Escolar Documentos
Profissional Documentos
Cultura Documentos
Note
If you have any feedback about inaccuracies or improvements, you can submit them via Disqus comment at
the bottom of each page.
This guide is designed for:
System Administrators who want to use, deploy and manage the eXo Platform system in their enterprises.
Developers who want to know how to leverage eXo Platform in their customer projects.
Throughout the guide, you can do many administrative tasks when implementing eXo Platform. The administration of eXo
Platform is categorized into the followings:
Installation and Startup
Information about system requirements and profiles, as well as how to install the Tomcat bundle and JBoss EARs.
Add-ons Management
Introduction to eXo Add-ons Manager, how to manage eXo add-ons via Command Line Interface, details of eXoproductized add-ons, and how to deploy your own add-on in eXo Platform 4.1.
Configuration
Understanding of configuration related to cache, users and gadget proxy, file system paths, WebDAV Cache Control,
OpenOffice Server, Logs, and JCR.
Database
Introduction to a database configuration, steps to connect to a production database, and FAQs of database
configuration.
Deployment
How-Tos of removing sample applications, deploying a custom extension, setting up Apache Front-end and
configuring the session timeout for the web server.
JMX/REST Management
How to manage eXo Platform via JMX and REST Services.
Clustering
Changes related to clustering, which are necessary for eXo Platform to work in the cluster mode.
LDAP Integration
How to integrate eXo Platform with LDAP (OpenLDAP, MS Active Directory and others).
Backup and Restore
How to back up and restore database and file systems for the JCR index and value storage.
Upgrade
A list of prerequisites, how to upgrade to a new version of eXo Platform 4.1, best practices, and properties mapping
from 4.0 to 4.1.
Security
Instructions related to security configuration, including: JAAS Realm, Gadget proxy, HTTPS and "Remember My
Login" token.
1
1
2
3
4
19
20
21
22
23
23
24
26
26
27
28
31
31
32
32
33
34
36
37
40
43
46
47
50
50
52
53
55
55
56
58
59
61
61
62
63
63
65
p.ii
Administrator Guide
66
66
67
68
69
70
70
72
74
77
77
79
80
80
81
83
85
87
89
p.iii
Administrator Guide
Memory: The eXo Platform package is optimized with default settings: max heap size = 4GB, non-heap size =
256MB and max perm size = 512MB; so the available memory should be at least 4GB. It is recommended you have
a memory of 8GB (4GB free for database services and file system caches).
Java 7+: JDK 7 is required. Set the JAVA_HOME environment variable to point to your JDK installation.
Browser Compatibility:
Operating system
Browser (recommended)
Browser (compatible)
Windows
Internet Explorer 11
Internet Explorer 9+
Firefox 19+
Chrome 17+
Firefox 19+
Linux
Mac OX
Firefox 19+
Chrome 17+
p.1
Note
The eXo server will run on the port 8080 by default, so make sure this port is not currently in use or configure
eXo Platform to use another port.
See also
Startup profile
Linux/OS X: $PLATFORM_TOMCAT_HOME/start_eXo.sh
Windows: %PLATFORM_TOMCAT_HOME%\start_eXo.bat
The server is started successfully when you see a message like this:
Linux/OS X: $PLATFORM_TOMCAT_HOME/stop_eXo.sh
Windows: %PLATFORM_TOMCAT_HOME%\stop_eXo.bat
If you still see the process running, you may forcefully stop it. There are several ways: using Task Manager (Windows), or
running stop_eXo.sh -force (Linux/OS X), or using kill -9 command (Linux/OS X).
Starting up eXo Platform in the Dev/Debug mode
In eXo Platform, the Debug mode is generally like other Java applications using JDWP, whereas the Dev mode is specific
for debugging JavaScript, CSS and configurations.
To start eXo Platform in the Debug mode, use the --debug option:
p.2
The --debug option actually adds a JVM option to the Java process:
-agentlib:jdwp=transport=dt_socket,address=8000,server=y,suspend=n
To start eXo Platform in the Dev mode, use the --dev option. This option adds two JVM options:
-Dorg.exoplatform.container.configuration.debug
-Dexo.product.developing=true
Note
The Debug and Dev modes are turned off by default and are not recommended in production environment
because of performance impact. See more details in Developer guide.
See also
Troubleshooting
Have JBoss EAP 6.2 extracted in $PLATFORM_JBOSS_HOME. You can download this package here.
Have the eXo Platform package for JBoss EAP downloaded into your local.
2.
Note
This step will overwrite some files of JBoss EAP with new files of eXo Platform.
3.
Optionally, if you want to customize the JVM Options, create a copy of $PLATFORM_JBOSS_HOME/bin/
standalone-customize.sample.conf on Linux or $PLATFORM_JBOSS_HOME/bin/standalonecustomize.sample.conf.bat on Windows. Rename the copy to standalone-customize.conf (or
standalone-customize.conf.bat on Windows), then edit it with your JVM Options.
4.
On Linux and OS X:
$PLATFORM_JBOSS_HOME/bin/standalone.sh
On Windows:
p.3
%PLATFORM_JBOSS_HOME%\bin\standalone.bat
The server starts up successfully when you see the following message in your log/console:
INFO [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.1.0.GA (AS 7.2.0.Final-redhat-8) started in 111437ms - Started
2405 of 2630 services (223 services are passive or on-demand)
5.
On Linux and OS X:
On Windows:
The server stops successfully when you see the following message in your log/console:
INFO [org.jboss.as] (MSC service thread 1-6) JBAS015950: JBoss EAP 6.1.0.GA (AS 7.2.0.Final-redhat-8) stopped in 2576ms
See also
Troubleshooting
$PLATFORM_TOMCAT_HOME/bin/setenv.bat
$PLATFORM_TOMCAT_HOME/bin/setenv-customize.bat
Except their syntax, .sh and .bat versions are the same.
In JBoss, the scripts are:
p.4
Basic Customization
Variables in the customized script, if they exist, override variables in the default script.
If the customized script does not exist, variables in the default script take effect.
For safety, you should not modify the default script. Any customization should be done by the customized script.
2.
Find the variable that you want to customize, uncomment it (by removing '#' in the .sh file or "REM" in the .bat file)
and edit its value.
Use # to comment out a line in .sh, and REM in .bat. To comment out a block:
:<<old_configurations
EXO_JVM_SIZE_MAX="1g"
EXO_JVM_SIZE_MIN="1g"
old_configurations
In .bat, use the pair of GOTO LABEL and :LABEL. For example:
GOTO old_configurations
SET EXO_JVM_SIZE_MAX=1g
SET EXO_JVM_SIZE_MIN=512m
:old_configurations
Basic Customization
Advanced Customization
In .sh: variable_name=variable_value.
JVM configuration
p.5
Basic Customization
Configuration
Description
JAVA_HOME="/opt/java/jdk6"
EXO_JVM_VENDOR="IBM"
This configuration (for Tomcat only) is here because IBM Java requires different
XML Parser library. Do not uncomment it unless you are using IBM Java.
EXO_JVM_SIZE_MAX="4g"
JVM memory settings. Their combination equals -Xmx4g -Xms1g XX:MaxPermSize=128m, in which EXO_JVM_SIZE_MAX equals Xmx.
EXO_JVM_SIZE_MIN="1g"
EXO_JVM_PERMSIZE_MAX="128m"
EXO_JVM_USER_LANGUAGE="fr"
EXO_JVM_USER_REGION="FR"
Uses "g" for Gigabytes and "m" for Megabytes. It is possible to set the same
value for EXO_JVM_SIZE_MAX and EXO_JVM_SIZE_MIN.
JVM locale settings. Their combination equals -Duser.language=fr Duser.region=FR.
The default language is "en", the default region is "US". A full list of valid
language codes can be found at IANA Language Subtag Registry.
EXO_DEBUG=true
EXO_DEBUG_PORT="8000"
Platform configuration
Configuration
Description
EXO_PROFILES="all,myOwnProfile"
EXO_CONF_DIR="/opt/ciagent/.eXo-platform/conf"
EXO_DATA_DIR="/opt/jenkins/.eXo-platform/data"
EXO_DEV=true
EXO_JCR_SESSION_TRACKING=true
Logs configuration
Tomcat only. The logs configuration is to control how often, which kind of message/event to be written to the log stream
(screen or log files), and their format. Configuring logs is more than a trivial task, however eXo Platform tries to ease it by
exposing 3 variables that you can customize:
Configuration
Description
EXO_LOGS_LOGBACK_CONFIG_FILE="$CATALINA_BASE/conf/
logback.xml"
EXO_LOGS_DISPLAY_CONSOLE=true
p.6
Advanced Customization
Configuration
Description
EXO_LOGS_COLORIZED_CONSOLE=true
Tomcat configuration
Configuration
Description
CATALINA_PID="$CATALINA_BASE/temp/catalina.pid"
EXO_TOMCAT_UNPACK_WARS=true
JBoss configuration
Configuration
Description
MAX_FD="maximum"
PROFILER=""
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.lockless=false"
JAVA_OPTS="$JAVA_OPTS -Djboss.modules.metrics=true"
Parameter
Description
-XX:+HeapDumpOnOutOfMemoryError
By appending -XX:
+HeapDumpOnOutOfMemoryError to
CATALINA_OPTS, you will have a dump
file which is usable to analyze why JVM
-XX:HeapDumpPath=\"${CATALINA_HOME}/logs/\"
-XX:+PrintGCDetails
-Xloggc:\"${CATALINA_HOME}/logs/gc.log\"
-Dcom.sun.management.jmxremote=true
p.7
Startup profiles
Parameter
Description
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.password.file=
\"${CATALINA_HOME}/conf/jmxremote.password\"
-Dcom.sun.management.jmxremote.access.file=
\"${CATALINA_HOME}/conf/jmxremote.access\"
-Djava.rmi.server.hostname=localhost
-DJDBCWorkspaceDataContainer.statistics.enabled=true DJCRStatisticsManager.persistence.timeout=30000
-Dcrash.telnet.port=12345
-Dcrash.ssh.port=54321
For JBoss, similar variables can be customized by appending JAVA_OPTS, for example:
Warning
Before modifying and developing eXo Platform, you should choose carefully the profiles that are suitable
to your requirements. In particular, after you have done any modifications/developments on the server that
you started up with your selected profiles, and then switched to another new profiles, you will not see such
modifications/developments on eXo Platform.
Some eXo Platform 3.5 profiles are no longer available in eXo Platform 4, including: default, collaboration, social,
knowledge, webos, workflow. Currently, eXo Platform only supports the following profiles:
all: Activate all modules (such as Forum, Wiki, Calendar, Social). This profile is enabled by default.
EXO_PROFILES="minimal"
<system-properties>
p.8
See also
System requirements
During the trial period, the message of the trial banner is "You have XX days left in your evaluation" where XX is the
number of days left for your trial.
After the trial period, the trial banner turns into red with the "Your evaluation period has expired XX days ago" text
where XX is the number of days as from the expired trial.
Click Buy a Subscription on the trial banner to open the Unlock Evaluation screen.
2.
In Step 1, clicking the subscription plan link opens a new page that contains the subscription plan for you to
refer. According to your needs and your choice, you have to contact the eXo Platform sales representatives via
the Contact Us and purchase a subscription.
p.9
Troubleshooting
In Step 2, clicking Request Key opens a new page. Here you need to fill the fields to get an unlock key. The red
asterisk (*) indicates a mandatory field.
Note
The Product Code field is preset with the value which is editable. You can use the generated Product
Code or replace it by a new one provided by your account manager.
Continue clicking Submit to send your request to the eXo Platform Sales team.
When you receive the key from the eXo Platform sales representatives, you can come back to this form to finish
your subscription. At Step 3, enter the unlock key, then click Unlock.
This function validates your entered unlock key against the product code. If the key is invalid, it displays a
message like "Sorry this evaluation key is not valid". If the key is valid, it redirects you to the page you were
before you click Buy a Subscription.
1.7. Troubleshooting
This troubleshooting page aims at solving problems you may encounter when installing and starting up eXo Platform. For
more discussions, refer to eXo Community Forum.
Failure message: "Cannot find ./bin/catalina.sh"
In Linux, you may get this message when starting eXo Platform:
p.10
Troubleshooting
The reason is you do not have the execute permission on the ./bin/catalina.sh file. To fix this problem, run the
command below:
chmod +x ./bin/catalina.sh
Also, make sure you have the execute permission on all .sh files.
Failure message: "Too many open files"
You get this message when starting eXo Platform:
The problem often occurs in the Linux system because the limit of file descriptors is set too low. To solve this, increase
the limit of file descriptors. Make sure the limit is big enough at both system and user levels:
At system level
1.
sudo vi /etc/sysctl.conf
2.
Add or modify the following line so that its value is big enough, for example, 200000 or 300000:
fs.file-max=300000
Warning
Be careful when you edit this file. Set the number too small may cause your system malfunction.
3.
sudo sysctl -p
4.
At user level
1.
2.
Add or modify the following line so that its value is big enough, for example 200000 or 300000:
3.
ulimit -n
p.11
Troubleshooting
The problem occurs when the default port 8080 is already used by another process. To solve it, make sure that the port
8080 is not used by another process, or configure eXo Platform to use another free port.
Checking the port status
Use the following Linux commands:
tcp
0 0.0.0.0:8080
0.0.0.0:*
LISTEN
COMMAND PID
java
In Tomcat, edit the $PLATFORM_TOMCAT_HOME/conf/server.xml file and change 8080 into another port, at the
following line:
Note
In addition to the port 8080, eXo Platform may use some others, such as 8009, 8443. You always can manage
those ports in the same way as above.
Out Of Memory Error
You get this message when starting eXo Platform:
p.12
Troubleshooting
At the same time the Java process crashes and creates a dump file.
The problem occurs when your Java Virtual Machine runs out of memory. You probably think of the same reason even if
you do not get this message, but your eXo Platform instance runs slowly or does not operate well.
To solve it, you should increase memory settings for the Java Virtual Machine. The default settings are fairly enough:
-Xms512m -Xmx3g -XX:MaxPermSize=256m if your data is not huge. Otherwise, for example you have thousands of
users and store many Gigabytes of documents, you should increase those settings.
It can be done by uncommenting and editing the following lines in the customized script:
EXO_JVM_SIZE_MAX="4g"
EXO_JVM_SIZE_MIN="1g"
EXO_JVM_PERMSIZE_MAX="128m"
SET EXO_JVM_SIZE_MAX=4g
SET EXO_JVM_SIZE_MIN=512m
SET EXO_JVM_PERMSIZE_MAX=128m
The physical memory is not enough to allocate memory for the VM. By default the memory requested by eXo
Platform is -Xms512m -Xmx3g -XX:MaxPermSize=256m, then it requires 512 megabytes for Heap memory.
You are using a 32-bit Java version on a 32-bit OS, so the Heap size may be limited (less than 2G as recommended
by Oracle and IBM).
To solve it, you should decrease memory settings for the Java Virtual Machine. The default settings fit medium size of
data. If your data is less, you can use lower settings.
The instructions for setting memory are given in this page already.
See also
System requirements
p.13
When running the addon script only, you can view different sets of commands, arguments and options. The global syntax
is in the format addon [command] [arguments] [options], where:
[command] is either of: list, install, uninstall, describe.
[arguments] are ones specific to an add-on (Id and version).
[options] are switch options that can be global or specific to the command (started with -- or -).
Also, you could add the following useful options:
--help / -h - Views all the needed information of the command line program.
--verbose / -v - Prints the verbose log for debugging/diagnostic purpose.
p.14
Add-ons Management
Listing add-ons
By walking through the following topics in this chapter, you will know how to manage add-ons in eXo Platform via the CLI:
Listing add-ons
Describing add-ons
Installing/Uninstalling add-ons
addon list [--snapshots] [--unstable] [--installed] [--outdated] [--catalog=$URL] [--no-cache] [--offline] [--verbose] [--batch-mode]
With the addon list command (without any options), only add-ons that have at least one stable version are
displayed. And for each listed add-on, only the last stable version is displayed.
Also, add the following options:
--snapshots
Displays add-ons that have stable or development versions. For each listed addon, only the last stable and the last development versions are displayed.
--unstable
Displays add-ons that have stable or unstable versions. For each listed add-on,
only the last stable and the last unstable versions are displayed.
--installed
Displays add-ons (including stable and development versions) that are already
installed in eXo Platform.
p.15
Add-ons Management
Describing add-ons
--outdated
Displays stable add-ons that have newer versions than ones installed in eXo
Platform - based on the aether generic version order.
--no-cache
--offline
Displays add-ons by the cached and local catalogs (without the network access).
--catalog=$URL
--no-compat
--batch-mode
Displays add-ons without the ASCII art logo (eXo art text displayed right after the
command on the CLI).
To view information about a specific version of the add-on, simply add the addonVersion right to the addonId. The usage
of the options listed in the above syntax is in the same way as the list command.
addon install addonId [--snapshots] [--unstable] [--force] [--no-compat] [--conflict=skip|overwrite] [--catalog=$URL] [--no-cache] [--offline] [-verbose] [--batch-mode]
Or:
p.16
Add-ons Management
Installing/Uninstalling add-ons
addon install addonId:addonVersion [--force] [--no-compat] [--conflict=skip|overwrite] [--catalog=$URL] [--no-cache] [--offline] [--verbose][--batchmode]
Note
Some eXo add-ons require the end-users to accept terms of a license agreement before installation. So, after
clicking the install command on the CLI, remember to hit Enter key (for several times) to continue, and
finally type "Yes" on the CLI to accept the license agreement. You can get out of these interactions by adding
the --batch-mode option that allows the complete auto-installation.
By using the addon install addonId command only, the most recent stable version of the add-on is installed.
Also, add the following options:
--snapshots
Installs the most recent development version of the add-on. However, if the last
stable version of this add-on is more recent than the last development one, the
last stable one will be installed.
--unstable
Installs the last unstable version of the add-on, based on the aether generic
version order. However, if the last stable version of this add-on is more recent
than the last unstable one, the last stable one will be installed.
:addonVersion
--no-compat
Installs the add-on that ignores the compatibility check of application servers,
editions and version range declared in each catalog entry (corresponding
to supportedApplicationServers, supportedDistributions and compatibility
respectively). This option is often used when you meet error messages of the
compatibility (for example, app server not supported, distribution enterprise
required, not compatible to {eXoplatform_version}).
--conflict=skip|overwrite
Installs the add-on that ignores the files conflict. This option is used when you
meet an error message of the aborted installation.
--conflict=skip: The conflicted files are ignored with one log for each
file: "File $FILE already exists. Skipped.".
p.17
Add-ons Management
Installing/Uninstalling add-ons
--offline
Installs the add-on that already exists in the local archives without
downloading. You will get an informational message: "Using addonId archive
from local archives directory.".
--force
--catalog, --no-cache
Uninstalling an add-on
Use the uninstall command to remove an add-on that is already installed, regardless of its stable or development
version.
p.18
Add-ons Management
Chapter 3. Configuration
Chapter 3. Configuration
This chapter covers the following topics:
Configuration overview
How to change default configurations of eXo Platform 4.1 via exo.properties.
eXo Platform configuration
Explanation of eXo Platform configuration, its directory and some parts of eXo Platform internals.
Data directory configuration
Explanations of several paths in the local file system.
Transaction service
Information about the default timeout value of JCR transaction, and the value when your application runs longer
transactions.
Account setup
How to skip the Account Setup and Greetings! screens in eXo Platform.
Outgoing mail service
The SMTP configurations required for sending emails.
Changing sender information of email notification
Configuration about sender from which all email notifications are sent.
Subscribing to notifications of document changes
The email configuration for watching a document.
WebDAV configuration
Configuration of the WebDAV service.
JODConverter configuration
Instructions on how to enable and configure document preview feature that allows users to read online many
document types like MS Word.
Limiting the size of uploaded files
Instructions to configure the maximum allowed size of uploaded files.
Enabling/Disabling auto-creating a taxonomy tree
Instructions on how to enable/disable auto-creating a taxonomy tree during a new site creation.
Logs
Introduction to the logs of eXo Platform, and where to configure this function.
JCR Configuration
Details of the set of properties which control the JCR behavior.
Cache configuration
Overall introduction to the Cache configuration of eXo Platform, including: Portal, Social, and ECMS.
Predefined users, groups and memberships
The configurations for users, groups and memberships initialization.
Gadget configuration
p.19
Configuration
Chapter 3. Configuration
Configuration overview
Information about the OAuth key that will be used in case the OAuth gadgets do not indicate a key, and how to
disable the Shindig default online features.
Unified Search configuration
Configuration for enabling/disabling Fuzzy search and adjusting the similarity criterion.
Create your own .properties file that must be named exo.properties. This file contains all configurations to
be customized.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
A .properties file has no header, so you do not need to preserve the header. You can refer to exosample.properties that is provided by default but has no effect on the eXo Platform configuration. This default
file exposes all properties you can override or extend, but in comments (#). Instead of creating new, you can rename
exo-sample.properties into exo.properties, then make changes on your needed properties and remove
their comments.
2.
3.
Each property is defined on one line that conforms to the syntax: property_name=property_value.
Order of the property lines does not take any effect, but it is important that you use the exact key of each
property in exo.properties that is already exposed in exo-sample.properties or listed in this chapter.
The usage of properties and their keys are detailed in the later sections.
The text before the equal sign is the key that you should not change and the text after the equal sign is the
property's value that you can edit.
