download the penrose server below. For source code, please check our Code Repository. Download Here Download Description penrose0.9.exe http://penrose.safehaus.org/download/penrose0.9.exe ... Penrose 0.9.1 Release New and Noteworthy Changes: Various bug fixes New configuration file format Improved API Penrose Virtual Directory Server Download Description penrose0.9.1.exe http://penrose.safehaus.org/download/penrose0.9.1.exe Penrose Server Binary Distribution for Windows penrose0.9.1.zip http://penrose.safehaus.org ... Penrose 0.9.2 Release New and Noteworthy Penrose Virtual Directory Server Download Description penrose0.9.2.exe http://penrose.safehaus.org/download/penrose0.9.2.exe Penrose Server Binary Distribution for Windows penrose0.9.2.zip http://penrose.safehaus.org/download/penrose0.9.2.zip Penrose Server Binary Distribution in zip package penrose0.9.2.tar.gz http://penrose.safehaus.org ... Penrose 0.9.3 Release New and Noteworthy Improved performance. Interoperability with Sun Java System DS, LDAP v2, etc. New and improved Penrose Studio interface using RCP 3.1. Various bug fixes. Penrose Server Download Description penrose0.9.3.exe http://penrose.safehaus.org ... Penrose 0.9.4 Migration Migrating apacheds.properties to apacheds.xml. Starting from 0.9.4 Penrose uses XML configuration for ApacheDS. If you have made any modification to the apacheds.properties, make sure you migrate the changes to apacheds.xml. See the following "example" partition: Penrose 0.9.4 Release New and Noteworthy Improved join engine. Improved cache performance. Support of Access Control. CA Siteminder interoperability. Improved Penrose Studio interface. Various bug fixes. Follow this instruction Penrose 0.9.4 Migration to migrate from 0.9.3 to 0.9.4 ... Penrose 0.9.5 Migration Migrating apacheds.xml Update your apacheds.xml as follows: org.apache.ldap.common.berlib.asn1.SnickersProvider simple uid=admin ... Penrose 0.9.5 Release New and Noteworthy Support for various mapping configurations with examples. Support for JDBC filter. Support running as Windows service. Improved Penrose Studio interface. Various bug fixes. Follow this instruction Penrose 0.9.5 Migration to migrate from 0.9.4 to 0.9.5 ... Penrose 0.9.6 Migration Migrating apacheds.xml Remove the following section inside the "configuration" bean. Add the following sections at the end of "interceptorConfigurations" property in the "configuration" bean. Penrose 0.9.6 Release New and Noteworthy Added support joins with >, >=, <, <= operators. Added support for batch loading. Added support for JDBC source cache. Improved configuration validation. Improved Penrose Studio interface. Various bug fixes. Follow this instruction Penrose 0.9.6 Migration ... Penrose 0.9.7 Documentation Quick Start Tutorials Penrose Server User Guide Penrose Studio User Guide Embedding Penrose Developer Guide Penrose Use Cases Penrose 0.9.7 Migration Migrating apacheds.xml You can simply overwrite the old conf/apacheds.xml with conf/default/apacheds.xml, or you can manually modify the file as follows. Starting from 0.9.7, Penrose no longer needs context partitions. So, remove all context ... Penrose 0.9.7 Release New and Noteworthy Query optimizer. Compatibility with Java 1.5. Various bug fixes. Follow this instruction Penrose 0.9.7 Migration to migrate from 0.9.6 to 0.9.7. Penrose Server Download Description penrose0.9.7.exe http://penrose.safehaus.org/download/penrose0.9.7.exe Binary Distribution for Windows ... Penrose 0.9.8 Access Control access control instruction (ACI) can be defined in the conf/mapping.xml. ... ... ... ... ... ... ... Penrose 0.9.8 Adapters Adapters provides a way to access resources that are going to be mapped into the virtual directory. Adapters configuration can be found in PENROSEHOME/conf/server.xml. org.safehaus.penrose.connector.JDBCAdapter org.safehaus.penrose.connector.JNDIAdapter Penrose 0.9.8 Attribute Mappings An attribute in an entry is defined as follows: ... ... ... Attribute Name The "name" contains the attribute name, e.g. cn ... Penrose 0.9.8 Authentication Penrose supports authentication (LDAP bind operation) against password stored in database or LDAP. In some cases the password is retrievable, so Penrose can compare it directly. In other cases, the password is not retrievable, for instance in LDAP and Active Directory. In that case Penrose ... Penrose 0.9.8 Cache Penrose uses 2level cache: source cache and entry cache. The source cache caches the data read from the datasources. The entry cache caches the LDAP entries generated by the mappings. Each source and entry mapping has its