[opencms-dev] Questions about OCEE-Cluster and LDAP modules

Tue Jul 28 01:04:38 CEST 2015

Hi Kai, some answers:

1. User is not automatically deleted but you can set scheduled job for
removing users who were removed from LDAP.

2. Quote from documentation (Chapter 4): The only write operation to the
LDAP server supported by the LDAP connector is to change the password of a
user.

3. OpenCms will check pass against LDAP, so you can use only right LDAP
password. I'm not sure if there is some cache.

4. Yes, you can synchronize user info from LDAP to OpenCms´s user additional
info fields. Reverse operation (from OpenCms to LDAP) is not supported.

5. I think data are updated in time the user tries to log in to the OpenCms
(it ca be problem in soem cases ; but im not 100% sure - maybe Alkacon can
aprove it)

6. -

7. You understand it right - in the same time only one server can be master.
You can setup database layer replication, but there is many other "events"
that are sent from master to slaves, so only DB replication probably isn't a
solution. Events manages static export, indexing, cache and data in memory
etc. OpenCms don't use only database. I think it is a big disadvantage of
OCEE - you can't have loadbalanced/replicated workplace server. Or I don't
know how to do it easily:)

8. -

--
Regards
Filip Kratochvil
------------------------------------------------
NELASOFT Technologies, s.r.o.
E-mail: filip.kratochvil at nelasoft.cz
Web: www.nelasoft.cz
Twitter: @NELASOFT

-----Original Message-----
From: opencms-dev-bounces at opencms.org
[mailto:opencms-dev-bounces at opencms.org] On Behalf Of Schliemann, Kai
Sent: Monday, July 27, 2015 7:31 PM
To: 'The OpenCms mailing list (opencms-dev at opencms.org)'; Alkacon OpenCms
Support
Subject: [opencms-dev] Questions about OCEE-Cluster and LDAP modules

Hello list,
I know, those questions should go directly to the guys from Alkacon. But I
thought, these questions, and the answers could be of interest for
everybody.
So here we go:

1.       What happens, when I delete an LDAP-User (or group) in my identity
management system (e.g. Active Directory)? Is that user or group
automatically deleted in all of my OpenCms instances (in all clusters)? If
so, when does this happen?

2.       If I have an already synchronized LDAP-User or group in my OpenCms
instance and I delete this user. Is that user or group also deleted in LDAP
(if I would allow an application to write to my LDAP server.

3.       If I have an already synchronized LDAP-User in my OpenCms instance
and his password is changed in LDAP. Can I still login to OpenCms with my
password saved in OpenCms or does OpenCms check against LDAP, if there is a
new password?

4.       Can I configure the LDAP connector to synchronize OpenCms'
additional user info fields with LDAP attributes?

5.       When does OpenCms get updates from changes of attributes in LDAP
for a user (e.g. his postal address or email address has changed). Let's say
I want to generate a telephone list based users stored in the OpenCms users.
How sure can I be, that those information are correct?

6.       The installation guide of the OCEE modules says, that the database
tables should be converted to InnoDB. What happens, if I don't do that or
have forgotten to do that? Can I easily run the converter script shipped
with the OCEE modules anytime?

7.       When I understand the replication and cluster documentation
correctly, I cannot have two workplace servers, each with its own database.
Correct? So let's say, my workplace instance gets broken (e.g. the database
server is down)? How can I get my workplace server up and running again very
fast? Is there a  possibility with OpenCms or do I have to create a master /
master of master / slave replication on the database layer?

8.       Corresponding to question 7: Is it possible to configure several db
server addresses in the jdbc connection string within the opencms.properties
file, when I have a master / master database setup? Could this look like
this: db.pool.default.jdbcUrl=jdbc:mysql://[primary host]:[port], [secondary
host]:[port]/[database]?

A lot of questions. Please feel free to just answer just one of them.
When I have a complete list of answers, I will put them into the OpenCms
wiki.

Thanks in advance for your help.

Best regards
Kai