Save and restart the eXo Platform server for your changes to take effect.
Besides the capability of customizing configurations in exo.properties, you can follow in another way by
adding a system property, either in bin/setenv-customize.sample.(sh|bat) or bin/standalonecustomize.sample.conf(.bat), or in any your custom scripts. See Customizing environment variables for detailed
instructions.
Note
There are some configuration properties that will not be configurable by the system property but in
exo.properties only, including:
exo.jcr.cluster.jgroups.config
exo.idm.cluster.jgroups.config
exo.jcr.cache.config
exo.jcr.cache.config.workspace.portal-system
exo.jcr.lock.cache.config
exo.jcr.index.cache.config
p.20
Configuration
Chapter 3. Configuration
exo.cache.config.template
exo.idm.api.store.config
$PLATFORM_TOMCAT_HOME/gatein/conf (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein (JBoss).
That folder contains the following main files that you need to take care: exo.properties (if you need to override the
eXo Platform configurations); configuration.xml and portal/${PORTAL_NAME}/configuration.xml (if
having the ${PORTAL_NAME} portal container).
Note
The xml configuration is mainly done during the development phase, whereas the configuration in
exo.properties targets the deployment phase. So configurations that you want to customize should be
done in the exo.properties file.
To understand more clearly the role of those files, let's begin with the portal container concept.
The eXo Platform Kernel collects runtime components in the portal containers. A portal container holds all components to
run a portal instance. It serves pages under the servlet context for its name.
The default portal container in eXo Platform is called "portal". This explains why the default URL of the samples is http://
localhost:8080/portal. The default portal container can be configured directly inside exo.conf.dir.
eXo Platform is capable of running several portal instances simultaneously on the same server. Each instance can be
configured and customized independently via files located at: portal/${PORTAL_NAME} (under exo.conf.dir), where
${PORTAL_NAME} is the name of the portal container.
Note
The name of the configuration file can be altered. Please refer to the PortalContainer section in the Kernel
reference for more details on portal containers and other options to modify the location of the properties.
Services that run inside a portal container are declared via the xml configuration files like configuration.xml. Such
files exist in jars, wars and below exo.conf.dir.
The .xml configuration files also serve as the main way to customize the portal via the multiple plugins offered by the
eXo Platform components.
Additionally, the .xml files may contain variables that are populated via properties defined in exo.properties. Hence,
the exo.properties file serves as exposing some selected variables that are necessary to configure eXo Platform in a
server environment.
exo.properties
This file can be added to easily override or extend configurations of eXo Platform. The important variables that can
be overridden are exposed in a sample properties file named exo-sample.properties, but in comments. See
Configuration overview for more details.
p.21
Configuration
Chapter 3. Configuration
configuration.xml
This file contains the built-in configuration for the "portal" portal container.
In case you do not want to use "portal" as the default portal for your project, this file can be used to import another
PortalContainerDefinition into the root container.
Note
To learn more about how to configure a new portal container, please refer to eXo Kernel.
portal/${PORTAL_NAME}/configuration.xml
The extra configuration for the ${PORTAL_NAME} portal container if any. This is where further customizations (for
${PORTAL_NAME} portal container) can be placed. Generally, custom configurations are provided by extension
wars. However, this file is the last loaded by Kernel. It has a higher priority over any other configuration files, including
extensions. So, you can override any internal component configuration.
This may turn handy services or configurations that are not exposed in exo.properties.
JCR indexes.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
exo.jcr.storage.enabled=true
By default, these four folders are located under a common directory that is $PLATFORM_TOMCAT_HOME/gatein/data
(Tomcat) or $PLATFORM_JBOSS_HOME/standalone/data/gatein (JBoss).
In production, it is recommended to configure it to use a directory separated from the package. Especially in cluster mode,
it should be a network shared folder.
Configuration in Platform Tomcat
In Tomcat, the directory is configured by the environment variable EXO_DATA_DIR. Edit the bin/setenv-customize.
(sh|bat) script:
EXO_DATA_DIR=/mnt/nfs/shared/exo/data
p.22
Configuration
Chapter 3. Configuration
Transaction service
You need to create the script file by copying/renaming the sample bin/setenv-customize.sample.(sh|bat). See
Customizing environment variables for more information.
Configuration in Platform JBoss
In JBoss, the directory is configured by the system property exo.data.dir. Edit standalone/configuration/
standalone-exo.xml like below:
<system-properties>
...
<property name="exo.data.dir" value="/mnt/nfs/shared/exo/data"/>
...
</system-properties>
Note that if you are configuring the cluster mode, the configuration might be different. The file should be standaloneexo-cluster.xml and the property should be exo.shared.dir. See Setting up eXo Platform cluster.
See also
Database
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
exo.jcr.transaction.timeout=3600
See also
JCR Configuration
p.23
Configuration
Chapter 3. Configuration
To skip these screens, simply change the default value from "false" into "true" in the following files. See Configuration
overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
exo.accountsetup.skip=true
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
Here is the default configuration (it will not work of course, you will need to edit it):
Read the inline comments to understand each property. Here are some remarks:
You need to provide SMTP server host/port, a username/password to be authenticated by that server. Others are
optional.
Typically, administrators want to mask the From field in the system emails with something like noreply@exoplatform.com so that the receivers recognize it is robotic. Many SMTP services allow you to set From field
in outgoing emails to another email address than the authenticated account. That's why here you see the property
exo.email.smtp.from.
If this parameter is not valid, the value of exo.email.smtp.username will be used instead.
p.24
Configuration
Chapter 3. Configuration
If you want to use SMTP gateway over SSL, configure a certificate truststore containing your SMTP server's public
certificate. Depending on the key sizes, you may then also need to install Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files for your Java Runtime Environment.
exo.email.smtp.from=noreply@exoplatform.com
exo.email.smtp.host=smtp.gmail.com
exo.email.smtp.port=465
exo.email.smtp.starttls.enable=true
exo.email.smtp.auth=true
exo.email.smtp.username=exo.test100@gmail.com
exo.email.smtp.password=***
exo.email.smtp.socketFactory.port=465
exo.email.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory
Enable POP and IMAP for that account. This can be done simply in your Gmail settings, see the screenshot below.
Note
In case of Gmail, exo.email.smtp.from must be a real account that you own. It does not need to
be a Gmail account, as you can guess by the sample. You will configure your main account (that is
exo.email.smtp.username) to add this from email as another "send as".
To do so, follow this guide of Google.
p.25
Configuration
Chapter 3. Configuration
In case the from parameter is not valid, it does not fail the email sending and the main account will be displayed instead.
See also
Directly inline, via the Email Notifications Administration page. In this way, you can change the sender information
easily and quickly. See the Email notification administration section for more details.
Via some properties in the following files. See Configuration overview for how-to.
o
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
exo.notification.portalname=eXo
exo.email.smtp.from=noreply@exoplatform.com
In which:
o
Note
To get the email notification feature work, you first need to configure Outgoing mail service first.
To customize the email notification, simply add the following properties in the file. See Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
In which:
p.26
Configuration
Chapter 3. Configuration
WebDAV configuration
Property
Default value
Description
exo.ecms.watchdocument.subject
exo.ecms.watchdocument.mimetype
text/html
exo.ecms.watchdocument.content
Dear
$user_name,<br><br>The
document $doc_name
($doc_title) has
changed.<br><br>Please go to
<a href="$doc_url">$doc_title</
a> to see this change.<br><br>
See also
The values you see in the code above are the default values. Here is a brief description of each parameter:
exo.webdav.def-folder-node-type
exo.webdav.def-file-node-type
exo.webdav.def-file-mimetype
p.27
Configuration
Chapter 3. Configuration
JODConverter configuration
exo.webdav.update-policy
exo.webdav.auto-version
exo.webdav.folder-icon-path
exo.webdav.cache-control
This determines the live time of the caches for each type
of responses. Use no-cache if you want a type to be not
cached.
See also
Cache configuration
Note
Currently, JODConverter does not connect to LibreOffice 4 on Windows. This is a known issue reported by
eXo.
Installing OpenOffice/LibreOffice
Follow OpenOffice guideline or LibreOffice guideline to install.
Note that those softwares might be installed in some Linux distributions by the OS already.
Note
JODConverter is already built in eXo Platform, so you do not need to install it.
p.28
Configuration
Chapter 3. Configuration
JODConverter configuration
Sigar Framework
In Windows, Sigar is recommended. JODConverter uses Sigar - if available - to manage Office processes. Without Sigar,
there is possibility that Office processes are not stopped successfully when you shut down eXo Platform, and it causes
problem in your next start.
So download the following files and install them to the lib folder ($PLATFORM_TOMCAT_HOME/lib in Tomcat or
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib in JBoss):
sigar.jar
JODConverter version
eXo Platform uses JODConverter v3.0 that enhances processing different file types much.
Activating and deactivating
JODConverter is activated by default. You can deactivate it (and consequently not use the preview feature) by setting
exo.jodconverter.enable=false in the following file:
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
Configurations
Note
In most cases, you do not need to configure JODConverter because it can work with default configurations.
However, if you are using OpenOffice 4 (or later), or have installed the Office server untypically, you will need
to specify exo.jodconverter.officehome by yourself. See Specifying exo.jodconverter.officehome [30].
JODConverter configurations can be edited in the following files. See Configuration overview if the file has not been
created yet.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
# JOD Converter
exo.jodconverter.enable=true
exo.jodconverter.portnumbers=2002
exo.jodconverter.officehome=
exo.jodconverter.taskqueuetimeout=30000
exo.jodconverter.taskexecutiontimeout=120000
exo.jodconverter.maxtasksperprocess=200
exo.jodconverter.retrytimeout=120000
Key
Default value
Description
exo.jodconverter.portnumbers
2002
exo.jodconverter.officehome
See here
p.29
Configuration
Chapter 3. Configuration
JODConverter configuration
Key
Default value
Description
exo.jodconverter.taskqueuetimeout
30000
exo.jodconverter.taskexecutiontimeout
120000
exo.jodconverter.maxtasksperprocess
200
exo.jodconverter.retrytimeout
120000
Specifying exo.jodconverter.officehome
Again, the default configuration should work in many cases. Most likely you need to change it for OpenOffice 4.
Note
Note that EXO_JODCONVERTER_OFFICEHOME variable is not used as of 4.1.0. The customize script does not
overlap JODConverter configuration anymore, so only use exo.properties for it.
Here are some examples of the property:
In Linux: exo.jodconverter.officehome=/opt/openoffice4
Note
Remember to use double slash (\\) for Windows.
In Linux, if you do not know the path, you might check the followings:
/opt/openoffice.org3
/opt/libreoffice
/usr/lib/openoffice
/usr/lib/libreoffice
Services details
To support as many as possible document types, it is recommended you install all available services of Open Office.
However, if you do not want to do so, refer to the following table to know which packages are needed for which services.
File extensions
Service names
doc
writer
openoffice.org-writer
libreoffice-writer
math
openoffice.org-math
libreoffice-math
docx
odt
odf
p.30
Configuration
Chapter 3. Configuration
File extensions
Service names
odg
draw
openoffice.org-draw
libreoffice-draw
odp
impress
openoffice.org-impress
libreoffice-impress
calc
openoffice.org-calc
libreoffice-calc
ppt
pptx
ods
ots
xls
xlsx
xlt
See also
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
For example:
exo.ecms.connector.drives.uploadLimit=300
Note
As of 4.1, this configuration also takes effect on files uploaded from Activity Stream (using the Share function).
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
p.31
Configuration
Chapter 3. Configuration
Logs
By default, the parameter is set to false, it means the creation of a taxonomy tree is disabled when you create a new
site.
To enable the function, simply set the parameter to true.
3.13. Logs
The logs of eXo Platform are controlled by the Java Logging API.
By default, the logs are configured to:
$PLATFORM_JBOSS_HOME/standalone/configuration/logging.properties (JBoss).
See also
Use default values, change them only if you know what you are doing.
The configurations introduced here are a subset of JCR configurations. There are many JCR configurations which are
packed in .war files, so you have to unpack to edit them. To avoid unpacking them, the subset is externalized to be
configured easily in the following files. See Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
Repository:
exo.jcr.repository.default=repository
exo.jcr.workspace.default=collaboration
exo.jcr.workspace.system=system
In which, "repository", "collaboration" and "system" are names of default repository, default workspace and system
workspace respectively. Refer to Repository Configuration for details.
Datasource:
p.32
Configuration
Chapter 3. Configuration
Cache configuration
exo.jcr.datasource.name=java:/comp/env/exo-jcr
exo.jcr.datasource.dialect=auto
exo.jcr.db-structure-type=single
These configurations are applied to all workspaces. Refer to Workspace for details.
Jgroups:
exo.jcr.cluster.jgroups.config-url=file:${exo.jcr.cluster.jgroups.config}
This externalizes the jgroups-configuration parameter of all workspace caches, query-handlers and lock-managers.
Refer to Workspace for details.
Value Storage:
exo.jcr.storage.enabled=true
This externalizes the enabled property of file system value-storage (that is configured at workspace level). The true
value (default) means all binary values are stored in file system. The false value means all binary values are stored
in the database. Refer to Value Storage plugin for data container for details.
See also
Note
More details about the eXo Platform caches can be found in:
See also
Gadget configuration
p.33
Configuration
Chapter 3. Configuration
Portal caches
MOPCache [35]
NavigationCache [35]
DescriptionCache [35]
PageCache [35]
TemplateCache [36]
ResourceBundleCache [36]
These Portal caches can be overridden in the following files. See Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
p.34
Configuration
Chapter 3. Configuration
Portal caches
exo.cache.portal.ResourceBundleData.liveTime=-1
$PLATFORM_TOMCAT_HOME/webapps/portal.war!/WEB-INF/conf/portal/portalconfiguration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/
exo.portal.web.portal.war!/WEB-INF/conf/portal/portal-configuration.xml (JBoss).
$PLATFORM_TOMCAT_HOME/webapps/platform-extension.war!/WEB-INF/conf/platform/cacheconfiguration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/platform-extensionwebapp.war!/WEB-INF/conf/platform/cache-configuration.xml (JBoss).
MOPCache
The MOPCache caches all model objects of the portal (MOP), such as sites, pages and preferences. When the cached
MOP objects are called, they will be directly retrieved from cache rather than the database.
The maximum heap size cannot be calculated exactly because the MOPCache caches many types of MOP objects
that are different in size.
NavigationCache
The NavigationCache caches data of navigation. When the cached navigation is accessed, it will be retrieved from
cache rather than the database.
The size of each cached navigation is dependent on length of its string field. The navigation size is often less than
250 bytes, so the maximum heap size equals to the cache size multiplied by 250 bytes.
DescriptionCache
The DescriptionCache caches a pair of name-description. Accordingly, the cached pair of name-description will be taken
directly from cache rather than the database.
The cached pair of name-description is invalidated when the data of this name-description pair is modified or
destroyed.
The maximum heap size is dependent on length of name and description of each pair stored in cache. The size of a
name-description pair is often less than 200 bytes, so the maximum heap size equals to the cache size multiplied by
200 bytes.
PageCache
The PageCache caches data of a page when one user visits it for the first time. When the cached page is visited, it will be
loaded from cache rather than the database.
p.35
Configuration
Chapter 3. Configuration
Commons caches
The cached page is invalidated when the page is destroyed. When the page is modified, its new data will be updated
into cache.
The maximum heap size is dependent on some dynamic attributes of a page, for example, site name that contains
the page, length of access/edit permission, display name of page.
TemplateCache
The TemplateCache caches all Groovy templates of the portal by its template path and ResourceResolver. When the
cached template is called, it will be loaded from cache rather than the database or the file system.
The maximum heap size is dependent on length of Groovy template. The size of a Groovy template is often less than
100KB, so the maximum heap size equals to the cache size multiplied by 100KB.
ResourceBundleCache
The ResourceBundleCache caches all resource bundles by name and locale. When the cached resource bundle is
called, it will be directly loaded from cache rather than the database or the file system.
The maximum heap size is dependent on the size of resource bundle. The size of a resource bundle is often less
than 100KB, so the maximum heap size equals to the cache size multiplied by 100KB.
$PLATFORM_TOMCAT_HOME/lib/commons-component-common-X.Y.Z.jar!/conf/portal/
configuration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/lib/commons-componentcommon.jar!/conf/portal/configuration.xml (JBoss).
SettingCache
The SettingCache caches the setting value for all contexts and all scopes. When any users ask for the cached setting
value, it will be retrieved from cache rather than the database.
p.36
Configuration
Chapter 3. Configuration
ECMS caches
Each entry of cache is a pair and key is a composite key(Context context, Scope scope, String key). The value is
String, Double, Long or Boolean. In reality, the size of these values should be less than 100 bytes, so the maximum
heap size equals to the cache size multiplied by 400 bytes.
WCMDriveCache [38]
ScriptCache [38]
FragmentCache [38]
TemplateCache [39]
InitialWebContentCache [39]
PDFCache [39]
SEOCache [39]
These ECMS caches are handled by various cache services and plugins that can be overridden in the exo.properties
file.
p.37
Configuration
Chapter 3. Configuration
ECMS caches
$PLATFORM_TOMCAT_HOME/webapps/ecm-wcm-core.war!/WEB-INF/conf/wcm-core/core-servicesconfiguration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/ecms-core-webapp.war!/WEBINF/conf/wcm-core/core-services-configuration.xml (JBoss).
$PLATFORM_TOMCAT_HOME/webapps/ecm-wcm-extension.war!/WEB-INF/conf/wcm-extension/wcm/
seo-configuration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/ecms-packaging-wcmwebapp.war!/WEB-INF/conf/wcm-extension/wcm/seo-configuration.xml (JBoss).
WCMDriveCache
The WCMDriveCache caches visited drives of Sites Explorer by their names. When any users visit the cached drives,
these drives will be directly retrieved from cache rather than the database.
An item of drive cache contains: name, workspace, homePath, permission, view, icon, allowcreatefolders,
viewReferences, viewNondocument,viewSidebar,showHiddenNode.
The first 7 elements are of String and their length often should not be greater than 1000.
The last 4 elements are of Boolean and the size of each element is 1 byte.
Thus, the maximum heap size equals to the cache size multiplied by 7004 bytes.
ScriptCache
The ScriptCache caches the script objects. When there are any requests for cached scripts, these scripts are taken from
cache rather than the database.
The maximum heap size equals to the cache size multiplied by size of the script object.
FragmentCache
p.38
Configuration
Chapter 3. Configuration
ECMS caches
The FragmentCache caches content of SCVs and CLVs. When any users call for these cached portlets, these portlets
will be retrieved from cache rather than the database.
The FragmentCache is invalidated when SCVs and CLVs are switched from the edit to the live mode.
The maximum heap size consumed by the cache: cache size multiplied by size of SCVs/CLVs (the SCVs/CLVs size
is unlimited).
TemplateCache
The TemplateCache caches the list of document nodetypes. When any users call for the cached document nodetypes,
data will be retrieved from cache rather than the database.
The maximum heap size consumed by the cache is unlimited. However in reality, the TemplateCache often caches
node names only, so the maximum heap size is often less than 10KB.
InitialWebContentCache
The InitialWebContentCache caches the artifact (node) that is necessary to deploy to a new portal. When the cached
artifact is called, it will be read and returned from cache rather than the database.
The InitialWebContentCache is never invalidated because the initial artifact is never changed.
The maximum heap size equals to the total size of all artifacts.
PDFCache
The PDFCache caches the path to a specific page in a specific PDF file. In eXo Platform, when a user views an Office
document or PDF file, the viewed page is extracted into a PDF file, and REST is used to return that file content to client
browser. When the cached page is called, its data will be taken from cache (based on the page path) rather than the
database.
The PDFCache size equals to the number of document pages viewed by users.
The maximum heap size equals to the cache size multiplied by 200 bytes (supposing that the longest file path is 200
characters in reality).
SEOCache
The SEOCache caches the SEO metadata of all pages in all sites. When the SEO metadata of these cached pages are
called, the created pages will be got based on the page path from cache rather than the database.
The SEOCache size equals to the number of pages to which the SEO metadata is added.
Each Metadata object contains: 8 String objects (including uri, rbcontent, keywords, description, title, frequency,
fullStatus, pageReference). Their length is usually less than 100 characters.
One float (4 bytes) object priority and one boolean (1 byte) object sitemap.
p.39
Configuration
Chapter 3. Configuration
Social caches
Thus, the total heap size equals to the cache size multiplied by 805 bytes.
IdentityCache [41]
RelationshipCache [42]
SpaceCache [42]
ActivityCache [42]
You can change values of these Social caches in the following files. See Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
In particular:
p.40
Configuration
Chapter 3. Configuration
Social caches
$PLATFORM_TOMCAT_HOME/webapps/social-extension/WEB-INF/conf/social-extension/social/
cache-configuration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/social-extension-war.war!/
WEB-INF/conf/social-extension/social/cache-configuration.xml (JBoss).
IdentityCache
The IdentityCache caches information related to identities, such as index, count or profile. When any users view or take
actions on users/spaces or activity page that contains the cached identity information, information will be directly retrieved
from cache rather than the database.
p.41
Configuration
Chapter 3. Configuration
Social caches
RelationshipCache
The RelationshipCache caches relationship information of users in the social networking. Any connection status
(connection, pending, invitation, suggestion and count of relationships) is cached. When any users ask for these cached
relationships, their information will be retrieved from cache rather than the database.
The RelationshipCache is invalidated when the connection is changed/removed or when a new connection is
added.