own cache ... Penrose 0.9.8 Configuration Penrose Server configuration file is located in PENROSESERVERHOME/conf/server.xml. org.safehaus.penrose.management.PenroseJMXService org.safehaus.penrose.ldap.PenroseLDAPService Penrose 0.9.8 Connection API Creating Connection Configuration To create a connection configuration: String name = "Example"; String adapterName = "JDBC"; ConnectionConfig connectionConfig = new ConnectionConfig(name, adapterName); Adapter Name You can change the adapter name this way: String adapterName = "JNDI"; connectionConfig.setAdapterName ... Penrose 0.9.8 Connection Manager Penrose uses the connection manager to manage connections to the mapped data sources. Once you start Penrose, you can get the connection manager: ConnectionManager connectionManager = penrose.getConnectionManager(); Then you can use the connection manager to open the actual connection by supplying ... Penrose 0.9.8 Connections Introduction In the connections configuration you can specify how to connect to the data sources. Connections configuration can be found in PENROSESERVERHOME/conf/connections.xml. ... ... ... Penrose 0.9.8 Connector Penrose uses the connector component to load/store data from/to data sources. The connector use adapters to communicate with each specific type of data source. ... ... See also Adapters ... Penrose 0.9.8 Documentation Quick Start Tutorials Penrose Server User Guide Penrose Studio User Guide Embedding Penrose Developer Guide Penrose Use Cases Penrose 0.9.8 Embedding Overview 2 ways to embed Penrose into your Java application. Penrose Service Penrose service is the very basic virtual directory functionality. If you only need the mapping service you can just instantiate Penrose object. PenroseConfig penroseConfig = ... Penrose ... Penrose 0.9.8 Embedding Penrose Embedding Overview Penrose 0.9.8 Embedding Overview Penrose Configuration Penrose 0.9.8 Penrose Configuration API Partition Configuration Penrose 0.9.8 Partition API Connection Configuration Penrose 0.9.8 Connection API Source Configuration Penrose 0.9.8 Source ... Penrose 0.9.8 Engine Engine is the core component of Penrose where the join and mapping operations are performed. If you need to configure Penrose engine's parameters, add the following section in server.xml. ... ... Penrose 0.9.8 Entry Mappings Entry Definition There are 2 types of entries: Static entry This entry has a constant RDN, it represents a single entry in the resulting virtual directory. Dynamic entry This entry has a dynamic RDN, it represents multiple entries in the resulting virtual directory. An ... Penrose 0.9.8 Expressions Penrose uses BeanShell http://www.beanshell.org expressions to perform mappings/transformations between attributes and source fields. Mapping To map a source field to an attribute, you can consider the source as a Java object and the fields as the object properties. To map an ... Penrose 0.9.8 Interpreter Penrose supports transforming data being read or written to sources using any scripting language. By default Penrose uses BeanShell scripting languange. The scripting language can be configured in PENROSESERVERHOME/conf/server.xml: org.safehaus.penrose.interpreter.DefaultInterpreter Penrose 0.9.8 LDAP Operations Bind Operation String bindDn = "uid=admin,ou=system"; String bindPassword = "secret"; session.bind(bindDn, bindPassword); Unbind Operation session.unbind(); Search Operation String baseDn = "dc=Example,dc=com"; String filter = "(objectClass=)"; PenroseSearchControls sc ... Penrose 0.9.8 Logging Penrose utilizes Log4j for logging. When running in the foreground, by default the output will be shown on the screen. When running in the background, by default the output will be stored in PENROSESERVERHOME/var/penrose.out. Note: running Penrose in the debug mode will slow down the performance considerably. Logging ... Penrose 0.9.8 Logging Configuration Introduction When you run Penrose as a standalone server, it configures Log4j based on the command line parameters or the log4j.properties. See Logging Penrose 0.9.8 Logging. When you run Penrose in an embedded environment, Penrose does not configure Log4j ... Penrose 0.9.8 Mapping Rules Dynamic Entry with One Source Here we will generate a mapping that can map each row in the "groups" table to an entry in the virtual directory. Assume that we have defined a source called "g" to represent the "groups" table. Penrose 0.9.8 Migration apacheds.xml The apacheds.xml is no longer used, you can remove it from the conf directory. Schemas, LDAP ports, partitions, admin DN and password configurations have been moved