Liferay Portal LDAP Authentication with Penrose Server

Penrose Server has, by default, OpenDS as backend, then any LDAP objectClass that exists in OpenDS exists in Penrose Server.


Said that, come on with installation.


1. Pre-requisites
1. Download Java Development Kit (>=1.5):


for example ./jdk-1_5_0_17-linux-amd64.bin







2. CentOS already has OpenJDK. You can verify it:


[root@directorysrv1 /]# java -version
java version "1.6.0"
OpenJDK Runtime Environment (build 1.6.0-b09)
OpenJDK Client VM (build 1.6.0-b09, mixed mode)
2. Installing Penrose Server (Virtual Directory)
A virtual directory maps information from disparate data sources, such as LDAP services and Database, into a single location for users to access.


1. Download the RPM from here http://penrose.redhat.com/display/PENROSE20/Penrose+2.0+Release


2. Install the package(s):


[root@directorysrv1 tempo]# rpm -i vd-server-2.0-1.i386.rpm
VD Server 2.0 has been installed in /opt/vd-server-2.0.
3. Make sure that JAVA is configured:


Edit /opt/vd-server-2.0/vd.conf file.


[root@directorysrv1 /]# vim /opt/vd-server-2.0/etc/vd.conf
Add the JAVA_HOME variable, pointing to your JDK. For example, in CentOS is:


JAVA_HOME=/usr/lib/jvm/java-1.6.0-openjdk
After editing the vd.conf file, copy it into the host’s /etc directory.


[root@directorysrv1 /]# cp /opt/vd-server-2.0/etc/vd.conf /etc
4. Run a configuration script to reset the server hostname, give the admin username and password, and set the port numbers and other information for the associated LDAP and JMX services of the Virtual Directory.


For example:


[root@directorysrv1 /]# cd /opt/vd-server-2.0/bin/
[root@directorysrv1 bin]# ./vd-config.sh
Configuring VD Server:
----------------------


Hostname [directorysrv1.intix.info]:
Root DN [uid=admin,ou=system]:
Root Password [*****]:
User account [root]:
Group account [root]:


Configuring JMX Service:
------------------------


RMI Port [1099]:
RMI Transport Port [40888]:


Configuring OpenDS Service:
---------------------------


LDAP Enabled [true]:
LDAP Port [10389]:
Secure LDAP Enabled [false]:
Secure LDAP Port [10636]:
SSL Certificate Name [server-cert]:
Key Store Type (JKS/PKCS12) [JKS]:
Key Store File [config/keystore]:
Key Store PIN File [config/keystore.pin]:


[root@directorysrv1 bin]#
3. Installing additional libraries
You can install on Virtual Directory Server libraries (jar files) to extend functionalities. These libraries cover a range of different functions, including JDBC drivers, custom adapters, custom modules, and other third party libraries.


1. Copy the JAR files into the /opt/vd-server-2.0/lib/ext/ directory; for example:


[root@directorysrv1 /]# cp /export/myjdbc.jar /opt/vd-server-2.0/lib/ext/myjdbc.jar
2. Is necessary restart the Virtual Directory Server.


4. Uninstalling Penrose Server
The Virtual Directory Server packages can be uninstalled using package management tools, the same as used to install it.


To remove the Server, use the -e option with rpm:


[root@directorysrv1 bin]# rpm -ev vd-server-2.0-1.i386.rpm
5. Starting Penrose Server
1. Virtual Directory is started by running a shell script /opt/vd-server-2.0/bin/vd-server.sh. For example:


[root@directorysrv1 /]# cd /opt/vd-server-2.0/bin
[root@directorysrv1 bin]# ./vd-server.sh
[12/02/2010 01:40:11.693] VD Server is ready.
2. To stop the server, simply close the script.


6. Starting Penrose Server as a linux service
The Virtual Directory can be stopped, started, and restarted using system tools on CentOS. Init scripts are included with the configuration files with Virtual Directory Server.


1. Log into the Virtual Directory Server host machine as root user.


2. Open the Virtual Directory init script directory.


[root@directorysrv1 /]# cd /opt/vd-server-2.0/etc/init.d
3. Edit the /opt/vd-server-2.0/etc/init.d/vd-server script so that the Virtual Directory Server home and script locations are correct. For example:


VD_SERVER_HOME=/opt/vd-server-2.0
VD_SERVER_SCRIPT=$VD_SERVER_HOME/bin/vd-server.sh
4. Copy the init file to the /etc/init.d/ directory.


[root@directorysrv1 /]# cp /opt/vd-server-2.0/etc/init.d/vd-server /etc/init.d/
5. Make the init script executable.


[root@directorysrv1 /]# chmod +x /etc/init.d/vd-server
6. Test the new Virtual Directory service.


[root@directorysrv1 /]# service vd-server start
Starting vd-server: [ OK ]
[root@directorysrv1 init.d]# [12/03/2010 10:24:31.782] VD Server is ready.
[root@directorysrv1 init.d]#
After setting Virtual Directory Server up as a service, it can be managed using the service on CentOS:


[root@directorysrv1 /]# service vd-server {start|stop|restart}
7. Connect to Penrose Server LDAP interface

More Here


Courtesy:http://holisticsecurity.wordpress.com/2010/12/22/authentication-penrose-directory-liferay/