SpaceCache
The SpaceCache caches all information of spaces, including the count and space references. When any users visit the
cached spaces, their information will be retrieved from cache rather than the database.
ActivityCache
The ActivityCache caches information related to activities, such as the count of activities. When any users visit the
cached activities, information of these activities will be retrieved from cache rather than the database.
The ActivityCache is invalidated when the activity is deleted or updated (a new comment is added to the activity).
p.42
Configuration
Chapter 3. Configuration
Forum caches
UserProfilesCache [44]
CategoriesCache [44]
ForumsCache [45]
TopicsCache [45]
PostsCache [45]
WatchesCache [45]
ObjectNameDataCache [46]
MiscDataCache [46]
BBCodeCache [46]
You can override these Forum caches in the following files. See Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
In particular:
p.43
Configuration
Chapter 3. Configuration
Forum caches
exo.cache.forum.ForumData.TimeToLive=-1
# Forum Cache Configuration - Topic Data
# - Standalone (time to live in seconds)
exo.cache.forum.TopicData.Capacity=500
exo.cache.forum.TopicData.TimeToLive=-1
# Forum Cache Configuration - Watch List Data
# - Standalone (time to live in seconds)
exo.cache.forum.WatchListData.Capacity=500
exo.cache.forum.WatchListData.TimeToLive=-1
# Forum Cache Configuration - Link List Data
# - Standalone (time to live in seconds)
exo.cache.forum.LinkListData.Capacity=250
exo.cache.forum.LinkListData.TimeToLive=-1
# Forum Cache Configuration - Object Name Data
# - Standalone (time to live in seconds)
exo.cache.forum.ObjectNameData.Capacity=500
exo.cache.forum.ObjectNameData.TimeToLive=-1
# Forum Cache Configuration - Misc Data
# - Standalone (time to live in seconds)
exo.cache.forum.MiscData.Capacity=600
exo.cache.forum.MiscData.TimeToLive=-1
$PLATFORM_TOMCAT_HOME/webapps/forum-extension/WEB-INF/ks-extension/ks/forum/cacheconfiguration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/forum-extensionwebapp.war!/WEB-INF/ks-extension/ks/forum/cache-configuration.xml (JBoss).
UserProfilesCache
The UserProfilesCache caches information of users, for example, name, number of topics, number of posts, user
settings information in the forum system. These cached information will be used when the users log in the forum for next
times.
The UserProfilesCache is invalidated when the user is deleted or updated, or when the user creates a new topic/
post or changes his/her user settings, logs in/out of the system.
CategoriesCache
The CategoriesCache caches information of categories, such as name, order, description, permissions. Information of
these cached categories are used when the Forums application is opened not for the first time.
p.44
Configuration
Chapter 3. Configuration
Forum caches
The CategoriesCache is invalidated when the category is modified (for example, when the user updates his/her
profile, or watches a category, or adds/deletes a space).
ForumsCache
The ForumsCache caches information related to forums, such as name, order, description, permission. Information of
these cached forums is used when any users open the Forums application not for the first time.
The ForumsCache is invalidated when the forum is modified (updating user profile, users watch on Forum, spaces
updated).
TopicsCache
The TopicsCache caches information related to topics, such as name, description, owner, last updated time and
permission. When any users go to the cached topics, their information will be retrieved from cache rather than the
database.
The TopicsCache is invalidated when the topic is modified (for example, when the user watches a topic, or adds/
deletes a post, or deletes a space).
PostsCache
The PostsCache caches information of posts, such as title, message, owner. When any users do anything related to the
cached posts, information will be retrieved from cache rather than the database.
WatchesCache
The WatchesCache caches information related to watches, such as users and emails. These cached information will be
used when the forum/category/topic is loaded not for the first time.
p.45
Configuration
Chapter 3. Configuration
Wiki caches
The maximum heap size of watched data is 257Kb (Max size: 500)
ObjectNameDataCache
The ObjectNameDataCache caches simple information of categories/forums/topics, such as name and jcr-path. When
any users ask for these cached forums/categories/topics, the information will be retrieved from cache rather than the
database.
MiscDataCache
The MiscDataCache caches simple information related to categories list size, forums list size, topic list size, screen name
of users. These cached information is used when the Forums application is opened not for the first time.
BBCodeCache
The BBCodeCache caches information related to BBCodes, such as tag name, replacement, description, isOption. When
any users open the topic containing the cached BBCodeCache or add/edit the BBCode, information will be retrieved from
cache rather than the database.
RenderingCache [47]
UuidCache [47]
AttachmentCountCache [47]
You can change these Social caches that are handled by PageRenderingCacheService in the following files. See
Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
In particular:
p.46
Configuration
Chapter 3. Configuration
Calendar caches
$PLATFORM_TOMCAT_HOME/lib/wiki-service-xxx.jar!/conf/portal/cache-configuration.xml
(Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib/wiki-service.jar!/conf/
portal/cache-configuration.xml (JBoss).
RenderingCache
The RenderingCache caches content of visited wiki pages. When any users visit the cached wiki pages, their content will
be retrieved from cache rather than the database.
The size of a wiki page is unlimited, so the maximum heap size consumed by the cache is unlimited too. However,
most of wiki pages are often less than 100KB. Therefore, the maximum heap size equals to the cache size multiplied
by 100KB.
UuidCache
The UuidCache caches Uuid of nodes that stores the visited wiki pages. When any users visit these wiki pages, Wiki gets
the nodes by UUID in cache that is much faster than query in the database.
Every Uuid has the length of 32 bytes, so the maximum heap size equals to the cache size multiplied by 32 bytes.
AttachmentCountCache
The AttachmentCountCache caches the number of attachments of the visited wiki pages. When the visited wiki pages
are called, the number of page attachments will be retrieved from cache rather than the database.
The AttachmentCountCache is updated when the wiki page is removed/modified or when its attachment is added/
removed.
The maximum heap size equals to the cache size multiplied by 4 bytes ("4" - size of Integer).
GroupCalendarCache [48]
UserCalendarCache [48]
GroupCalendarEventCache [49]
p.47
Configuration
Chapter 3. Configuration
GroupCalendarRecurrentEventCache [49]
UserCalendarSettingCache [49]
EventCategoriesCache [49]
Calendar caches
You can change values of these Calendar caches in the following files. See Configuration overview for how-to.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
$PLATFORM_TOMCAT_HOME/webapps/calendar-extension.war!/WEB-INF/cs-extension/cs/csconfiguration.xml (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/calendar-extensionwebapp.war!/WEB-INF/cs-extension/cs/cs-configuration.xml (JBoss).
GroupCalendarCache
The GroupCalendarCache caches the Calendar objects. This object contains metadata information of a calendar, such
as calendar name, time zone, permissions. When any users access the cached group calendar, the metadata of this
group calendar will be retrieved from cache rather than the database.
The cached GroupCalendarCache is invalidated when the user updates calendar metadata, such as creating,
deleting, updating calendars (changing time zone).
Each Calendar object is approximately 75 bytes, so the maximum heap size equals to the cache size multiplied by 75
bytes.
UserCalendarCache
p.48
Configuration
Chapter 3. Configuration
Calendar caches
The UserCalendarCache caches the Calendar object. When any users access the cached user calendar, the metadata
of this user calendar will be retrieved from cache rather than the database.
The UserCalendarCache is invalidated when the user updates calendar metadata, such as creating, deleting,
updating calendar (changing time zone).
Each Calendar object is approximately 75 bytes, so the maximum heap size equals to the cache size multiplied by 75
bytes.
GroupCalendarEventCache
The GroupCalendarEventCache caches information about events, for example, summary, datetime, invitations,
attachments. When any users show content of a group calendar (for example, its events, tasks) for the first time, a query
will be made, then put the result to the cache. When another users access the cached content, its data will be retrieved
from cache rather than the database.
The GroupCalendarEventCache is invalidated when the users make changes on content of the group calendar, for
example, creating, deleting tasks, updating summary of events.
If the event does not contain the attachment file, each event object is approximately 200 bytes. Therefore, the
maximum heap size equals to the cache size multiplied by 200 bytes.
GroupCalendarRecurrentEventCache
The GroupCalendarRecurrentEventCache caches information about recurring events, for example, summary, datetime,
invitations, and attachment. When any users show content of a group calendar that contains the recurring event (for
example, its events, tasks) for the first time, a query will be made, then put the result to the cache. When another users
access the cached content, the data query will be retrieved from cache rather than the database.
The GroupCalendarRecurrentEventCache is invalidated when the user makes changes on recurring events, for
example, deleting, updating summary of recurring events.
If the recurring event does not contain the attachment file, each object is approximately 200 bytes. Therefore, the
maximum heap size equals to the cache size multiplied by 200 bytes.
UserCalendarSettingsCache
The UserCalendarSettingsCache caches information about calendar settings, such as datetime format, calendar filter,
view types. When the user needs calendar settings, such as access to calendar page and need to render current view
(month view, week view), a query is made and put the setting information to the cache. If another users access the
cached calendar settings, the data will be directly retrieved from cache rather than the database.
The UserCalendarSettingsCache is invalidated when the user changes his settings or the user is deleted.
Each Calendar setting object is approximately 80 bytes, so the maximum heap size equals to the cache size
multiplied by 80 bytes.
EventCategoriesCache
The EventCategoriesCache caches event category names and Ids. When an event category is called for the first time, a
query is made and data is put into the cache. For next time, when another users call the cached event category, its data
will be retrieved from cache rather than the database.
The EventCategoriesCache is invalidated when the user creates, updates or deletes the event category.
p.49
Configuration
Chapter 3. Configuration
End-date suggestion
The EventCategoriesCache size is approximately 24 bytes, so the maximum heap size equals to the cache size
multiplied by 24 bytes.
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
In which:
The numeric value of duration suggestion is complied with the following rules: 1 = 30 minutes, 2 = 1 hour, 3 = 1 hour
30 minutes, 4 = 2 hours. This means 1 block equals to 30 minutes.
exo.calendar.default.event.suggest: Defines the duration of an event. That is, if the start-time is 7:00AM in
the From field, the end-time will be auto-increased to 8:00AM in the To field. "2" is set by default for the duration of
events.
exo.calendar.default.task.suggest: Defines the duration of a task. That is, if the start-time is 7:00AM in
the From field, the end-time will be auto-increased to 7:30AM in the To field. "1" is set by default for the duration of
tasks.
$PLATFORM_TOMCAT_HOME/webapps/platform-extension.war!/WEB-INF/conf/organization/
organization-configuration.xml (Tomcat)
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear!/platform-extensionwebapp.war!/WEB-INF/conf/organization/organization-configuration.xml (JBoss)
This section does not directly aim at changing those predefined organizational data, but if it is the further step you want to
go, you can easily perform via the extension mechanism provided by eXo Platform.
Organizational data initializer
At top of the configuration file, you see the initializer declaration that is supposed to create all the predefined data
discussed here:
p.50
Configuration
Chapter 3. Configuration
<component-plugin>
<name>init.service.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.services.organization.OrganizationDatabaseInitializer</type>
<description>this listener populate organization data for the first launch</description>
<init-params>
<value-param>
<name>checkDatabaseAlgorithm</name>
<description>check database</description>
<value>entry</value>
</value-param>
...
</init-params>
</component-plugin>
Notice the value of checkDatabaseAlgorithm. If it is set to entry, each user, group and membership listed in the
configuration is checked each time eXo Platform is started. If an entry does not exist in the database yet, it will be
created. If the value is set to empty, the data will be updated to the database only if the database is empty.
Predefined membership types
All predefined membership types can be found under the membershipType field. Here is an extract:
<field name="membershipType">
<collection type="java.util.ArrayList">
<value>
<object type="org.exoplatform.services.organization.OrganizationConfig$MembershipType">
<field name="type"><string>*</string></field>
<field name="description"><string>Any membership type</string> </field>
</object>
</value>
<value>
<object type="org.exoplatform.services.organization.OrganizationConfig$MembershipType">
<field name="type"><string>manager</string></field>
<field name="description"><string>manager membership type</string></field>
</object>
</value>
...
</collection>
</field>
Predefined groups
All predefined groups can be found under the group field. Here is an extract:
<field name="group">
<collection type="java.util.ArrayList">
<value>
<object type="org.exoplatform.services.organization.OrganizationConfig$Group">
<field name="name"><string>developers</string></field>
<field name="parentId"><string /></field>
<field name="description"><string>the /developers group</string></field>
<field name="label"><string>Development</string></field>
</object>
</value>
...
</collection>
</field>
Predefined users
p.51
Configuration
Chapter 3. Configuration
Gadget configuration
All predefined users can be found under the user field. The configurations are username, firstname, lastname, email,
password and the list of memberships granted to the user. Here is an extract:
<field name="user">
<collection type="java.util.ArrayList">
<value>
<object type="org.exoplatform.services.organization.OrganizationConfig$User">
<field name="userName"><string>${exo.super.user}</string></field>
<field name="password"><string>gtn</string></field>
<field name="firstName"><string>Root</string></field>
<field name="lastName"><string>Root</string></field>
<field name="email"><string>root@localhost</string></field>
<field name="groups">
<string>*:/platform/administrators,*:/platform/users,*:/platform/web-contributors,*:/organization/employees,member:/organization/management/
executive-board</string>
</field>
</object>
</value>
...
</collection>
</field>
Note that the code above uses the exo.super.user property which is set to root in the files:
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
To use your customized configuration files, it is recommended that you replace default files in that location with yours.
It is possible to change the location by pointing exo.conf.dir to another folder. However, exo.conf.dir holds many
configuration files besides gadgets, so take care that you have those files in the new folder. Also note that the folder of
gadgets files will be ${exo.conf.dir}/gadgets.
To change exo.conf.dir:
In Tomcat: customize the variable EXO_CONF_DIR=/path/to/your/folder (see Customizing variables for howto).
<sytem-properties>
<property name="exo.conf.dir" value="/path/to/your/folder"/>
</system-properties>
The security token key (key.txt) is automatically generated by the server so you just need to acknowledge its location.
Next is more information about OAuth key and Shindig properties.
OAuth key configuration
p.52
Configuration
Chapter 3. Configuration
In eXo Platform, the OAuth gadgets use an OAuth key to authorize with external service providers. There is always a
default key defined in the oauthkey.pem file. This key will be used in case the OAuth gadgets do not indicate a key. It is
strongly recommended that you create your own oauthkey.pem file by using the openssl tool and some commands as
follows:
openssl req -newkey rsa:1024 -days 365 -nodes -x509 -keyout testkey.pem -out testkey.pem -subj '/CN=mytestkey'
openssl pkcs8 -in testkey.pem -out oauthkey.pem -topk8 -nocrypt -outform PEM
shindig.features.default=res://features/default-features.txt,res://features/online-features.txt
To disable:
shindig.features.default=res://features/default-features.txt
See also
$PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat).
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss).
Fuzzy parameters
Since 4.0.4, there are two properties that allow you to enable/disable Fuzzy search and adjust its effectiveness. You can
read about Fuzzy search here. Basically, the engine searches for not only exact keyword but also similar words. It is likely
p.53
Configuration
Chapter 3. Configuration
a feature expected by end-users, but it is also a deal with search speed. That is why you should have ability to adjust
degree of similarity and enable/disable Fuzzy search.
By default, Fuzzy search is enabled. Fuzzy search will be performed when the user adds a tilde (~) after a single
keyword. So the "Home~" keyword triggers a Fuzzy search of which the result may include "Rome". Also, the user can
append a similarity to narrow or extend the search result, for example "Home~0.8".
Property
Description
exo.unified-search.engine.fuzzy.enable
exo.unifiedsearch.engine.fuzzy.similarity
Excluded characters
By default only the whitespace is recognized as the word separator - means if the data is "Lorem Ipsum", there are two
indexes will be created for "Lorem" and "Ipsum".
The built-in indexing service of eXo Platform allows more word separators, like dot (.) or hyphen (-). To define those, edit
the property exo.unified-search.excluded-characters.
When a user types a phrase to search, the word separator is used also. For example if hyphen is configured, and the
user types "Lorem-Ipsum", then the query is sent as if it is two words.
See also
p.54
Configuration
Chapter 4. Database
Chapter 4. Database
By default, eXo Platform uses HSQL and you do not need any configuration to make it work. Follow this chapter only
when you need to use another RDBMS.
Assuredly you can use MySQL, PostgreSQL, MSSQL, Oracle, Sybase, DB2. Optimistically any SQL database that
provides a JDBC compliant driver can be used.
In this chapter:
Creating databases
You need to create databases. The tables are created automatically in Platform first startup.
Configuring eXo Platform
This section is a complete guide to configure eXo to use a RDBMS.
Datasource JNDI name
If for any reason you want to change JNDI name of the datasources, follow this section.
Frequently asked questions
This section especially targets to solve some possible issues.
See also
Data directory configuration
1.
2.
If you do not need to support specific characters, it is recommended to use the character set latin1 and the
collation latin1_general_cs (as eXo JCR is case sensitive). For example, in MySQL: CREATE DATABASE
plf_jcr DEFAULT CHARACTER SET latin1 DEFAULT COLLATE latin1_general_cs;.
If you need to support specific characters, it is recommended to use the character set utf8 and the collation
utf8_bin (as eXo JCR is case sensitive). For example, in MySQL: CREATE DATABASE plf_jcr DEFAULT
CHARACTER SET utf8 DEFAULT COLLATE utf8_bin;
Grant a user the right to access the databases. The user should be allowed to access remotely from where eXo
Platform is hosted.
For example, in MySQL:
$IP is your app server host name that accepts wildcard (for example, 192.168.1.% = all IPs on 192.168.1.x
network).
$username and $password are credentials that eXo Platform will use to connect to the databases.
p.55
Database
Chapter 4. Database
eXo provides the ready-made and fine-tuned configuration so typically you just need to choose a sample and modify the
connection url and the credentials.
For Tomcat
1.
ii. Add a new one. For MySQL as an example, you will just need to copy the sample in conf/servermysql.xml:
iii. Edit username, password, url (host, port and database name). Besides MySQL, if you are using Enterprise
Edition, you will find the samples for other RDBMSs in conf/server-*.xml.
iv. Append this character encoding to the url in case your database character set is utf8. For example, in
MySQL (this is different between RDBMSs):
url="jdbc:mysql://localhost:3306/plf?autoReconnect=true&characterEncoding=utf8"
2.
Set the SQL Dialect if necessary. This step is not mandatory because the dialect is auto-detected in most cases. You
only need to take care of it for some particular RDBMSs:
i. For JCR, only when you are using MySQL and database character set utf8, you need to edit gatein/conf/
exo.properties file to have:
exo.jcr.datasource.dialect=MySQL-UTF8
ii. For IDM, eXo Platform detects automatically the dialect for RDBMSs listed here. Only when your RDBMS
is not in the list, for example Postgres Plus Advanced Server 9.2, you will need to edit gatein/conf/
exo.properties file to have:
p.56
Database
Chapter 4. Database
hibernate.dialect=org.hibernate.dialect.PostgresPlusDialect
Tip
Normally you can find out an appropriate driver for your JDK from your database vendor website. For
example, for MySQL: http://dev.mysql.com/downloads/connector/j/, and for Oracle: http://www.oracle.com/
technetwork/database/features/jdbc/index-091264.html.
For JBoss
1.
ii. For MySQL as an example, need to uncomment some lines in the file, edit driver, username, password, url:
iii. Append this character encoding to the url in case your database character set is utf8. For example, in
MySQL (this is different between RDBMSs):
<connection-url>jdbc:mysql://localhost:3306/plf?autoReconnect=true&characterEncoding=utf8</connection-url>
2.
p.57
Database
Chapter 4. Database
This step is not mandatory because the dialect is auto-detected in most cases. You only need to take care of it for
some particular RDBMSs:
i. For JCR, only when you are using MySQL and database character set utf8, you need to edit standalone/
configuration/gatein/exo.properties file to have:
exo.jcr.datasource.dialect=MySQL-UTF8
ii. For IDM, eXo Platform detects automatically the dialect for RDBMSs listed here. Only when your RDBMS
is not in the list, for example Postgres Plus Advanced Server 9.2, you will need to edit standalone/
configuration/gatein/exo.properties file to have:
hibernate.dialect=org.hibernate.dialect.PostgresPlusDialect
Tip
Normally you can find out an appropriate driver for your JDK from your database vendor website. For
example, for MySQL: http://dev.mysql.com/downloads/connector/j/, and for Oracle: http://www.oracle.com/
technetwork/database/features/jdbc/index-091264.html.
Note
The properties file (exo.properties) will not take "_portal" suffix as it is appended automatically by eXo, as
detailed below.
There is a constraint that the suffix of datasource JNDI names must be "_portal". Take JCR as example, it uses the
following property:
exo.jcr.datasource.name=java:/comp/env/exo-jcr
to look up a datasource for the portal. Because the core of eXo Platform is designed for supporting multi-portal, there are
theoretically different datasources for different portals. Consequently this property is treated as datasource name's prefix,
and the portal name (knowing that it is "portal" by default) is appended to complete the name in JNDI lookup.
So if you change the JDNI names exo-idm_portal and exo-jcr_portal, you need to edit the following properties:
p.58
Database
Chapter 4. Database
This parameter is necessary to avoid any possible performance problem. MS SQL Server differentiates Unicode
data types (such as nchar) from ASCII data types (such as char). By default (without this parameter), all the JDBC
drivers send strings in Unicode format to SQL Server. When, for example, doing a comparison on a non-Unicode
column, SQL Server tries to convert data in the table into Unicode first. This conversion might cause a serious
performance issue.