to server.xml. mx4j.xml The mx4j.xml is no longer used, you can remove it from ... Penrose 0.9.8 Modules Modules provide a way to extend the functionality of the virtual directory. See Module API http://penrose.safehaus.org/javadoc/penrose0.9.8/org/safehaus/penrose/module/packagesummary.html. Module configuration can be found in PENROSEHOME/conf/modules.xml. MyModule com.mycompany.MyModule ... Penrose 0.9.8 Partition Partition is a collection of trees in the virtual directory. In a partition you define the virtual entries including their mapping to the data source. Partition Configuration Partition configuration is stored in several files: mapping.xml connections.xml sources.xml modules.xml The mapping.xml contains the definition of the virtual entries ... Penrose 0.9.8 Partition API Creating Partition Configuration To create a partition simply create an instance of Partition class. Partition partition = new Partition(); Connections To add a connection: String name = "Example"; String adapterName = "JDBC"; ConnectionConfig connectionConfig = new ConnectionConfig(name, adapterName ... Penrose 0.9.8 Partition Manager Introduction Penrose uses a PartitionManager to manage the life cycle of the partitions. When you instantiate the Penrose object, none of the partitions are loaded initially. You can optionally load the partitions manually. When Penrose is started, it will automatically load all remaining ... Penrose 0.9.8 Penrose Configuration API page explains how to create Penrose configuration in an embedded environment. Creating Penrose Configuration There are 2 ways to create Penrose configuration. You can create an empty configuration by instantiating the PenroseConfig class. PenroseConfig penroseConfig = new PenroseConfig ... Penrose 0.9.8 Penrose Server User Guide Installing JDBC Driver Configuration Penrose 0.9.8 Configuration System Properties Penrose 0.9.8 System Properties Services Penrose 0.9.8 Services Interpreter Penrose 0.9.8 Interpreter Session Handler Penrose 0.9.8 Session Handler Engine Penrose 0.9.8 ... Penrose 0.9.8 Penrose Session Creating New Session To interact with Penrose service first you will need to create a new session: PenroseSession session = penrose.newSession(); You can use the session to perform LDAP Operations Penrose 0.9.8 LDAP Operations. Make sure when you ... Penrose 0.9.8 Persistent Cache Introduction Persistent cache uses an LDAP server and a database server to store Penrose directory tree entries. With persistent cache, you can continue to use your favorite LDAP server while utilizing Penrose to provide synchronization services ... Penrose 0.9.8 Release New and Noteworthy Performance optimization. Persistent cache. Improved API and XML formats. Improved Penrose Studio. Support of partitions and services. Support of composite RDN. Support of ModRDN operation. Various bug fixes. Follow this instruction Penrose 0.9.8 Migration ... Penrose 0.9.8 Running Penrose Starting Penrose Service The following code will start Penrose service in the current directory. Penrose penrose = new Penrose(); penrose.start(); The following code will start Penrose service in a specific directory. Penrose penrose = new Penrose("c:\\usr\\local\\penrose ... Penrose 0.9.8 Sample Code Penrose Server distribution includes a sample program in the src/examples directory. https://svn.safehaus.org/repos/penrose/trunk/src/examples/Demo.java Creating Penrose Configuration In this code it creates a new configuration based on the default one, then it adds the example.schema and the sample ... Penrose 0.9.8 Schema Currently schema is only used to help Penrose users designing the mapping. For instance, a warning message will be shown if there is a missing required attribute in the entry definition. However, Penrose currently does not enforce the validity of the mapping nor the output. Default Schema Penrose ... Penrose 0.9.8 Service Manager Introduction PenroseServer uses a ServiceManager to control the life cycle of the services. To get the ServiceManager: PenroseServer penroseServer = ... ServiceManager serviceManager = penroseServer.getServiceManager(); Initializing Services Before a service can be used, it has to be initialized first. During initialization generally each service would ... Penrose 0.9.8 Services Services are used by Penrose Server to provide interface for Penrose clients. Services are configured in conf/server.xml: ... ... ... Penrose contains 2 builtin services ... Penrose 0.9.8 Session Handler session handler manages Penrose sessions. You can configure the session handler in PENROSESERVERHOME/conf/server.xml. ... ...