The parameter is a bit different between JDBC Drivers. See more details here.
Q2.
To avoid this, you can use DBCP to monitor the idle connections and drop them when they are invalid, with the
testWhileIdle, timeBetweenEvictionRunsMillis, and validationQuery parameters.
The validation query is specific to your RDBMS. For example, on MySQL, you would use:
timeBetweenEvictionRunsMillis defines the time interval between two checks in milliseconds (5 minutes in
the example).
http://markmail.org/message/a3bszoyqbvi5qer4
p.59
Database
Chapter 4. Database
Q3.
http://stackoverflow.com/questions/15949/javatomcat-dying-database-connection
https://confluence.atlassian.com/display/JIRA/Surviving+Connection+Closures
gatein.jcr.datasource.managed=true
Using managed connections has pros and cons, so only do it if you know what you are doing. By default eXo
Platform JBoss uses datasource jta="false".
p.60
Database
Chapter 5. Deployment
Chapter 5. Deployment
This chapter covers the following topics:
Removing ready-made sites
Steps to remove the ready-made site Social Intranet.
Setting up Apache front-end
Introduction to the base configuration for Apache, and methods to "glue" Apache HTTP Daemon and Tomcat
application server.
Configuring HTTP session timeout
Instructions on how to configure the session timeout of the Tomcat and Jboss servers.
$PLATFORM_TOMCAT_HOME/webapss/acme-intranet.war
$PLATFORM_TOMCAT_HOME/webapss/acme-intranet-portlet.war
$PLATFORM_TOMCAT_HOME/lib/platform-sample-acme-intranet-config-*.jar
In JBoss:
1.
2.
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/platform-sample-acmeintranet-webapp.war
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/platform-sample-acmeintranet-portlet.war
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/lib/platform-sampleacme-intranet-config.jar
<module>
<web>
<web-uri>platform-sample-acme-intranet-portlet.war</web-uri>
<context-root>acme-intranet-portlet</context-root>
</web>
</module>
<module>
<web>
<web-uri>platform-sample-acme-intranet-webapp.war</web-uri>
<context-root>acme-intranet</context-root>
</web>
p.61
Deployment
Chapter 5. Deployment
</module>
Warning
You need to be clear what you will delete, so review carefully before deletion.
To clean the data entirely, do the following steps:
1.
2.
Remove the files (and change the configuration file for JBoss) as described above.
3.
Remove associated data. If you did not change the default data configuration, just need to remove:
4.
See also
via the Apache JServ Protocol using Tomcat connector or HTTPD AJP proxy module.
<VirtualHost *:80>
ServerName
Enter your server DNS name here
</VirtualHost>
You can find more information on the Apache HTTP daemon host here.
You can connect via 2 ways:
See also
p.62
Deployment
Chapter 5. Deployment
ProxyRequests Off
ProxyPass "/" http://YOUR_AS_HOST:AS_HTTP_PORT/
ProxyPassReverse "/" http://YOUR_AS_HOST:AS_HTTP_PORT/
Details:
YOUR_AS_HOST - host (IP or DNS name) is the location of your application server. If you run the HTTP daemon on
the same host as your app server, you can change this to localhost.
AS_HTTP_PORT - port is the location where your app server will listen to incoming requests. For Tomcat, this value
is 8080 by default. You can find the value at $PLATFORM_TOMCAT_HOME/conf/server.xml.
In the above example, the HTTP daemon will work in the reverse proxy mode (ProxyRequests Off) and will redirect all
requests to the tcp port 8080 on the localhost. So, the configuration of a virtual host looks like the following:
<VirtualHost *:80>
ServerName
Enter your server DNS name here
ProxyRequests Off
ProxyPreserveHost On
ProxyPass "/" http://localhost:8080/
ProxyPassReverse "/" http://localhost:8080/
</VirtualHost>
The first way: Use the native Apache HTTP Daemon's AJP proxy module.
The second way: Use the native Apache Tomcat's AJP connector.
With the first method, you only need the HTTP daemon and application server, but settings are limited.
With the second method, you can obtain more settings, but you will need to download and install additional modules for
the HTTP Daemon that are not included in the default package.
AJP proxy module
Make sure that mod_proxy_ajp.so is included in the list of loadable modules. Add the following to your virtual host
configuration setting:
ProxyPass / ajp://localhost:8009/
p.63
Deployment
Chapter 5. Deployment
In this example, the app server is located on the same host as the Apache HTTP daemon, and accepts incoming
connections on the port 8009 (the default setting for the Tomcat application server). You can find the full list of virtual host
configurations here:
<VirtualHost *:80>
ServerName
ProxyRequests Off
ProxyPass / ajp://localhost:8009/
</VirtualHost>
2.
Move the downloaded mod_jk.so file to the HTTPD's module directory, for example /etc/httpd/modules. The
directory may be different, depending on the OS.
3.
LoadModule
jk_module modules/mod_jk.so
<IfModule jk_module>
# ---- Where to find workers.properties
JkWorkersFile conf.d/workers.properties
# ---- Where to put jk logs
JkLogFile
logs/mod_jk.log
# ---- Set the jk log level [debug/error/info]
JkLogLevel info
# ---- Select the timestamp log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
JkRequestLogFormat "%w %R %T"
# ---- Send everything for context /examples to worker named worker1 (ajp13)
JkMountFileReload
"0"
</IfModule>
Note
For more details, see the Tomcat documentation.
4.
Place the mod_jk.conf file into the directory where other configuration files for Apache HTTP daemon are located,
for example /etc/httpd/conf.d/.
5.
Create the workers.properties file, which defines the AJP workers for the HTTP daemon.
worker.list=status, WORKER_NAME
# Main status worker
worker.stat.type=status
worker.stat.read_only=true
worker.stat.user=admin
# Your AJP worker configuration
worker.WORKER_NAME.type=ajp13
worker.WORKER_NAME.host=localhost
worker.WORKER_NAME.port=8109
worker.WORKER_NAME.socket_timeout=120
worker.WORKER_NAME.socket_keepalive=true
Note
In the example above, you can change WORKER_NAME to any value.
6.
p.64
Deployment
Chapter 5. Deployment
7.
<VirtualHost *:80>
ServerName
Enter your server DNS name here
ProxyRequests Off
JkMount
/* WORKER_NAME
</VirtualHost>
Note
If you are using Platform Tomcat, an AJP connector is enabled already. However, in Platform JBoss, you need
to configure one, as described below.
In Platform JBoss, you need to modify the $PLATFORM_JBOSS_HOME/standalone/configuration/standaloneexo.xml file (standalone-exo-cluster.xml in cluster mode).
Find the subsystem urn:jboss:domain:web:1.5 section and add the connector:
<session-config>
<session-timeout>30</session-timeout>
</session-config>
See also
p.65
Deployment
Note
See Oracle's Documentation to learn about JMX (Java Management Extension).
To manage eXo Platform with JMX, you need a JMX Client, or more exactly an MBean Browser. JConsole is a built-in
tool, and it features an MBean browser, so it does not require any installation. Another suggestion is VisualVM, which
requires some steps to install its MBean plugin.
The tools are graphical and you may just try and use to explore MBean. In this chapter, the following terms will be used to
describe an individual or a group of similar MBeans:
Object Name is used to identify and indicate an MBean. All MBeans introduced in this chapter can be found under
a group "exo", however their organization may make it difficult to find an MBean. For example, you will see three
groups with the same name "portal", so this document will not indicate an MBean by its position in the MBeans tree,
but by its Object Name.
If you are using VisualVM, you can see Object Name in the "Metadata" tab.
Attribute is a pair of "Name" and "Value". A list of Attributes shows the state of an MBean object.
Operation is a function that you can invoke. Each MBean provides some (or no) Operations. Some Operations are
"Set" and some Operations are "Get". An Operation may require data inputs.
p.66
JMX/REST Management
The JMX configurations are JVM options and thus basically not specific to eXo Platform. Such configurations are
explained at Oracle's Documentation.
In eXo Platform, by default JMX is not configured. Thus, local access is enabled and remote access is disabled.
Authentication is disabled as well, this means username and password are not required. If you want to enable remote
access or authorization, you need to start customizing eXo Platform, as instructed in the Customizing environment
variables section.
After the start, put your JMX configurations in the form described in Advanced Customization section.
Although the two sections are written for Tomcat bundle, it is very similar for JBoss, except the customized
configuration file. In JBoss, the file is $PLATFORM_JBOSS_HOME/bin/standalone-customize.conf for
Linux, $PLATFORM_JBOSS_HOME/bin/standalone-customize.conf.bat for Windows. You can create it
by using the sample file $PLATFORM_JBOSS_HOME/bin/standalone-customize.sample.conf for Linux or
$PLATFORM_JBOSS_HOME/bin/standalone-customize.sample.conf.bat for Windows.
Securing JMX connection
It is recommended to enable security for production system. You may:
Enable Password Authentication. See Using Password Authentication and Using Password and Access Files.
2.
Select a service name and append it to the base URL. You will have the service's URL, for example: http://
[your_server]:[your_port]/rest/private/management/skinservice. Entering this URL, you will get a list of attributes (as
"properties") and operations (as "method").
3.
Continue appending an attribute of Step 2 to have URL of a method or property. Let's see the "skinservice" as an
example:
The URL of the method "reloadSkin" is a bit complex because the method requires parameter "skinId" (to know
which Skin will be reloaded): http://[your_server]:[your_port]/rest/private/management/skinservice/reloadSkin?
skinId=Default.
See also
p.67
JMX/REST Management
See also
Attribute
Description
ConfigurationXML
Name
RegisteredComponentNames
Started
Operation
Description
getConfigurationXML
getName
getRegisteredComponentNames
isStarted
Checks if the portal container is started or not. The portal container is only
started once all its components have been started.
Note
PortalContainer can be controlled through the following path:
http://mycompany.com:8080/rest/management/pcontainer.
p.68
JMX/REST Management
There are many Cache MBeans of which the Class Name is common:
org.exoplatform.services.cache.concurrent.ConcurrentFIFOExoCache and the Object Names are:
exo:service=cache,name={CacheName} where CacheName is specified for each MBean.
Attribute
Description
Name
Capacity
HitCount
MissCount
The total number of times the cache was queried without success.
Size
TimeToLive
The valid period of the cache in seconds. If the value is set to -1, the cache never
expires.
Operation
Description
clearCache()
Evicts all entries from the cache. This method can be used to force a programmatic
flush of the cache.
getName
getLiveTime
setLiveTime
getCacheHit
getCacheMiss
getMaxSize
setMaxSize
getCacheSize
CacheManager
The CacheManager MBean has no attribute and only one method to clear all the Caches.
Operation
Description
clearCaches()
PicketLinkIDMCacheService
PicketLinkIDMCacheService is the default implementation for the organization model. It has no attribute.
Operation
Description
invalidateAll
p.69
JMX/REST Management
Operation
Description
invalidate(namespace)
printCaches
Note
PicketLinkIDMCacheService can be controlled through the following path:
http://mycompany.com:8080/rest/management/plidmcache.
However, the REST View managements of CacheService and CacheManager are not currently exposed in this
version.
Attribute
Description
PortletExpirationCache
Operation
Description
getPortletExpirationCache
setPortletExpirationCache
(expirationCache)
Sets the expiration period of portlet cache by entering the value into the
expirationCache field.
Note
WCMService can be controlled through the following paths respectively:
http://mycompany.com:8080/rest/management/wcmservice/.
Attribute
Description
Name
RegisteredComponentNames
Operation
Description
getName
getRegisteredComponentNames
SessionRegistry
p.70
JMX/REST Management
Attribute
Description
TimeOut
Size
Operation
Description
runCleanup
getTimeOut
setTimeOut
getSize
Workspace
There are several default workspaces listed below, each of them corresponds to a Workspace MBean:
Workspace Name
Description
collaboration
Data, such as sites content, documents, groups, records space, tags, and users.
dms-system
knowledge
portal-system
Data of the Portal model objects, such as navigations, pages, sites, and application
registry.
portal-work
social
system
Attribute
Description
Name
RegisteredComponentNames
Operation
Description
getName
getRegisteredComponentNames
LockManager
Attribute
Description
NumLocks
p.71
JMX/REST Management
Operation
Description
cleanExpiredLocks
getNumLocks
Note
Currently, the REST View managements of SessionRegistry, LockManager, Repository and Workspace are
not exposed in this version.
Attribute
Description
TemplateList
SlowestTemplates
MostExecutedTemplates
FastestTemplates
Operation
Description
getAverageTime(templateId)
getMaxTime(templateId)
getSlowestTemplates
getMostExecutedTemplates
getTemplateList
getFastestTemplates
Template management
Template management provides the capability to force the reload of a specified template.
Operation
Description
reloadTemplates
listCachedTemplates
reloadTemplate(templateId)
Skin management
p.72
JMX/REST Management
Attribute
Description
SkinList
Operation
Description
reloadSkin(skinId)
reloadSkins
getSkinList
TokenStore
Attribute
Description
Name
ValidityTime
PeriodTime
The expiration daemon period of one specific token in seconds. The token is deleted
after the specified period.
Operation
Description
cleanExpiredTokens
size
Returns the number of tokens, including valid tokens and expired tokens undeleted yet.
getName
getValidityTime
getPeriodTime
Description
gadget-token
Stores tokens of the Oauth gadget into the JCR node, such as
org.exoplatform.portal.gadget.core.Gadget TokenInfoService.
jcr-token
Portal statistics
Attribute
Description
PortalList
Operation
Description
getThroughput(portalId)
Returns the number of requests for the specified portal per second.
getAverageTime(portalId)
p.73
JMX/REST Management
Operation
Description
getExecutionCount(portalId)
Returns the number of times the specified portal has been executed.
getMinTime(portalId)
getMaxTime(portalId)
getPortalList
Application statistics
Various applications are exposed to provide relevant statistics.
Attribute
Description
ApplicationList
SlowestApplications
MostExecutedApplications
FastestApplications
Operation
Description
getAverageTime(applicationId)
getExecutionCount(applicationId)
getMinTime(applicationId)
getMaxTime(applicationId)
getSlowestApplications
getMostExecutedApplications
getFastestApplications
getApplicationList
Note
Template statistics, Template management, Skin management, Portal statistics and Application statistics can
be controlled through the following paths respectively:
http://mycompany.com:8080/rest/management/templatestatistics
http://mycompany.com:8080/rest/management/templateservice
http://mycompany.com:8080/rest/management/skinservice
http://mycompany.com:8080/rest/management/portalstatistic
http://mycompany.com:8080/rest/management/applicationstatistic
However, the REST View management of TokenStore is currently not exposed in this version.
p.74
JMX/REST Management
Forum
Attribute
Description
AdminRules
ContactProvider
MailServiceConfig
The string containing the configuration of the Mail service used for the
notifications in Forum.
OnlineUsers
Operation
Description
countOnlineUsers
hasForumAdminRole(String
username)
getAdminRules
getOnlineUsers
getContactProvider
setContactProvider(String
contactProviderClassName
getMailServiceConfig
Jobs
Attribute
Description
DataMap
JobClassName
Name
Operation
Description
getName
getJobClassName
getDataMap
Description
DeactiveJob
LoginJob
NotifyJob
RecountActiveUserJob
p.75
JMX/REST Management
Job
Description
SendMailJob
RoleRulesPlugin
The Object Name of RoleRulesPlugin MBean:
exo:portal=portal,service=forum,view=plugins,name="add.role.rules.plugin".
Attribute
Description
AllRules
The list of all rules of RoleRulesPlugin. For example, the rule defining 'root' user as an
administrator follows the form of ADMIN=root.
Description
Name
RuleNames
The list of possible rule names; for example, the rule defining administrators is named
ADMIN.
Operation
Description
addRule
Adds a rule. For example, to add the ADMIN rule for a user, you need to input two
parameters: "ADMIN" in the p1 and user name in the p2.
getRules
Returns the list of rules defining the user with the role inputted in p1.
getName
getRuleNames
Returns the list of possible rule names. For example, if 'user1' and 'user2' are defined
as ADMIN (ADMIN=user1, user2), the list of returned rule names will be ADMIN.
getDescription
getAllRules
Storage
This MBean enables you to get storage information (data path, repository, workspace) of Forum application.
Attribute
Description
Path
Repository
The name of repository containing the workspace where Forum data is stored.
Workspace
Operation
Description
getRepository
getWorkspace
getPath
Note
Currently, the REST View managements of Forum, Job, Plugin, Storage are not exposed in this version.
p.76
JMX/REST Management
Chapter 7. Clustering
Chapter 7. Clustering
Note
In eXo Platform 4, Cluster mode is temporarily not available for Tomcat. The whole content of this chapter is
for JBoss only. eXo is trying best to support Cluster mode for Tomcat soon.
Cluster mode is the solution for high performance system. It offers Load Balancing and High Availability features.
A Platform cluster is a set of nodes that communicate via JGroups - UDP or TCP - in the back-end, and a front-end Load
Balancer like Apache mod_jk that distributes HTTP requests to the nodes. The High Availability is achieved in the data
layer natively by the RDBMS or Shared File Systems, such as SAN and NAS.
In this chapter:
Setting up eXo Platform cluster
How to set up eXo Platform cluster for JBoss only. Note as of 4.1, Job Persistence of Quartz is pre-configured in
Platform cluster.
Activating TCP default configuration files
How to use TCP default configuration files.
JCR index in cluster mode
Configuration and explanation of JCR index strategies (local and shared).
Configuring JGroups via exo.properties
A list of default values and variable names that you can configure via exo.properties.
Using customized JGroups xml files
In case you have a configuration that is not externalized, or you want to migrate your JGroups xml files from 4.0, read
this section to activate your xml files.
Migrating eXo Platform cluster 4.0 to 4.1
Instruction for migrating your cluster configuration from Platform 4.0 to 4.1.
Setting up mod_jk
How to set up load balancing using Apache mod_jk.
FAQs of clustering
Common questions and answers that are useful for administrators when doing a clustering on eXo Platform.
p.77
Clustering
Chapter 7. Clustering
Job Persistence for Quartz is pre-configured, you just need to activate it by the property
org.quartz.properties.
1.
2.
Create a copy of the package for each cluster node. Assume that you have two nodes: node1.your-domain.com
and node2.your-domain.com.
3.
4.
5.
Follow Database chapter, but note that the configuration file is standalone-exo-cluster.xml (instead of
standalone-exo.xml).
As of 4.1, there is a datasource of which JNDI name is exo-quartz that you can find in the file.
Use an appropriate SQL script to create tables in the database that you configured for exo-quartz.
<sytem-properties>
<property name="org.quartz.properties" value="standalone/configuration/gatein/quartz/quartz.properties"/>
</system-properties>
6.
If you changed the default name exo-quartz in previous step, you must match it in quartz.properties.
Share a folder on the network that can be accessed from all nodes.
Assuming that the folder path is: /mnt/nfs/shared/data, edit the system property exo.shared.dir in the
standalone-exo-cluster.xml file:
<system-properties>
<property name="exo.shared.dir" value="/mnt/nfs/shared/data"/>
</system-properties>
7.
<system-properties>
<property name="exo.cluster.node.name" value="exo-node1"/>
</system-properties>
Use a different name for each node. If you do not want to configure this for every node, you can set it later by
appending this to the start command:
-Dexo.cluster.node.name=node-x
8.
exo.jcr.cluster.jgroups.udp.bind_addr=192.168.1.100
exo.idm.cluster.jgroups.udp.bind_addr=192.168.1.100
9.
p.78
Clustering
Chapter 7. Clustering
Start node1:
./bin/standalone.sh -b 0.0.0.0 -c standalone-exo-cluster.xml
-Djboss.socket.binding.port-offset=101
This is useful in case you set up nodes in the same machine for testing. You will not need to configure the port
for every node. Just use different port-offset in each start command.
To activate TCP default configuration files, edit standalone-exo-cluster.xml to add the profile clusterjgroups-tcp:
<system-properties>
...
<property name="exo.profiles" value="all,cluster,cluster-jgroups-tcp"/>
...
</system-properties>
Note that by activating this profile, you use TCP for both JCR and IDM. It is possible to activate TCP default configuration
for either JCR or IDM:
exo.jcr.cluster.jgroups.config=/conf/platform/jgroups/jgroups-jcr-tcp.xml
exo.jcr.cluster.jgroups.config-url=jar:/conf/platform/jgroups/jgroups-jcr-tcp.xml
For IDM:
exo.idm.cluster.jgroups.config=/conf/platform/jgroups/jgroups-idm-tcp.xml
When switching to use TCP instead of UDP, you need to add some properties in exo.properties:
# Assume node1 is 192.168.1.100 and node2 is 192.168.1.101. Here is configuration for node1:
exo.jcr.cluster.jgroups.tcp.bind_addr=192.168.1.100
exo.jcr.cluster.jgroups.tcpping.initial_hosts=192.168.1.100[7800],192.168.1.101[7800]
p.79
Clustering
Chapter 7. Clustering
exo.idm.cluster.jgroups.tcp.bind_addr=192.168.1.100
exo.idm.cluster.jgroups.tcpping.initial_hosts=192.168.1.100[7900],192.168.1.101[7900]
Local indexing: Each node manages its own local index storage. The "documents" (to be indexed) are replicated
within nodes.
"Documents" are Lucene term that means a block of data ready for indexing. The same "documents" are replicated
between nodes and each node locally indexes it, so the local indexes are updated for the running nodes.
There are additional mechanisms for a new node that starts for the first time to initiate its local index, and for a node
joining the cluster after downtime to update its local index.
Read this link for details.
Shared indexing: Every node has read access to a shared index and has its own in-memory index. A single
"coordinator" node is responsible for pulling in-memory indexes and updating the shared index.
It allows searching for newly added content immediately. However, there are rare cases that search result is different
between nodes for a while.
Read this link for details.
For local indexing, the index directory is set to a local path for each node:
If you want to use a shared index for every node, modify $PLATFORM_JBOSS_HOME/standalone/configuration/
standalone-exo-cluster.xml to enable the profile cluster-index-shared:
And set the index directory to a network sharing path, for example, a sub-folder of exo.shared.dir:
p.80
Clustering
Chapter 7. Clustering
Default value
eXo variable
singleton_name
exo-transport-udp
exo.jcr.cluster.jgroups.udp.singleton_name
bind_addr
127.0.0.1
exo.jcr.cluster.jgroups.udp.bind_addr
bind_port
16600
exo.jcr.cluster.jgroups.udp.bind_port
mcast_addr
228.10.10.10
exo.jcr.cluster.jgroups.udp.mcast_addr
mcast_port
17600
exo.jcr.cluster.jgroups.udp.mcast_port
tos
exo.jcr.cluster.jgroups.udp.tos
ucast_recv_buf_size
20000000
exo.jcr.cluster.jgroups.udp.ucast_recv_buf_size
ucast_send_buf_size
640000
exo.jcr.cluster.jgroups.udp.ucast_send_buf_size
mcast_recv_buf_size
25000000
exo.jcr.cluster.jgroups.udp.mcast_recv_buf_size
mcast_send_buf_size
640000
exo.jcr.cluster.jgroups.udp.mcast_send_buf_size
loopback
false
exo.jcr.cluster.jgroups.udp.loopback
discard_incompatible_packets
true
exo.jcr.cluster.jgroups.udp.discard_incompatible_packets
max_bundle_size
64000
exo.jcr.cluster.jgroups.udp.max_bundle_size
max_bundle_timeout
30
exo.jcr.cluster.jgroups.udp.max_bundle_timeout
use_incoming_packet_handler
true
exo.jcr.cluster.jgroups.udp.use_incoming_packet_handler
ip_ttl
exo.jcr.cluster.jgroups.udp.ip_ttl
enable_bundling
false
exo.jcr.cluster.jgroups.udp.enable_bundling
enable_diagnostics
true
exo.jcr.cluster.jgroups.udp.enable_diagnostics
diagnostics_addr
224.0.75.75
exo.jcr.cluster.jgroups.udp.diagnostics_addr
diagnostics_port
7500
exo.jcr.cluster.jgroups.udp.diagnostics_port
thread_naming_pattern
cl
exo.jcr.cluster.jgroups.udp.thread_naming_pattern
use_concurrent_stack
true
exo.jcr.cluster.jgroups.udp.use_concurrent_stack
thread_pool.enabled
true
exo.jcr.cluster.jgroups.udp.thread_pool.enabled
thread_pool.min_threads
10
exo.jcr.cluster.jgroups.udp.thread_pool.min_threads
thread_pool.max_threads
1000
exo.jcr.cluster.jgroups.udp.thread_pool.max_threads
thread_pool.keep_alive_time
5000
exo.jcr.cluster.jgroups.udp.thread_pool.keep_alive_time
thread_pool.queue_enabled
true
exo.jcr.cluster.jgroups.udp.thread_pool.queue_enabled
thread_pool.queue_max_size
1000
exo.jcr.cluster.jgroups.udp.thread_pool.queue_max_size
thread_pool.rejection_policy
discard
exo.jcr.cluster.jgroups.udp.thread_pool.rejection_policy
oob_thread_pool.enabled
true
exo.jcr.cluster.jgroups.udp.oob_thread_pool.enabled
oob_thread_pool.min_threads
exo.jcr.cluster.jgroups.udp.oob_thread_pool.min_threads
oob_thread_pool.max_threads
1000
exo.jcr.cluster.jgroups.udp.oob_thread_pool.max_threads
oob_thread_pool.keep_alive_time
5000
exo.jcr.cluster.jgroups.udp.oob_thread_pool.keep_alive_time
oob_thread_pool.queue_enabled
false
exo.jcr.cluster.jgroups.udp.oob_thread_pool.queue_enabled
UDP
oob_thread_pool.queue_max_size 1000
exo.jcr.cluster.jgroups.udp.oob_thread_pool.queue_max_size
p.81
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
oob_thread_pool.rejection_policy
Run
exo.jcr.cluster.jgroups.udp.oob_thread_pool.rejection_policy
timeout
2000
exo.jcr.cluster.jgroups.ping.timeout
num_initial_members
exo.jcr.cluster.jgroups.ping.num_initial_members
max_interval
30000
exo.jcr.cluster.jgroups.merge2.max_interval
min_interval
10000
exo.jcr.cluster.jgroups.merge2.min_interval
timeout
10000
exo.jcr.cluster.jgroups.fd.timeout
max_tries
exo.jcr.cluster.jgroups.fd.max_tries
shun
true
exo.jcr.cluster.jgroups.fd.shun
1500
exo.jcr.cluster.jgroups.verify_suspect.timeout
use_stats_for_retransmission
false
exo.jcr.cluster.jgroups.pbcast.nakack.use_stats_for_retransmission
exponential_backoff
150
exo.jcr.cluster.jgroups.pbcast.nakack.exponential_backoff
use_mcast_xmit
true
exo.jcr.cluster.jgroups.pbcast.nakack.use_mcast_xmit
gc_lag
exo.jcr.cluster.jgroups.pbcast.nakack.gc_lag
retransmit_timeout
50,300,600,1200
exo.jcr.cluster.jgroups.pbcast.nakack.retransmit_timeout
discard_delivered_msgs
true
exo.jcr.cluster.jgroups.pbcast.nakack.discard_delivered_msgs
300,600,1200
exo.jcr.cluster.jgroups.unicast.timeout
stability_delay
1000
exo.jcr.cluster.jgroups.pbcast.stable.stability_delay
desired_avg_gossip
50000
exo.jcr.cluster.jgroups.pbcast.stable.desired_avg_gossip
max_bytes
1000000
exo.jcr.cluster.jgroups.pbcast.stable.max_bytes
60000
exo.jcr.cluster.jgroups.view_sync.avg_send_interval
print_local_addr
true
exo.jcr.cluster.jgroups.pbcast.gms.print_local_addr
join_timeout
3000
exo.jcr.cluster.jgroups.pbcast.gms.join_timeout
shun
false
exo.jcr.cluster.jgroups.pbcast.gms.shun
view_bundling
true
exo.jcr.cluster.jgroups.pbcast.gms.view_bundling
max_credits
500000
exo.jcr.cluster.jgroups.fc.max_credits
min_threshold
0.20
exo.jcr.cluster.jgroups.fc.min_threshold
PING
MERGE2
FD
VERIFY_SUSPECT
timeout
pbcast.NAKACK
UNICAST
timeout
pbcast.STABLE
VIEW_SYNC
avg_send_interval
pbcast.GMS
FC
FRAG2
p.82
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
frag_size
60000
exo.jcr.cluster.jgroups.frag2.frag_size
JGroups name
Default value
eXo variable
singleton_name
exo-transport-tcp
exo.jcr.cluster.jgroups.tcp.singleton_name
bind_addr
127.0.0.1
exo.jcr.cluster.jgroups.tcp.bind_addr
start_port
7800
exo.jcr.cluster.jgroups.tcp.start_port
loopback
true
exo.jcr.cluster.jgroups.tcp.loopback
recv_buf_size
20000000
exo.jcr.cluster.jgroups.tcp.recv_buf_size
send_buf_size
640000
exo.jcr.cluster.jgroups.tcp.send_buf_size
discard_incompatible_packets
true
exo.jcr.cluster.jgroups.tcp.discard_incompatible_packets
max_bundle_size
64000
exo.jcr.cluster.jgroups.tcp.max_bundle_size
max_bundle_timeout
30
exo.jcr.cluster.jgroups.tcp.max_bundle_timeout
use_incoming_packet_handler
true
exo.jcr.cluster.jgroups.tcp.use_incoming_packet_handler
enable_bundling
false
exo.jcr.cluster.jgroups.tcp.enable_bundling
use_send_queues
false
exo.jcr.cluster.jgroups.tcp.use_send_queues
sock_conn_timeout
300
exo.jcr.cluster.jgroups.tcp.sock_conn_timeout
skip_suspected_members
true
exo.jcr.cluster.jgroups.tcp.skip_suspected_members
use_concurrent_stack
true
exo.jcr.cluster.jgroups.tcp.use_concurrent_stack
thread_pool.enabled
true
exo.jcr.cluster.jgroups.tcp.thread_pool.enabled
thread_pool.min_threads
10
exo.jcr.cluster.jgroups.tcp.thread_pool.min_threads
thread_pool.max_threads
1000
exo.jcr.cluster.jgroups.tcp.thread_pool.max_threads
thread_pool.keep_alive_time
5000
exo.jcr.cluster.jgroups.tcp.thread_pool.keep_alive_time
thread_pool.queue_enabled
false
exo.jcr.cluster.jgroups.tcp.thread_pool.queue_enabled
thread_pool.queue_max_size
1000
exo.jcr.cluster.jgroups.tcp.thread_pool.queue_max_size
thread_pool.rejection_policy
Run
exo.jcr.cluster.jgroups.tcp.thread_pool.rejection_policy
oob_thread_pool.enabled
true
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.enabled
oob_thread_pool.min_threads
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.min_threads
oob_thread_pool.max_threads
1000
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.max_threads
oob_thread_pool.keep_alive_time
5000
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.keep_alive_time
oob_thread_pool.queue_enabled
false
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.queue_enabled
TCP
oob_thread_pool.queue_max_size 1000
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.queue_max_size
oob_thread_pool.rejection_policy
Run
exo.jcr.cluster.jgroups.tcp.oob_thread_pool.rejection_policy
3000
exo.jcr.cluster.jgroups.tcpping.timeout
TCPPING
timeout
p.83
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
initial_hosts
localhost[7800]
exo.jcr.cluster.jgroups.tcpping.initial_hosts
port_range
exo.jcr.cluster.jgroups.tcpping.port_range
num_initial_members
exo.jcr.cluster.jgroups.tcpping.num_initial_members
max_interval
100000
exo.jcr.cluster.jgroups.merge2.max_interval
min_interval
20000
exo.jcr.cluster.jgroups.merge2.min_interval
timeout
10000
exo.jcr.cluster.jgroups.fd.timeout
max_tries
exo.jcr.cluster.jgroups.fd.max_tries
shun
true
exo.jcr.cluster.jgroups.fd.shun
1500
exo.jcr.cluster.jgroups.verify_suspect.timeout
use_mcast_xmit
false
exo.jcr.cluster.jgroups.pbcast.nakack.use_mcast_xmit
gc_lag
exo.jcr.cluster.jgroups.pbcast.nakack.gc_lag
retransmit_timeout
300,600,1200,2400,4800
exo.jcr.cluster.jgroups.pbcast.nakack.retransmit_timeout
discard_delivered_msgs
true
exo.jcr.cluster.jgroups.pbcast.nakack.discard_delivered_msgs
300,600,1200
exo.jcr.cluster.jgroups.unicast.timeout
stability_delay
1000
exo.jcr.cluster.jgroups.pbcast.stable.stability_delay
desired_avg_gossip
50000
exo.jcr.cluster.jgroups.pbcast.stable.desired_avg_gossip
max_bytes
400000
exo.jcr.cluster.jgroups.pbcast.stable.max_bytes
60000
exo.jcr.cluster.jgroups.view_sync.avg_send_interval
print_local_addr
true
exo.jcr.cluster.jgroups.pbcast.gms.print_local_addr
join_timeout
3000
exo.jcr.cluster.jgroups.pbcast.gms.join_timeout
shun
true
exo.jcr.cluster.jgroups.pbcast.gms.shun
view_bundling
true
exo.jcr.cluster.jgroups.pbcast.gms.view_bundling
max_credits
2000000
exo.jcr.cluster.jgroups.fc.max_credits
min_threshold
0.10
exo.jcr.cluster.jgroups.fc.min_threshold
60000
exo.jcr.cluster.jgroups.frag2.frag_size
MERGE2
FD
VERIFY_SUSPECT
timeout
pbcast.NAKACK
UNICAST
timeout
pbcast.STABLE
VIEW_SYNC
avg_send_interval
pbcast.GMS
FC
FRAG2
frag_size
p.84
Clustering
Chapter 7. Clustering
Default value
eXo variable
singleton_name
idm-transport-udp
exo.idm.cluster.jgroups.udp.singleton_name
bind_addr
127.0.0.1
exo.idm.cluster.jgroups.udp.bind_addr
bind_port
26600
exo.idm.cluster.jgroups.udp.bind_port
mcast_addr
228.10.10.10
exo.idm.cluster.jgroups.udp.mcast_addr
mcast_port
27600
exo.idm.cluster.jgroups.udp.mcast_port
tos
exo.idm.cluster.jgroups.udp.tos
ucast_recv_buf_size
20m
exo.idm.cluster.jgroups.udp.ucast_recv_buf_size
ucast_send_buf_size
640k
exo.idm.cluster.jgroups.udp.ucast_send_buf_size
mcast_recv_buf_size
25m
exo.idm.cluster.jgroups.udp.mcast_recv_buf_size
mcast_send_buf_size
640k
exo.idm.cluster.jgroups.udp.mcast_send_buf_size
loopback
true
exo.idm.cluster.jgroups.udp.loopback
discard_incompatible_packets
true
exo.idm.cluster.jgroups.udp.discard_incompatible_packets
max_bundle_size
64000
exo.idm.cluster.jgroups.udp.max_bundle_size
max_bundle_timeout
30
exo.idm.cluster.jgroups.udp.max_bundle_timeout
ip_ttl
exo.idm.cluster.jgroups.udp.ip_ttl
enable_bundling
true
exo.idm.cluster.jgroups.udp.enable_bundling
enable_diagnostics
true
exo.idm.cluster.jgroups.udp.enable_diagnostics
diagnostics_addr
224.0.75.75
exo.idm.cluster.jgroups.udp.diagnostics_addr
diagnostics_port
7500
exo.idm.cluster.jgroups.udp.diagnostics_port
thread_naming_pattern
pl
exo.idm.cluster.jgroups.udp.thread_naming_pattern
thread_pool.enabled
true
exo.idm.cluster.jgroups.udp.thread_pool.enabled
thread_pool.min_threads
20
exo.idm.cluster.jgroups.udp.thread_pool.min_threads
thread_pool.max_threads
300
exo.idm.cluster.jgroups.udp.thread_pool.max_threads
thread_pool.keep_alive_time
5000
exo.idm.cluster.jgroups.udp.thread_pool.keep_alive_time
thread_pool.queue_enabled
true
exo.idm.cluster.jgroups.udp.thread_pool.queue_enabled
thread_pool.queue_max_size
1000
exo.idm.cluster.jgroups.udp.thread_pool.queue_max_size
thread_pool.rejection_policy
Discard
exo.idm.cluster.jgroups.udp.thread_pool.rejection_policy
oob_thread_pool.enabled
true
exo.idm.cluster.jgroups.udp.oob_thread_pool.enabled
oob_thread_pool.min_threads
20
exo.idm.cluster.jgroups.udp.oob_thread_pool.min_threads
oob_thread_pool.max_threads
300
exo.idm.cluster.jgroups.udp.oob_thread_pool.max_threads
oob_thread_pool.keep_alive_time
1000
exo.idm.cluster.jgroups.udp.oob_thread_pool.keep_alive_time
oob_thread_pool.queue_enabled
false
exo.idm.cluster.jgroups.udp.oob_thread_pool.queue_enabled
UDP
oob_thread_pool.queue_max_size 100
exo.idm.cluster.jgroups.udp.oob_thread_pool.queue_max_size
oob_thread_pool.rejection_policy
exo.idm.cluster.jgroups.udp.oob_thread_pool.rejection_policy
Discard
PING
p.85
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
timeout
2000
exo.idm.cluster.jgroups.ping.timeout
num_initial_members
exo.idm.cluster.jgroups.ping.num_initial_members
max_interval
100000
exo.idm.cluster.jgroups.merge2.max_interval
min_interval
20000
exo.idm.cluster.jgroups.merge2.min_interval
timeout
6000
exo.idm.cluster.jgroups.fd.timeout
max_tries
exo.idm.cluster.jgroups.fd.max_tries
1500
exo.idm.cluster.jgroups.verify_suspect.timeout
use_mcast_xmit
true
exo.idm.cluster.jgroups.pbcast.nakack.use_mcast_xmit
retransmit_timeout
300,600,1200,2400,4800
exo.idm.cluster.jgroups.pbcast.nakack.retransmit_timeout
discard_delivered_msgs
true
MERGE2
FD
VERIFY_SUSPECT
timeout
pbcast.NAKACK
exo.idm.cluster.jgroups.pbcast.nakack.discard_delivered_msgs
UNICAST2
timeout
300,600,1200,2400,3600
exo.idm.cluster.jgroups.unicast2.timeout
stable_interval
5000
exo.idm.cluster.jgroups.unicast2.stable_interval
max_bytes
1m
exo.idm.cluster.jgroups.unicast2.max_bytes
stability_delay
1000
exo.idm.cluster.jgroups.pbcast.stable.stability_delay
desired_avg_gossip
50000
exo.idm.cluster.jgroups.pbcast.stable.desired_avg_gossip
max_bytes
400000
exo.idm.cluster.jgroups.pbcast.stable.max_bytes
print_local_addr
true
exo.idm.cluster.jgroups.pbcast.gms.print_local_addr
join_timeout
3000
exo.idm.cluster.jgroups.pbcast.gms.join_timeout
view_bundling
true
exo.idm.cluster.jgroups.pbcast.gms.view_bundling
view_ack_collection_timeout
5000
exo.idm.cluster.jgroups.pbcast.gms.view_ack_collection_timeout
resume_task_timeout
7500
exo.idm.cluster.jgroups.pbcast.gms.resume_task_timeout
max_credits
2000000
exo.idm.cluster.jgroups.ufc.max_credits
ignore_synchronous_response
true
exo.idm.cluster.jgroups.ufc.ignore_synchronous_response
max_credits
2000000
exo.idm.cluster.jgroups.mfc.max_credits
ignore_synchronous_response
true
exo.idm.cluster.jgroups.mfc.ignore_synchronous_response
60000
exo.idm.cluster.jgroups.frag2.frag_size
pbcast.STABLE
pbcast.GMS
UFC
MFC
FRAG2
frag_size
RSVP
p.86
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
timeout
60000
exo.idm.cluster.jgroups.rsvp.timeout
resend_interval
500
exo.idm.cluster.jgroups.rsvp.resend_interval
ack_on_delivery
false
exo.idm.cluster.jgroups.rsvp.ack_on_delivery
JGroups name
Default value
eXo variable
singleton_name
idm-transport-tcp
exo.idm.cluster.jgroups.tcp.singleton_name
bind_addr
127.0.0.1
exo.idm.cluster.jgroups.tcp.bind_addr
bind_port
7900
exo.idm.cluster.jgroups.tcp.bind_port
port_range
30
exo.idm.cluster.jgroups.tcp.port_range
loopback
true
exo.idm.cluster.jgroups.tcp.loopback
recv_buf_size
20m
exo.idm.cluster.jgroups.tcp.recv_buf_size
send_buf_size
640k
exo.idm.cluster.jgroups.tcp.send_buf_size
discard_incompatible_packets
true
exo.idm.cluster.jgroups.tcp.discard_incompatible_packets
max_bundle_size
64000
exo.idm.cluster.jgroups.tcp.max_bundle_size
max_bundle_timeout
30
exo.idm.cluster.jgroups.tcp.max_bundle_timeout
enable_bundling
true
exo.idm.cluster.jgroups.tcp.enable_bundling
use_send_queues
true
exo.idm.cluster.jgroups.tcp.use_send_queues
enable_diagnostics
false
exo.idm.cluster.jgroups.tcp.enable_diagnostics
bundler_type
old
exo.idm.cluster.jgroups.tcp.bundler_type
thread_naming_pattern
pl
exo.idm.cluster.jgroups.tcp.thread_naming_pattern
thread_pool.enabled
true
exo.idm.cluster.jgroups.tcp.thread_pool.enabled
thread_pool.min_threads
exo.idm.cluster.jgroups.tcp.thread_pool.min_threads
thread_pool.max_threads
30
exo.idm.cluster.jgroups.tcp.thread_pool.max_threads
thread_pool.keep_alive_time
60000
exo.idm.cluster.jgroups.tcp.thread_pool.keep_alive_time
thread_pool.queue_enabled
true
exo.idm.cluster.jgroups.tcp.thread_pool.queue_enabled
thread_pool.queue_max_size
100
exo.idm.cluster.jgroups.tcp.thread_pool.queue_max_size
thread_pool.rejection_policy
Discard
exo.idm.cluster.jgroups.tcp.thread_pool.rejection_policy
oob_thread_pool.enabled
true
exo.idm.cluster.jgroups.tcp.oob_thread_pool.enabled
oob_thread_pool.min_threads
exo.idm.cluster.jgroups.tcp.oob_thread_pool.min_threads
oob_thread_pool.max_threads
30
exo.idm.cluster.jgroups.tcp.oob_thread_pool.max_threads
oob_thread_pool.keep_alive_time
60000
exo.idm.cluster.jgroups.tcp.oob_thread_pool.keep_alive_time
oob_thread_pool.queue_enabled
false
exo.idm.cluster.jgroups.tcp.oob_thread_pool.queue_enabled
TCP
oob_thread_pool.queue_max_size 100
exo.idm.cluster.jgroups.tcp.oob_thread_pool.queue_max_size
oob_thread_pool.rejection_policy
exo.idm.cluster.jgroups.tcp.oob_thread_pool.rejection_policy
Discard
p.87
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
timeout
3000
exo.idm.cluster.jgroups.tcpping.timeout
initial_hosts
localhost[7900]
exo.idm.cluster.jgroups.tcpping.initial_hosts
port_range
exo.idm.cluster.jgroups.tcpping.port_range
num_initial_members
exo.idm.cluster.jgroups.tcpping.num_initial_members
ergonomics
false
exo.idm.cluster.jgroups.tcpping.ergonomics
max_interval
30000
exo.idm.cluster.jgroups.merge2.max_interval
min_interval
10000
exo.idm.cluster.jgroups.merge2.min_interval
timeout
3000
exo.idm.cluster.jgroups.fd.timeout
max_tries
exo.idm.cluster.jgroups.fd.max_tries
1500
exo.idm.cluster.jgroups.verify_suspect.timeout
use_mcast_xmit
false
exo.idm.cluster.jgroups.pbcast.nakack.use_mcast_xmit
retransmit_timeout
300,600,1200,2400,4800
exo.idm.cluster.jgroups.pbcast.nakack.retransmit_timeout
discard_delivered_msgs
false
exo.idm.cluster.jgroups.pbcast.nakack.discard_delivered_msgs
timeout
300,600,1200
exo.idm.cluster.jgroups.unicast2.timeout
stable_interval
5000
exo.idm.cluster.jgroups.unicast2.stable_interval
max_bytes
1m
exo.idm.cluster.jgroups.unicast2.max_bytes
stability_delay
500
exo.idm.cluster.jgroups.pbcast.stable.stability_delay
desired_avg_gossip
5000
exo.idm.cluster.jgroups.pbcast.stable.desired_avg_gossip
max_bytes
1m
exo.idm.cluster.jgroups.pbcast.stable.max_bytes
print_local_addr
true
exo.idm.cluster.jgroups.pbcast.gms.print_local_addr
join_timeout
3000
exo.idm.cluster.jgroups.pbcast.gms.join_timeout
view_bundling
true
exo.idm.cluster.jgroups.pbcast.gms.view_bundling
max_credits
200k
exo.idm.cluster.jgroups.ufc.max_credits
min_threshold
0.20
exo.idm.cluster.jgroups.ufc.min_threshold
max_credits
200k
exo.idm.cluster.jgroups.mfc.max_credits
min_threshold
0.20
exo.idm.cluster.jgroups.mfc.min_threshold
TCPPING
MERGE2
FD
VERIFY_SUSPECT
timeout
pbcast.NAKACK
UNICAST2
pbcast.STABLE
pbcast.GMS
UFC
MFC
FRAG2
p.88
Clustering
Chapter 7. Clustering
JGroups name
Default value
eXo variable
frag_size
60000
exo.idm.cluster.jgroups.frag2.frag_size
timeout
60000
exo.idm.cluster.jgroups.rsvp.timeout
resend_interval
500
exo.idm.cluster.jgroups.rsvp.resend_interval
ack_on_delivery
false
exo.idm.cluster.jgroups.rsvp.ack_on_delivery
RSVP
2.
exo.jcr.cluster.jgroups.config=${exo.conf.dir}/jgroups/jgroups-jcr.xml
exo.jcr.cluster.jgroups.config-url=file:${exo.jcr.cluster.jgroups.config}
exo.idm.cluster.jgroups.config=${exo.conf.dir}/jgroups/jgroups-idm.xml
exo.jcr.cluster.jgroups.config=/path/to/your/jgroups-jcr-file
exo.jcr.cluster.jgroups.config-url=file:/path/to/your/jgroups-jcr-file
exo.idm.cluster.jgroups.config=/path/to/your/jgroups-idm-file
quartz.properties and scripts are now provided in the package. Quartz datasource is defaulted.
This section helps you migrate your configuration once you upgrade from 4.0 to 4.1.
Quartz migration
p.89
Clustering
Chapter 7. Clustering
Setting up mod_jk
Quartz version is now 2.1.7, so it is recommended you re-create tables to avoid any possible incompatibility. The
scripts are packaged in standalone/configuration/gatein/quartz/dbTables.
New variable
JGroups name
jgroups.tcp.start_port
exo.jcr.cluster.jgroups.tcp.start_port
TCP start_port
jgroups.tcpping.initial_hosts
exo.jcr.cluster.jgroups.tcpping.initial_hosts
TCPPING
initial_hosts
jgroups.tcpping.num_initial_members
exo.jcr.cluster.jgroups.tcpping.num_initial_members
TCPPING
num_initial_members
jgroups.udp.mcast_addr
exo.jcr.cluster.jgroups.udp.mcast_addr
UDP mcast_addr
jgroups.udp.mcast_port
exo.jcr.cluster.jgroups.udp.mcast_port
UDP mcast_port
jgroups.udp.ip_ttl
exo.jcr.cluster.jgroups.udp.ip_ttl
UDP ip_ttl
2.
On Fedora, the package containing Apache HTTP Server is named httpd. You will probably need to build and
install mod_jk from sources. In this case, the httpd-devel package might be useful. Verify that the mod_jk.so
file is existing in /etc/httpd/modules.
If you use Fedora and recent version of Apache (2.2+), put the mod-jk.conf file into /etc/httpd/conf.d.
Do not forget to load the module by appending the following line to /etc/httpd/conf/httpd.conf:
p.90
Clustering
Chapter 7. Clustering
Setting up mod_jk
...
JkWorkersFile workers.properties
# Where to put jk logs
JkLogFile /var/log/apache2/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel debug
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
# JkOptions indicates to send SSK KEY SIZE
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat
#JkRequestLogFormat "%w %V %T"
JkMountFile uriworkermap.properties
# Add shared memory.
# This directive is present with 1.2.10 and
# later versions of mod_jk, and is needed for
# for load balancing to work properly
JkShmFile /var/log/apache2/jk.shm
# Add jkstatus for managing runtime data
<Location /jkstatus/>
JkMount status
</Location>
...
3.
In Ubuntu, typically during installation of libapache2-mod-jk, the mod_jk is enabled automatically, by creating
jk.load and jk.conf under /etc/apache2/mods-available, as well as their symlinks under /etc/
apache2/mods-enabled. You need to edit /etc/apache2/mods-available/jk.conf with the content
above.
Set up workers in /etc/httpd/ (or /etc/apache2/ for Ubuntu) and create workers.properties file. In this
step, use the node names which are assigned to -Djboss.node.name. The workers.properties file looks like
this:
p.91
Clustering
Chapter 7. Clustering
Setting up mod_jk
#worker.list=loadbalancer
worker.status.type=status
/portal=loadbalancer
/portal/*=loadbalancer
/eXo*=loadbalancer
/eXoResources*/*=loadbalancer
/exo*=loadbalancer
/exo*/*=loadbalancer
/web=loadbalancer
/web/*=loadbalancer
/integration=loadbalancer
/integration/*=loadbalancer
/dashboard=loadbalancer
/dashboard/*=loadbalancer
/rest=loadbalancer
/rest/*=loadbalancer
/jpp_branding_skin|/*=loadbalancer
/jpp-branding-skin|/*=loadbalancer
/jpp-branding-extension|/*=loadbalancer
/status=status
/status/*=status
Note
In Platform JBoss, you need to configure an AJP connector, as described below.
You need to modify the $PLATFORM_JBOSS_HOME/standalone/configuration/standalone-exocluster.xml file. Find the subsystem urn:jboss:domain:web:1.5 section and add the connector:
Troubleshooting
You have configured everything properly, but are still unable to access the portal via Apache. When accessing eXo
Platform via Apache, you get the "503 Service Temporarily Unavailable" response. The cluster itself is working and
you can access individual eXo Platform nodes directly. According to mod_jk.log, mod_jk is working, but Tomcat is
reported as likely not to be running on the specified port.
Possible cause:
If you are using Fedora, SELinux might be stopping https from accessing something important, e.g. jk.shm. Check
SELinux alerts to see if that is the case.
Solution:
Ideally, you would create a policy to deal with this. A quick workaround is to temporarily disable SELinux to allow
Apache to initialize the mod_jk connector properly. You can do this using the following command:
setenforce 0
p.92
Clustering
Chapter 7. Clustering
FAQs of clustering
Q2.
1.
Update the configuration to the cluster mode as explained above on your main server.
2.
3.
Move the index and value storage to the shared file system.
4.
Why is startup failed with the "Port value out of range" error?
On Linux, your startup is failed if you encounter the following error:
This problem happens under specific circumstances when the JGroups networking library behind the clustering
attempts to detect the IP to communicate with other nodes.
You need to verify:
Q3.
The host name is a valid IP address, served by one of the network devices, such as eth0, and eth1.
Be aware that clustering on Linux only works with IPv4. Therefore, when using a cluster under Linux, add the
following property to the JVM parameters:
-Djava.net.preferIPv4Stack=true
See also
p.93
Clustering
It can be plugged to an already populated LDAP directory, in read-only or read-write mode. The LDAP directory can
contain users and groups, or only users.
Structure of users and groups in the LDAP directory can be finely customized.
Users and groups can be managed via eXo Platform, or directly in the LDAP directory.
Many LDAP implementations are supported (RedHat Directory Server, Microsoft Active Directory, OpenDS,
OpenLDAP).
The Quick start section simplifies the configuration by assuming that you will use an empty LDAP directory. Once you
complete this Quick start, you can easily modify the configuration for other use cases.
The Configuration review section explains configurations done in Quick start. This is a preparation that you should
not bypass before getting further.
In reality, the use cases may be very different from one to one. To make easy for readers, this tutorial is divided into four
generic cases:
p.94
LDAP Integration
Quick start
Note
The term "LDAP users" represents users who are created in LDAP by LDAP utilities. The term "Platform users"
represents users who are created via eXo Platform UI. The understanding is similar to "LDAP groups" and
"Platform groups".
The PicketLink IDM framework does not distinguish between LDAP-to-Platform and Platform-to-LDAP
mapping, so the configuration is basically the same, but the effect of some parameters can be different. For
example, the createEntryAttributeValues parameter has no effect on the LDAP-to-Platform mapping,
thus is explained only in the Platform-to-LDAP mapping.
It should be easy to integrate eXo Platform with an LDAP directory if the directory is well-organized and traditional. For
complicated cases, you can raise your question and resolution in eXo Community Forum. Your contribution also helps
enrich the FAQ section of this document.
If you want to know more about PicketLink IDM configuration, read PicketLink IDM Reference Guide.
dn: dc=example,dc=com
objectClass: top
objectClass: domain
dc: example
1.
Create your custom extension project (as described in Creating your extension project), then include the following
files and folders into custom-extension.war!/WEB-INF/conf:
conf/
|__ configuration.xml
|__ organization
|__ idm-configuration.xml
|__ picketlink-idm-ldap-config.xml
You do not need to conform the structure strictly. This only aims at making your extension project easy to control.
You are free to name the files, except configuration.xml.
2.
3.
p.95
LDAP Integration
Quick start
<value>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</value>
<value>war:/conf/organization/picketlink-idm-ldap-config.xml</value>
4.
Copy content from one of picketlink sample files to the picketlink-idm-ldap-config.xml of your extension
project.
The sample files are in portal.war!/WEB-INF/conf/organization/picketlink-idm/examples. Choose
either of the following files:
5.
6.
Otherwise, picketlink-idm-ldap-config.xml.
Modify the picketlink-idm-ldap-config.xml file according to your LDAP setup. You often need to change
the following parameters:
providerURL
adminDN
adminPassword
Do the following sub-steps which are specified for Microsoft Active Directory (MSAD) only:
i. Prepare a truststore file containing the valid certificate for MSAD. It can be generated by the Linux command:
<name>customSystemProperties</name>
<value>javax.net.ssl.trustStore=/path/to/msad.truststore</value>
<value>javax.net.ssl.trustStorePassword=password</value>
7.
groupTypeMappings
<entry>
<key><string>/platform/*</string></key>
<value><string>platform_type</string></value>
</entry>
<entry>
<key><string>/organization/*</string></key>
<value><string>organization_type</string></value>
p.96
LDAP Integration
Quick start
</entry>
ignoreMappedMembershipTypeGroupList
<value>
<string>/platform/*</string>
</value>
<value>
<string>/organization/*</string>
</value>
This step enables mapping Platform groups (platform and organization - that are predefined groups) to LDAP. If you
bypass this step, only user mapping is performed.
8.
Deploy your extension (See Creating your extension project for how-to). Make sure the LDAP server is running, and
start eXo Platform.
Testing
Platform users (like the predefined root) and groups (sub-groups of /platform and /organization) should be added to the
LDAP tree. For example, if the suffix is dc=example,dc=com and the directory is OpenLDAP, the root user entry will
look like:
# example.com
dn: dc=example,dc=com
# gatein, example.com
dn: o=gatein,dc=example,dc=com
# portal, gatein, example.com
dn: o=portal,o=gatein,dc=example,dc=com
# Platform, portal, gatein, example.com
dn: ou=Platform,o=portal,o=gatein,dc=example,dc=com
# Organization, portal, gatein, example.com
dn: ou=Organization,o=portal,o=gatein,dc=example,dc=com
# People, portal, gatein, example.com
p.97
LDAP Integration
Configuration review
dn: ou=People,o=portal,o=gatein,dc=example,dc=com
# administrators, Platform, portal, gatein, example.com
dn: cn=administrators,ou=Platform,o=portal,o=gatein,dc=example,dc=com
# users, Platform, portal, gatein, example.com
dn: cn=users,ou=Platform,o=portal,o=gatein,dc=example,dc=com
# guests, Platform, portal, gatein, example.com
dn: cn=guests,ou=Platform,o=portal,o=gatein,dc=example,dc=com
# web-contributors, Platform, portal, gatein, example.com
dn: cn=web-contributors,ou=Platform,o=portal,o=gatein,dc=example,dc=com
# management, Organization, portal, gatein, example.com
dn: cn=management,ou=Organization,o=portal,o=gatein,dc=example,dc=com
# executive-board, Organization, portal, gatein, example.com
dn: cn=executive-board,ou=Organization,o=portal,o=gatein,dc=example,dc=com
# employees, Organization, portal, gatein, example.com
dn: cn=employees,ou=Organization,o=portal,o=gatein,dc=example,dc=com
# root, People, portal, gatein, example.com
dn: uid=root,ou=People,o=portal,o=gatein,dc=example,dc=com
A pair of key and type tags that looks like the following:
<component>
<key>the_FQN_of_the_service_interface</key>
<type>the_FQN_of_the_service_implementation</type>
<external-component-plugins>
<target-component>the_FQN_of_the_service_implementation</target-component>
You mostly need to re-configure the two services below without changing the default configuration of others:
org.exoplatform.services.organization.idm.PicketLinkIDMServiceImpl
org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl
PicketLinkIDMServiceImpl service
The only one parameter you need to re-configure for this service:
<component>
<key>org.exoplatform.services.organization.idm.PicketLinkIDMService</key>
<type>org.exoplatform.services.organization.idm.PicketLinkIDMServiceImpl</type>
p.98
LDAP Integration
Configuration review
<init-params>
<value-param>
<name>config</name>
<value>war:/conf/organization/picketlink-idm-openldap-acme-config.xml</value>
...
It points to the PicketLink IDM configuration file (picketlink-idm-ldap-config.xml in the Quick start section).
PicketLinkIDMOrganizationServiceImpl service
In Quick start, you re-configure this service to enable the group mapping. The configuration matches a Platform group
(like /platform) with a PicketLink IDM identity object type. The object type then must be configured in the PicketLink IDM
configuration file. In Quick start, you do not care about such configuration because you use the pre-configured types
(platform_type and organization_type):
<field name="groupTypeMappings">
<map type="java.util.HashMap">
...
<entry>
<key><string>/platform/*</string></key>
<value><string>platform_type</string></key>
</entry>
<entry>
<key><string>/organization/*</string></key>
<value><string>organization_type</string></key>
</entry>
...
</map>
</field>
<realms>...</realms>
<repositories>
<repository><id>PortalRepository</id></repository>
<repository><id>DefaultPortalRepository</id></repository>
</repositories>
<stores>
<identity-stores>
<identity-store><id>HibernateStore</id></identity-store>
<identity-store><id>PortalLDAPStore</id></identity-store>
</identity-stores>
</stores>
Repository: Where your store and identity object type is used, by Id reference.
Store: The center part of this guideline, where you configure the LDAP connection, identity object types and all the
attributes mapping.
With the aim of making this guideline easy to understand, DefaultPortalRepository and HibernateStore that should not
be re-configured will be excluded, and the id references will be added. Also, organization_type is eliminated because
of its similarity to platform_type. The structure is re-drawn as follows:
<repositories>
<repository>
<id>PortalRepository</id>
p.99
LDAP Integration
Configuration review
<identity-store-mappings>
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
<identity-object-types>
<identity-object-type>USER</identity-object-type>
<identity-object-type>platform_type</identity-object-type>
</identity-object-types>
</identity-store-mapping>
</identity-store-mappings>
</repository>
</repositories>
<stores>
<identity-stores>
<identity-store>
<id>PortalLDAPStore</id>
<supported-identity-object-types>
<identity-object-type>
<name>USER</name>
<!-- attributes & options -->
</identity-object-type>
<identity-object-type>
<name>platform_type</name>
<!-- attributes & options -->
</identity-object-type>
</supported-identity-object-types>
</identity-store>
</identity-stores>
</stores>
LDAP connection
The LDAP connection (URL and credentials) is Store configuration. It is provided in the PortalLDAPStore:
<identity-store>
<id>PortalLDAPStore</id>
...
<options>
<option>
<name>providerURL</name>
<value>ldap://localhost:389</value>
</option>
<option>
<name>adminDN</name>
<value>cn=admin,dc=example,dc=com</value>
</option>
<option>
<name>adminPassword</name>
<value>gtn</value>
</option>
...
</options>
Read-only mode
The Read-only mode is Repository configuration. It is an option of the repository that prevents eXo Platform from writing
to the LDAP directory. In the Quick start, this option is omitted so the mode is read-write. To enable the read-only mode,
set the option to true:
<repository>
<id>PortalRepository</id>
<identity-store-mappings>
<identity-store-mapping>
p.100
LDAP Integration
<identity-store-id>PortalLDAPStore</identity-store-id>
<options>
<option>
<name>readOnly</name>
<value>true</value>
</option>
</options>
</identity-store-mapping>
Therefore, PicketLink IDM uses a placeholder entry as a fake member in the creation of a groupOfNames. The
placeholder DN should be configured as an option of any group type:
<identity-object-type>
<name>platform_type</name>
<options>
<option>
<name>parentMembershipAttributePlaceholder</name>
<value>ou=placeholder,o=portal,o=gatein,dc=example,dc=com</value>
</option>
Let's see how far the pre-configured identity object type "USER" can solve this case:
User attributes
There are 3 attributes that should always be mapped (because they are mandatory in eXo Platform):
p.101
LDAP Integration
Platform
OpenLDAP
MSAD
firstName
cn
givenName
lastName
sn
sn
See the full list of Platform user attributes. For example, if you want to map Platform attribute user.jobtitle to LDAP
attribute title, the configuration looks like below:
<attributes>
<attribute>
<name>user.jobtitle</name>
<mapping>title</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
<isUnique>false</isUnique>
</attribute>
</attributes>
The user identifier in eXo Platform is username, and needs to be mapped definitively. Therefore, do not include it in
the attributes mapping. Instead, configure the LDAP attribute that should match it (uid in the following example):
<options>
<option>
<name>idAttributeName</name>
<value>uid</value>
</option>
</options>
You need to provide the location (DNs) where your LDAP users are located, in the ctxDNs (context DNs) option.
Notice it accepts multiple values:
<option>
<name>ctxDNs</name>
<value>ou=People,o=acme,dc=example,dc=com</value>
<value>ou=People,o=emca,dc=example,dc=com</value>
</option>
Generally, the pre-configured type USER should work with easy modification, for many divisions of users. The only
condition is all the divisions can share the same mapping.
To be clear, if o=acme users want their telephoneNumber to be mapped to their Platform profile, while o=emca do
not, the case seems not to be supported. If it becomes a reality to you, the best way is to raise your question in eXo
Community Forum.
Note
When LDAP users and groups are mapped into eXo Platform, their data (for example, user profile, personal
document, calendar) need to be created as if they were eXo Platform users and groups. See how to do that in
Synchronization.
p.102
LDAP Integration
<repository>
<id>PortalRepository</id>
<identity-store-mappings>
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
<options>
<option>
<name>readOnly</name>
<value>true</value>
</option>
</options>
</identity-store-mapping>
Now let's see how you can change the pre-configured identity type USER in a real case.
User attributes
Platform
OpenLDAP
MSAD
firstName
cn
givenName
lastName
sn
sn
See the full list of Platform user attributes. For example, if you want to map Platform attribute user.jobtitle to LDAP
attribute title, the configuration looks like below:
<attributes>
<attribute>
<name>user.jobtitle</name>
<mapping>title</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
<isUnique>false</isUnique>
</attribute>
</attributes>
The user identifier in Platform is username, and needs to be mapped definitively. Therefore, do not include it in the
attributes mapping. Instead, define the LDAP attribute that should match it (uid in the following example):
<options>
<option>
<name>idAttributeName</name>
<value>uid</value>
</option>
</options>
p.103
LDAP Integration
<option>
<name>ctxDNs</name>
<value>ou=PlatformUsers,dc=example,dc=com</value>
<value>ou=People,o=acme,dc=example,dc=com</value>
<value>ou=People,o=emca,dc=example,dc=com</value>
</option>
createEntryAttributeValues
Required by LDAP, a user entry should have fixed objectClasses and attributes that could not be mapped from Platform
user attributes. You can provide such objectClasses/attributes in createEntryAttributeValues like below:
<options>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=inetOrgPerson</value>
<value>sn= </value>
<value>cn= </value>
</option>
</options>
Note
The samples of this option are different between OpenLDAP/MSAD and others, so you need to review it in the
sample configuration file you are using.
dn: cn=admins,ou=Roles,o=acme,dc=example,dc=com
dn: cn=employees,ou=Roles,o=acme,dc=example,dc=com
dn: cn=admins,ou=Roles,o=acme,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: admins
member: uid=admin,ou=People,o=acme,dc=example,dc=com
p.104
LDAP Integration
Once the group mapping is done, there should be a group like /acme/roles/admin in eXo Platform. The group name is
like a translation of the dn, with the suffix (dc=example,dc=com) is eliminated. The admin user should be a member of
this group.
From the concepts, there are two things about group mapping:
The parent group (that is, /acme/roles) must be created (in eXo Platform) manually.
In this tutorial, you will write your own group mapping configuration but you should refer to sample files (in
portal.war!/WEB-INF/conf/organization/picketlink-idm/examples - see the files which have "acme" in
name).
Notice the configuration involves 2 files: idm-configuration.xml and picketlink-idm-ldap-config.xml.
1.
In the idm-configuration.xml file, the Platform parent group needs to be matched with your group type
and be declared in ignoreMappedMembershipTypeGroupList field:
<component>
<key>org.exoplatform.services.organization.OrganizationService</key>
<type>org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl</type>
...
<field name="groupTypeMappings">
<map type="java.util.HashMap">
..
<entry>
<key><string>/acme/roles/*</string></key>
<value><string>acme_roles_type</string></value>
</entry>
</map>
</field>
...
<field name="ignoreMappedMembershipTypeGroupList">
<collection type="java.util.ArrayList" item-type="java.lang.String">
<value><string>/acme/roles/*</string></value>
...
</collection>
</field>
...
</component>
As explained above, a default membership type needs to be configured. Some values you can use are member,
manager, editor (those are pre-defined types in eXo Platform but can be re-configured or changed via UI).
<field name="associationMembershipType">
<string>member</string>
</field>
<identity-store>
<id>PortalLDAPStore</id>
...
<supported-identity-object-types>
p.105
LDAP Integration
<identity-object-type>
<name>acme_roles_type</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>USER</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>acme_roles_type</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
<attributes>
</attributes>
<options>
</options>
</identity-object-type>
</supported-identity-object-types>
</identity-store>
<repository>
<id>PortalRepository</id>
...
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
<identity-object-types>
...
<identity-object-type>acme_roles_type</identity-object-type>
...
</identity-object-types>
</identity-store-mapping>
...
</repository>
2.
<identity-object-type>
<name>acme_roles_type</name>
...
<attributes>
<attribute>
<name>label</name>
<mapping>cn</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>true</isReadOnly>
</attribute>
<attribute>
<name>description</name>
<mapping>description</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
p.106
LDAP Integration
</attribute>
</attributes>
</identity-object-type>
3.
Add options.
You need to configure the LDAP attribute that matches to group "id" (groupName in Platform). Traditionally, it is
cn:
<option>
<name>idAttributeName</name>
<value>cn</value>
</option>
The ctxDNs (context DNs) accepts multiple values and is the list of the base DNs under which the groups can
be found.
<option>
<name>ctxDNs</name>
<value>ou=Roles,o=acme,dc=example,dc=com</value>
</option>
By default, all the groups under the base will be searched and mapped. You are able to add filter, for example to
exclude the "theduke" group:
<option>
<name>entrySearchFilter</name>
<value>(!(cn=theduke))</value>
</option>
In OpenLDAP or MSAD default schemas, the member attribute is used to list the dn of the members. However,
your schema may use another attribute, so it should be configurable (if this option is absent, the group will be
mapped without members):
<option>
<name>parentMembershipAttributeName</name>
<value>member</value>
</option>
<option>
<name>isParentMembershipAttributeDN</name>
<value>true</value>
</option>
As explained above, the parent group ("/acme/roles" in this example) needs to be created manually. You can create it
after deploying your custom extension and start the server.
Note
When the LDAP users and groups are mapped into eXo Platform, their data (for example, user profile,
personal document, calendar) need to be created as if they were Platform users and groups. See
Synchronization for how-to.
p.107
LDAP Integration
dn: cn=administrators,ou=Platform,o=portal,o=gatein,dc=example,dc=com
dn: cn=users,ou=Platform,o=portal,o=gatein,dc=example,dc=com
dn: cn=guests,ou=Platform,o=portal,o=gatein,dc=example,dc=com
dn: cn=web-contributors,ou=Platform,o=portal,o=gatein,dc=example,dc=com
The mapping is done for the child groups, not for the configured group itself.
As a result, if you want /platform to be created as a group entry in LDAP, you need to configure the root group (/).
Thus, the /organization (child of root) will be mapped too. There is no filter for this mapping.
The wildcard (*) indicates that children at all levels will be mapped. Without it, only the children at level one are
mapped.
The hierarchical groups are turned into flat in group mapping. To be clear, if the /platform/users group has a child
like /platform/users/intranet, the parent-child relationship is lost in translation into LDAP (although cn=intranet
might be listed as member in cn=users):
dn: cn=users,o=platform,o=acme,dc=my-domain,dc=com
dn: cn=intranet,o=platform,o=acme,dc=my-domain,dc=com
Because of the difference between Organization Models, there is no way to store membership and membership
type in LDAP exactly like the presentation of concepts in eXo Platform. See details later in the explanation of
associationMembershipType option.
In this tutorial, you will write your own group type mapping, however it uses the mapping between /platform/* and
platform_type as example so the configuration sample is the same to the Quick start.
Besides, the configuration is common for LDAP-to-Platform and Platform-to-LDAP mapping (PicketLink IDM framework
does not distinguish between them), but the effect of some parameters is different, so you need to read carefully even if
you already read the LDAP-to-Platform mapping. For example, the createEntryAttributeValues parameter has no
effect on the LDAP-to-Platform mapping.
1.
In idm-configuration.xml, the Platform parent group needs to be matched with your group type and be
declared in the ignoreMappedMembershipTypeGroupList field:
<component>
<key>org.exoplatform.services.organization.OrganizationService</key>
<type>org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl</type>
...
<field name="groupTypeMappings">
p.108
LDAP Integration
<map type="java.util.HashMap">
..
<entry>
<key><string>/platform/*</string></key>
<value><string>platform_type</string></value>
</entry>
</map>
</field>
...
<field name="ignoreMappedMembershipTypeGroupList">
<collection type="java.util.ArrayList" item-type="java.lang.String">
<value><string>/platform/*</string></value>
...
</collection>
</field>
...
</component>
<field name="associationMembershipType">
<string>member</string>
</field>
In the Platform-to-LDAP mapping, it indicates which membership type can be stored in LDAP, or more exactly,
which membership creation can trigger writing an "member" attribute in LDAP.
For example, in eXo Platform, you add the root user to the /platform/users group with the membership
type as manager. This membership (manager:/platform/users) is not stored in LDAP. Next you continue
to add root to /platform/users, but with membership type as member. The type is configured for
associationMembershipType, so this time an attribute is added to the group entry like this:
dn: cn=users,o=platform,o=acme,dc=my-domain,dc=com
...
member: uid=root,ou=People,o=acme,dc=my-domain,dc=com
As said before, this attribute marks that root belongs to the group, but does not tell which membership type
he has. The attribute name here is "member" because the parentMembershipAttributeName option is set to
member that is not corresponding to associationMembershipType.
Some values you can configure for associationMembershipType are *, member, manager, author, editor.
Those membership types are predefined in the eXo Platform configuration but can be re-configured or changed
via UI, so you need to check them again. Note that the asterisk (*) is treated like other types.
<identity-store>
<id>PortalLDAPStore</id>
...
<supported-identity-object-types>
<identity-object-type>
<name>platform_type</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>USER</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
p.109
LDAP Integration
<identity-object-type-ref>platform_type</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
<attributes>
</attributes>
<options>
</options>
</identity-object-type>
</supported-identity-object-types>
</identity-store>
<repository>
<id>PortalRepository</id>
...
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
<identity-object-types>
...
<identity-object-type>platform_type</identity-object-type>
...
</identity-object-types>
</identity-store-mapping>
...
</repository>
2.
<identity-object-type>
<name>platform_type</name>
...
<attributes>
<attribute>
<name>label</name>
<mapping>cn</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>true</isReadOnly>
</attribute>
<attribute>
<name>description</name>
<mapping>description</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
</attributes>
</identity-object-type>
3.
Add options.
You need to configure the LDAP attribute that matches to group id (groupName in eXo Platform). Traditionally, it
is cn:
p.110
LDAP Integration
<option>
<name>idAttributeName</name>
<value>cn</value>
</option>
The ctxDNs (context DNs) indicates the parent entry under which the groups are created. If the parent entry
does not exist, it will be created automatically. Although the option accepts multiple values, only the first value
is used in the Platform-to-LDAP mapping.
<option>
<name>ctxDNs</name>
<value>o=platform,o=acme,dc=example,dc=com</value>
</option>
In OpenLDAP or MSAD default schemas, the "member" attribute is used to list the dn of the members. However,
your schema may use another attribute, so it should be configurable:
<option>
<name>parentMembershipAttributeName</name>
<value>member</value>
</option>
Required by LDAP, a group entry should have fixed objectClasses and attributes that could not be
mapped from the eXo Platform group attributes. You can provide such objectClasses/attributes in
createEntryAttributeValues like below:
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=groupOfNames</value>
</option>
The samples of this option are different between OpenLDAP/MSAD and others, so you need to review it in the
sample configuration file you are using.
Particularly in OpenLDAP, the member is a MUST attribute to groupOfNames, so a placeholder is used (to be
added as a member) to satisfy the rule:
<option>
<name>parentMembershipAttributePlaceholder</name>
<value>ou=placeholder,o=platform,o=acme,dc=my-domain,dc=com</value>
</option>
...
<option>
<name>createEntryAttributeValues</name>
...
<value>member=ou=placeholder,o=platform,o=acme,dc=my-domain,dc=com</value>
</option>
p.111
LDAP Integration
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
In combination with ctxDNs, this option forms an LDAP query. It is equivalent to the scope parameter of the ldapsearch
command (-s in OpenLDAP).
Values: subtree, object.
If the option is omitted, the search will return the children at level 1 of the ctxDNs - equivalent to -s one.
Use subtree to search in the entire tree under ctxDNs. It is useful saving you from having to provide all the possible
ctxDNs in configuration.
The object value is equivalent to -s base that examines only the ctxDNs itself. If the ctxDNs entry does not match
the filter, the search result is zero.
Example 8.1.
# o=acme,dc=example,dc=com
# uid=user1,o=acme,dc=example,dc=com
# ou=People,o=acme,dc=example,dc=com
# uid=user2,ou=People,o=acme,dc=example,dc=com
Assume you are mapping the LDAP users in the tree above, using the ctxDNs o=acme,dc=example,dc=com,
then:
Description
username (*)
firstName (*)
first name
lastName (*)
last name
displayName
display name
email (*)
user.name.given
given name
user.name.family
family name
user.name.nickName
nick name
user.bdate
birth day
user.gender
"Male/Female"
user.employer
employer
user.department
department
p.112
LDAP Integration
Name
Description
user.jobtitle
job title
user.language
language
user.home-info.postal.name
personal address
user.home-info.postal.street
personal address
user.home-info.postal.city
personal address
user.home-info.postal.stateprov
personal address
user.home-info.postal.postalcode
user.home-info.postal.country
user.home-info.telecom.mobile.number
user.home-info.telecom.telephone.number
user.home-info.online.email
personal email
user.home-info.online.uri
personal page
user.business-info.postal.name
office address
user.business-info.postal.city
office address
user.business-info.postal.stateprov
office address
user.business-info.postal.postalcode
user.business-info.postal.country
user.business-info.telecom.mobile.number
user.business-info.telecom.telephone.number
user.business-info.online.email
business email
user.business-info.online.uri
business page
Organization information can be saved in Database and LDAP Directory. Database is mandatory because the
LDAP directory natively does not fit for everything. Therefore, all information is written to Database in the readonly mode, whereas a part of information is written to Directory in the read-write mode, and the rest is written
to Database.
Then, in the read-write mode, which information is stored in Directory? Let's see the mapping between email
(Platform user attribute) and mail (LDAP attribute):
<identity-object-type>
<name>USER</name>
<attributes>
<attribute>
<name>email</name>
<mapping>mail</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
p.113
LDAP Integration
<isUnique>true</isUnique>
</attribute>
</attributes>
<identity-object-type>
With this configuration, the user email will be saved into LDAP. In particular, it is first mapped, then is mapped
with isReadOnly=false.
Choosing the read-only mode means you will not manage LDAP identities via eXo Platform. For example, a
user password update should not be performed via Platform Web UI, if the user is an LDAP user. If an identity
is created via Platform Web UI, it does not become an LDAP entry.
In the read-write mode, if a user is registered via Platform Web UI, the username and password are saved into
Directory. Where other user information is saved depends on the attributes mapping.
<repository>
<id>PortalRepository</id>
...
<identity-store-mappings>
...
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
...
<options>
<option>
<name>readOnly</name>
<value>true</value>
</option>
</options>
</identity-store-mapping>
</identity-store-mappings>
</repository>
This option is true in the read-only mode, and false or empty in the read-write mode.
Q2.
dn: dc=example,dc=com
objectClass: top
objectClass: domain
dc: example
Q3.
p.114
LDAP Integration
Synchronization
This approach is recommended because the service is a good solution for synchronization between LDAP and
eXo Platform. The synchronization is automatic, scheduled, and can be operated by the JMX or REST service.
Follow Synchronization to activate the service and synchronize eXo Platform with your directory.
Q4.
<option>
<name>entrySearchScope</name>
<value>subtree</value>
</option>
8.2. Synchronization
When you have integrated eXo Platform with a populated directory, or you manage users and groups via LDAP utilities,
use OrganizationIntegrationService that takes care the LDAP users and groups as if they were original Platform
users and groups.
To be clear, when a user is registered via Platform UI, a user creation event is known and handled by the user listener.
This listener makes sure that the necessary data, like a folder for personal documents, will be created. In case an
LDAP user is mapped into Platform, the event is not known by the listener so the folder will be missing until you run the
OrganizationIntegrationService that invokes the user listener to check and create necessary data.
Note
During the synchronization, LDAP users are granted the member:/platform/users membership so that they can
access the Intranet page.
The FQN of the service is
org.exoplatform.platform.organization.integration.OrganizationIntegrationService.
Generally, once you configure it, the service runs automatically. It runs when the server starts and when a user/group/
membership is created or deleted.
The service is also exposed via REST and JMX, so you can call its operations, like syncUser or syncGroup, anytime
you want.
To be more flexible, eXo Platform provides the two other services:
org.exoplatform.platform.organization.integration.FirstLoginListener
This service can be configured to run at the first login of a user. It always calls the syncUser method of the
OrganizationIntegrationService.
org.exoplatform.platform.organization.integration.OrganizationIntegrationJob
This service can be configured to run as a scheduled job. It always calls the syncAll method of the
OrganizationIntegrationService.
p.115
LDAP Integration
1.
Create the WEB-INF/conf/organization/sync.xml file in your custom extension project, with the following
content:
<configuration>
<component>
<type>org.exoplatform.platform.organization.integration.OrganizationIntegrationService</type>
<init-params>
<value-param>
<name>workspace</name>
<value>collaboration</value>
</value-param>
<value-param>
<name>homePath</name>
<value>/</value>
</value-param>
<value-param>
<name>synchronizeGroups</name>
<value>true</value>
</value-param>
</init-params>
</component>
<external-component-plugins>
<target-component>org.exoplatform.services.organization.OrganizationService</target-component>
<component-plugin>
<name>organization.initializer.group.event.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.platform.organization.integration.NewGroupListener</type>
<description>description</description>
</component-plugin>
<component-plugin>
<name>organization.initializer.user.event.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.platform.organization.integration.NewUserListener</type>
<description>description</description>
</component-plugin>
<component-plugin>
<name>organization.initializer.membership.event.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.platform.organization.integration.NewMembershipListener</type>
<description>description</description>
</component-plugin>
<component-plugin>
<name>organization.initializer.profile.event.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.platform.organization.integration.NewProfileListener</type>
<description>description</description>
</component-plugin>
</external-component-plugins>
<external-component-plugins>
<target-component>org.exoplatform.services.listener.ListenerService</target-component>
<component-plugin>
<name>exo.core.security.ConversationRegistry.register</name>
<set-method>addListener</set-method>
<type>org.exoplatform.platform.organization.integration.FirstLoginListener</type>
</component-plugin>
</external-component-plugins>
</configuration>
2.
<import>war:/conf/organization/sync.xml</import>
p.116
LDAP Integration
Some remarks:
The synchronizeGroups parameter is set to true. This enables group synchronization at the server startup.
The FirstLoginListener is configured. This makes sure that an LDAP user is enabled to access the Intranet
page automatically when he logs in eXo Platform for the first time.
The Job Scheduler is not configured yet. You will configure it later.
Testing
After deploying your custom extension in eXo Platform, start the server. Next, log in as root and browse the URL: http://
mycompany.com:8080/rest/management/orgsync (change the host and port if needed). You should receive the list of
methods of the OrganizationIntegrationService.
If you enter the URL: http://mycompany.com:8080/rest/management/orgsync/syncAll, the synchronization will run for all
users and groups.
Note
In the case of LDAP groups mapped into Platform, you noticed that parent groups, such as /acme/roles need
to be created manually. If the OrganizationIntegration service is activated while the parent groups are not
created yet, it may throw some exceptions at the startup, but it is not a problem.
username and eventType are parameters. eventType accepts three values: ADDED, UPDATED and DELETED.
Here is the full list of operations and their examples (common for REST and JMX, although the examples are REST
URLs):
Operation
Examples
syncAll
/rest/management/orgsync/syncAll
syncAllUsers
/rest/management/orgsync/syncAllUsers?eventType=DELETED
syncMembership
/rest/management/orgsync/syncMembership?username=root&groupId=/platform/
users&eventType=ADDED
syncAllGroups
/rest/management/orgsync/syncAllGroups?eventType=UPDATED
syncUser
/rest/management/orgsync/syncUser?username=user100&eventType=DELETED
syncGroup
/rest/management/orgsync/syncGroup?groupId=/acme/roles/foo&eventType=DELETED
Using JMX
You need a JMX browser like JConsole. JConsole is JDK built-in and if you connect with the eXo Platform server locally,
you do not need any installation or configuration.
p.117
LDAP Integration
Scheduled synchronization
Note
In case you want to connect to eXo Platform remotely or to secure your JMX connection, you should read the
JMX guideline.
The MBean name of the OrganizationIntegrationService is
exo:portal=portal,service=extensions,name=OrganizationIntegrationService,type=platform, like in the screenshot below:
<external-component-plugins>
<target-component>org.exoplatform.services.scheduler.JobSchedulerService</target-component>
<component-plugin>
<name>OrgInitializerCronJob</name>
<set-method>addCronJob</set-method>
<type>org.exoplatform.services.scheduler.CronJob</type>
<description>Schedule the organization integration operation</description>
<init-params>
<properties-param>
<name>cronjob.info</name>
<description>Invoke initializer periodically</description>
<property name="jobName" value="OrgInitializerCronJob"/>
<property name="groupName" value="group"/>
<property name="job" value="org.exoplatform.platform.organization.integration.OrganizationIntegrationJob"/>
<property name="expression" value="0 45 23 * * ? *"/>
</properties-param>
</init-params>
</component-plugin>
</external-component-plugins>
The only parameter you need to re-configure is the expression that schedules when the job is fired.
Note
Here provided just a short explanation and some examples of the expression so that you can pick up one
quickly. To learn its syntax, read CRON Expression documentation.
Cron expression examples
p.118
LDAP Integration
An expression consists of seven sub-expressions separated by a white space. For being easily recognized, in the
following tables, each sub-expression is written in a column (the seventh sub is optional):
Seconds Minutes
Hours
Day-ofMonth
Month
Day-ofWeek
Year
Description
45
23
45
23
SUN
45
23
2-7
45
23
TUE,THU
45
23
SUNL
45
23
45
23
0/15
Testing
The job calls the SyncAll method. When it runs, you will see the following logs:
For testing, you can configure it to run every 1 minute by using the expression: * 0/1 * * * ? *.
2.
p.119
LDAP Integration
<external-component-plugins>
<target-component>org.exoplatform.services.database.HibernateService</target-component>
<component-plugin>
<name>add.hibernate.mapping</name>
<set-method>addPlugin</set-method>
<type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
<init-params>
<values-param>
<name>hibernate.mapping</name>
<value>org/exoplatform/services/organization/impl/UserImpl.hbm.xml</value>
<value>org/exoplatform/services/organization/impl/MembershipImpl.hbm.xml</value>
<value>org/exoplatform/services/organization/impl/GroupImpl.hbm.xml</value>
<value>org/exoplatform/services/organization/impl/MembershipTypeImpl.hbm.xml</value>
<value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>
</values-param>
</init-params>
</component-plugin>
</external-component-plugins>
<import>classpath:/conf/portal/organization-configuration.xml</import>
</configuration>
LDAP configuration
p.120
LDAP Integration
<name>ldap.attribute.mapping</name>
<description>ldap attribute mapping</description>
<object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">
<field name="userLDAPClasses"><string>top,person,organizationalPerson,inetOrgPerson</string></field>
<field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>
<field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>
<field name="membershipTypeLDAPClasses"><string>top,organizationalRole</string></field>
<field name="membershipLDAPClasses"><string>top,groupOfNames</string></field>
<field name="baseURL"><string>dc=exoplatform,dc=org</string></field>
<field name="groupsURL"><string>ou=groups,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="membershipTypeURL"><string>ou=memberships,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="userURL"><string>ou=users,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="profileURL"><string>ou=profiles,ou=portal,dc=exoplatform,dc=org</string></field>
<field name="userUsernameAttr"><string>uid</string></field>
<field name="userPassword"><string>userPassword</string></field>
<field name="userFirstNameAttr"><string>givenName</string></field>
<field name="userLastNameAttr"><string>sn</string></field>
<field name="userDisplayNameAttr"><string>displayName</string></field>
<field name="userMailAttr"><string>mail</string></field>
<field name="userObjectClassFilter"><string>objectClass=person</string></field>
<field name="membershipTypeMemberValue"><string>member</string></field>
<field name="membershipTypeRoleNameAttr"><string>cn</string></field>
<field name="membershipTypeNameAttr"><string>cn</string></field>
<field name="membershipTypeObjectClassFilter"><string>objectClass=organizationalRole</string></field>
<field name="membershiptypeObjectClass"><string>organizationalRole</string></field>
<field name="groupObjectClass"><string>organizationalUnit</string></field>
<field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>
<field name="membershipObjectClass"><string>groupOfNames</string></field>
<field name="membershipObjectClassFilter"><string>objectClass=groupOfNames</string></field>
<field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>
<field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>
<field name="ldapDescriptionAttr"><string>description</string></field>
</object>
</object-param>
</init-params>
</component>
<external-component-plugins>
<target-component>org.exoplatform.services.database.HibernateService</target-component>
<component-plugin>
<name>add.hibernate.mapping</name>
<set-method>addPlugin</set-method>
<type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
<init-params>
<values-param>
<name>hibernate.mapping</name>
<value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>
</values-param>
</init-params>
</component-plugin>
</external-component-plugins>
</configuration>
p.121
LDAP Integration
<object type="org.exoplatform.services.ldap.impl.LDAPConnectionConfig">
<field name="providerURL"><string>ldap://192.168.2.88:389</string></field>
<field name="rootdn"><string>CN=Administrator,CN=Users, DC=exoplatform,DC=org</string></field>
<field name="password"><string>Secret1234</string></field>
<field name="version"><string>3</string></field>
<field name="minConnection"><int>5</int></field>
<field name="maxConnection"><int>10</int></field>
<field name="referralMode"><string>ignore</string></field>
<field name="serverName"><string>active.directory</string></field>
</object>
</object-param>
</init-params>
</component>
<component>
<key>org.exoplatform.services.organization.OrganizationService</key>
<type>org.exoplatform.services.organization.ldap.OrganizationServiceImpl</type>
<component-plugins>
<component-plugin>
<name>init.service.listener</name>
<set-method>addListenerPlugin</set-method>
<type>org.exoplatform.services.organization.ldap.OrganizationLdapInitializer</type>
<description>this listener populate organization ldap service create default dn</description>
</component-plugin>
</component-plugins>
<init-params>
<object-param>
<name>ldap.attribute.mapping</name>
<description>ldap attribute mapping</description>
<object type="org.exoplatform.services.organization.ldap.LDAPAttributeMapping">
<field name="userLDAPClasses"><string>top,person,organizationalPerson,user</string></field>
<field name="profileLDAPClasses"><string>top,organizationalPerson</string></field>
<field name="groupLDAPClasses"><string>top,organizationalUnit</string></field>
<field name="membershipTypeLDAPClasses"><string>top,group</string></field>
<field name="membershipLDAPClasses"><string>top,group</string></field>
<field name="baseURL"><string>DC=test,DC=man</string></field>
<field name="groupsURL"><string>ou=groups,ou=portal,DC=test,DC=man</string></field>
<field name="membershipTypeURL"><string>ou=memberships,ou=portal,DC=test,DC=man</string></field>
<field name="userURL"><string>ou=users,ou=portal,DC=test,DC=man</string></field>
<field name="profileURL"><string>ou=profiles,ou=portal,DC=test,DC=man</string></field>
<field name="userUsernameAttr"><string>sAMAccountName</string></field>
<field name="userPassword"><string>unicodePwd</string></field>
<field name="userFirstNameAttr"><string>givenName</string></field>
<field name="userLastNameAttr"><string>sn</string></field>
<field name="userDisplayNameAttr"><string>displayName</string></field>
<field name="userMailAttr"><string>mail</string></field>
<field name="userObjectClassFilter"><string>objectClass=user</string></field>
<field name="membershipTypeMemberValue"><string>member</string></field>
<field name="membershipTypeRoleNameAttr"><string>cn</string></field>
<field name="membershipTypeNameAttr"><string>cn</string></field>
<field name="membershipTypeObjectClassFilter"><string>objectClass=group</string></field>
<field name="membershiptypeObjectClass"><string>group</string></field>
<field name="groupObjectClass"><string>organizationalUnit</string></field>
<field name="groupObjectClassFilter"><string>objectClass=organizationalUnit</string></field>
<field name="membershipObjectClass"><string>group</string></field>
<field name="membershipObjectClassFilter"><string>objectClass=group</string></field>
<field name="ldapCreatedTimeStampAttr"><string>createdTimeStamp</string></field>
<field name="ldapModifiedTimeStampAttr"><string>modifiedTimeStamp</string></field>
<field name="ldapDescriptionAttr"><string>description</string></field>
</object>
</object-param>
</init-params>
</component>
<external-component-plugins>
p.122
LDAP Integration
<target-component>org.exoplatform.services.database.HibernateService</target-component>
<component-plugin>
<name>add.hibernate.mapping</name>
<set-method>addPlugin</set-method>
<type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type>
<init-params>
<values-param>
<name>hibernate.mapping</name>
<value>org/exoplatform/services/organization/impl/UserProfileData.hbm.xml</value>
</values-param>
</init-params>
</component-plugin>
</external-component-plugins>
</configuration>
See also
Synchronization
p.123
LDAP Integration
JCR directories that can be backed up and restored using the OS utilities.
JCR and IDM databases that can be backed up and restored using the DBMS tools.
Warning
These 2 parts need to be backed up and restored consistently. Inconsistency may lead to failures and
exceptions at the eXo Platform runtime. During the backup, you should stop eXo Platform to make sure no
write-process is performing.
You may back up periodically or on-demand, before an upgrade or a patch for instance. If you are planning to back up
periodically, consider the following things:
How often the backup is performed? Remember that there is downtime during the backup.
How much disk space is used for backup storage? Less space, less archive.
Prepare for the tools that involve: copy (local and network), compress and decompress tools, SQL backup tools and
automation.
If your backup takes long time and occupies a big memory space, here are some tips:
Tip
The downtime will be much shorter if you have File System data and SQL data located on different hard
drives, and back up them in parallel.
You do not need full-backup all the time. There are 2 backup options: incremental and differential that may
lower the space. The backup approaches are explained here. Linux rsync and Windows backup utilities can
perform incremental/differential backup. Any SQL Database server should support incremental backup.
p.124
See also
However it is not the case in production. As introduced in Planning your backup, the eXo Platform data consists of JCR
File System data and JCR/IDM SQL Databases. The backup/restore does not require any specific tools. You just need to
know the data location and use OS utilities to back up/restore file system data and DBMS tools to back up/restore SQL
databases.
Note
JCR Directory and JCR Database must be consistent. Then you should stop eXo Platform, back up both
before restarting. All nodes should be stopped if you are running the cluster mode.
File System Data
You can check the data location in the customized configuration file. In Tomcat, the file is $PLATFORM_TOMCAT_HOME/
bin/setenv-customize (.sh for Linux and .bat for Windows). In JBoss, it is $PLATFORM_JBOSS_HOME/bin/
standalone-customize (.conf for Linux and .conf.bat for Windows).
Open the file and find EXO_DATA_DIR. This variable indicates the folder you need to back up or restore.
You may disregard the background storage system (device and protocol) and let the OS take care of it. However, to
make it efficiently, the background storage should be considered. There are working storage (that eXo Platform uses) and
backup storage. Each of two can be on local drives, or a mount point of a network shared device. Each can be a SAN or
a NAS storage. You should use different hard drives for working storage and backup storage, for safety, and conditionally
for speed.
As said above, the whole JCR file system data is located in one root directory (EXO_DATA_DIR). However, there is a
possibility that an element (a workspace for instance) is configured to be different. To handle such cases, look inside the
file system data. There may be:
Index directory, which will be checked at the eXo Platform startup, and re-created if missing.
In the cluster mode, the eXo Platform instances may share an index directory, or use their own directories.
Value directory (if existing) that is used to store the BLOB data.
The BLOB data can be optionally stored in database and file system storage, and is defaulted to "true".
You can override this in $PLATFORM_TOMCAT_HOME/gatein/conf/exo.properties (Tomcat) or
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/exo.properties (JBoss) (see
Configuration overview for this file).
exo.jcr.storage.enabled=true
Swap directory, which is used as temporary memory space at runtime. This is not mandatory in backup and restore.
jta directory, which is used for transaction data. This is not mandatory in backup and restore.
p.125
By default, all are located under EXO_DATA_DIR and each workspace has its index, value and swap directories. Also, the
portal default configurations may be changed or overwritten, however it is not recommended to do this. To see how it can
happen, see JCR Configuration.
SQL Databases
Check your database configurations to see which databases are being used. The database configurations are described
in Configuring eXo Platform of the Database configuration section.
There should be 2 databases: JCR and IDM. You should back up and restore the whole database. If you want to back up
and restore tables separately, make sure your backup parts are consistent.
See also
p.126
Prerequisites
A list of things you need to perform before the upgrade.
Upgrade process
How to upgrade to a newer version of eXo Platform 4.
Best practices
Good ways that you can follow after the upgrade.
Also, this chapter contains links to sections that you need before starting an upgrade.
10.1. Prerequisites
Before the upgrade, you need to:
Download and unzip the new version to which you are about to upgrade.
Back up data, as described in Backup and Restore, before upgrading. In case anything turns badly, your data is safe
and you can start over.
Back up customizations (including configuration, deployed extensions and applications) that you plan to reuse in the
new version.
Perform one or more dry-run upgrade(s) to find out potential problems and estimate the upgrade time.
Note
The dry-run upgrade allows you to:
Detect and handle issues to make sure they will not happen during the real upgrade.
Estimate how long the upgrade will take in your production environment.
Find out if you need to adjust anything to make your upgrade faster and more efficient.
p.127
Upgrade
Upgrade process
This means you should upgrade from a version that is "the nearest" to the one you want to upgrade to. For example, if
you want to upgrade from 4.0.6 to 4.1.0, you should upgrade from 4.0.6 to 4.0.7 (as in 4.0.7's release notes), then from
4.0.7 to 4.1.0 (as in 4.1.0's release notes).
However, if you still insist on skipping versions (for example, from 4.0.6 to 4.1.0), it is strongly advised you read all
release notes of versions you are skipping to see which of any previous upgrade procedure impacts your project. eXo
does not either guarantee or provide instructions for such an upgrade.
Upgrade to an eXo Platform 4.1 version
1.
2.
If you use a populated organizational data source (such as LDAP), activate the Organization Integration Service
so that the data is synchronized. See Synchronization for more details.
If you are running cluster mode, see Migrating eXo Platform cluster 4.0 to 4.1.
Note that SMTP and JODConverter configuration is no longer configured via customized script (setenvcustomize*). These should be configured in exo.properties. See the corresponding sections in
Configuration chapter.
3.
Configure the JCR and IDM databases. Refer to Database for more details.
4.
Configure the EXO_DATA_DIR variable. Refer to Data directory configuration for more details.
5.
Go to the eXo Platform 4.1 package, then look for the sample upgrade files (known as upgrade-ABC-to-XYZsample.properties) at:
6.
$PLATFORM_TOMCAT_HOME/gatein/conf/ (Tomcat)
$PLATFORM_JBOSS_HOME/standalone/configuration/gatein/ (JBoss)
Locate the sample upgrade file regarding the version you want to upgrade, and rename it into
upgrade.properties as described in Release Notes.
For example, in order to upgrade from 4.0.7 to 4.1.0, you need to rename upgrade-4.0.7-to-4.1.0sample.properties into upgrade.properties.
7.
Start the eXo Platform 4.1 server. The upgrade will be run automatically. The startup is successful when you see a
message like INFO | Server startup in XXXX ms.
8.
9.
Remove or rename the upgrade.properties in Step 6. This is to avoid running the upgrade again for next time.
10. Restart the server, then do some tests on the upgraded version. See Best practices for more details.
p.128
Upgrade
Best practices
Monitor the server console/log file to be aware of the upgrade status or any issues during the upgrade. By default,
eXo Platform records all information in $PLATFORM_TOMCAT_HOME/logs/platform.log (in Tomcat) or
$PLATFORM_JBOSS_HOME/standalone/log/server.log (in JBoss).
A successful upgrade typically logs the followings:
o
INFO | New version has been detected: proceed upgrading from 4.0.7 to 4.1.0
INFO | Proceed upgrade plugin: name = Upgrade-PortalData from version 4.0.7 to 4.1.0 with execution order = 0
The message informing the activated upgrade plugins are executed correctly:
Check the eXo Platform version via the REST service (http://[your_server]:[your_port]/rest/platform/info), for example:
"platformVersion": "4.1.0".
Or, you can see the new version in the footer of Login page as follows:
Log in and check some functions, components and customizations to see if they are working correctly.
p.129
Upgrade
New variable
gatein.email.domain.url
exo.base.url
accountsetup.skip
exo.accountsetup.skip
exo.super.user
exo.super.user
Email variables
Old variable
New variable
gatein.email.smtp.from
exo.email.smtp.from
gatein.email.smtp.host
exo.email.smtp.host
gatein.email.smtp.port
exo.email.smtp.port
gatein.email.smtp.starttls.enable
exo.email.smtp.starttls.enable
gatein.email.smtp.auth
exo.email.smtp.auth
gatein.email.smtp.username
exo.email.smtp.username
gatein.email.smtp.password
exo.email.smtp.password
gatein.email.smtp.socketFactory.port
exo.email.smtp.socketFactory.port
gatein.email.smtp.socketFactory.class
exo.email.smtp.socketFactory.class
JOD Converter
Old variable
New variable
wcm.jodconverter.enable
exo.jodconverter.enable
wcm.jodconverter.portnumbers
exo.jodconverter.portnumbers
wcm.jodconverter.officehome
exo.jodconverter.officehome
wcm.jodconverter.taskqueuetimeout
exo.jodconverter.taskqueuetimeout
wcm.jodconverter.taskexecutiontimeout
exo.jodconverter.taskexecutiontimeout
wcm.jodconverter.maxtasksperprocess
exo.jodconverter.maxtasksperprocess
wcm.jodconverter.retrytimeout
exo.jodconverter.retrytimeout
Unified search
Old variable
New variable
unified-search.engine.fuzzy.enable
exo.unified-search.engine.fuzzy.enable
unified-search.engine.fuzzy.similarity
exo.unified-search.engine.fuzzy.similarity
Caches
Old variable
New variable
gatein.cache.mop.maxsize
exo.cache.portal.mop.maxsize
gatein.cache.mop.livetime
exo.cache.portal.mop.livetime
gatein.cache.mop.maxnodes
exo.cache.portal.mop.maxnodes
p.130
Upgrade
Old variable
New variable
gatein.cache.mop.expiration
exo.cache.portal.mop.expiration
gatein.cache.navigation.maxsize
exo.cache.portal.navigation.maxsize
gatein.cache.navigation.livetime
exo.cache.portal.navigation.livetime
gatein.cache.navigation.maxnodes
exo.cache.portal.navigation.maxnodes
gatein.cache.navigation.expiration
exo.cache.portal.navigation.expiration
gatein.cache.description.maxsize
exo.cache.portal.description.maxsize
gatein.cache.description.livetime
exo.cache.portal.description.livetime
gatein.cache.description.maxnodes
exo.cache.portal.description.maxnodes
gatein.cache.description.expiration
exo.cache.portal.description.expiration
gatein.cache.page.maxsize
exo.cache.portal.page.maxsize
gatein.cache.page.livetime
exo.cache.portal.page.livetime
gatein.cache.page.maxnodes
exo.cache.portal.page.maxnodes
gatein.cache.page.expiration
exo.cache.portal.page.expiration
cache.exo.portal.TemplateService.capacity
exo.cache.portal.TemplateService.capacity
cache.exo.portal.TemplateService.liveTime
exo.cache.portal.TemplateService.liveTime
cache.exo.portal.ResourceBundleData.capacity
exo.cache.portal.ResourceBundleData.capacity
cache.exo.portal.ResourceBundleData.liveTime
exo.cache.portal.ResourceBundleData.liveTime
cache.exo.commons.SettingService.Capacity
exo.cache.commons.SettingService.Capacity
cache.exo.commons.SettingService.TimeToLive
exo.cache.commons.SettingService.TimeToLive
cache.exo.commons.SettingService.MaxNodes
exo.cache.commons.SettingService.MaxNodes
cache.exo.commons.SettingService.ExpirationTimeout
exo.cache.commons.SettingService.ExpirationTimeout
wcm.cache.queryservice.maxnodes
exo.cache.wcm.queryservice.maxnodes
wcm.cache.queryservice.expirationtimeout
exo.cache.wcm.queryservice.expirationtimeout
wcm.cache.managedrive.maxnodes
exo.cache.wcm.managedrive.maxnodes
wcm.cache.managedrive.expirationtimeout
exo.cache.wcm.managedrive.expirationtimeout
wcm.cache.scriptservice.capacity
exo.cache.wcm.scriptservice.capacity
wcm.cache.scriptservice.timetolive
exo.cache.wcm.scriptservice.timetolive
wcm.cache.templateservice.capacity
exo.cache.wcm.templateservice.capacity
wcm.cache.templateservice.timetolive
exo.cache.wcm.templateservice.timetolive
wcm.cache.webcontent.initialwebcontentplugin.capacity
exo.cache.wcm.webcontent.initialwebcontentplugin.capacity
wcm.cache.webcontent.initialwebcontentplugin.timetolive
exo.cache.wcm.webcontent.initialwebcontentplugin.timetolive
wcm.cache.fragmentcacheservice.capacity
exo.cache.wcm.fragmentcacheservice.capacity
wcm.cache.fragmentcacheservice.timetolive
exo.cache.wcm.fragmentcacheservice.timetolive
wcm.cache.pdfviewer.capacity
exo.cache.wcm.pdfviewer.capacity
wcm.cache.pdfviewer.timetolive
exo.cache.wcm.pdfviewer.timetolive
wcm.cache.seoservice.capacity
exo.cache.wcm.seoservice.capacity
wcm.cache.seoservice.timetolive
exo.cache.wcm.seoservice.timetolive
p.131
Upgrade
Old variable
New variable
cache.exo.ecms.javascript.maxSize
exo.cache.wcm.javascript.maxSize
cache.exo.ecms.javascript.liveTime
exo.cache.wcm.javascript.liveTime
cache.exo.social.IdentityCache.Capacity
exo.cache.social.IdentityCache.Capacity
cache.exo.social.IdentityCache.TimeToLive
exo.cache.social.IdentityCache.TimeToLive
cache.exo.social.IdentityIndexCache.Capacity
exo.cache.social.IdentityIndexCache.Capacity
cache.exo.social.IdentityIndexCache.TimeToLive
exo.cache.social.IdentityIndexCache.TimeToLive
cache.exo.social.ProfileCache.Capacity
exo.cache.social.ProfileCache.Capacity
cache.exo.social.ProfileCache.TimeToLive
exo.cache.social.ProfileCache.TimeToLive
cache.exo.social.IdentitiesCache.Capacity
exo.cache.social.IdentitiesCache.Capacity
cache.exo.social.IdentitiesCache.TimeToLive
exo.cache.social.IdentitiesCache.TimeToLive
cache.exo.social.IdentitiesCountCache.Capacity
exo.cache.social.IdentitiesCountCache.Capacity
cache.exo.social.IdentitiesCountCache.TimeToLive
exo.cache.social.IdentitiesCountCache.TimeToLive
cache.exo.social.RelationshipCache.Capacity
exo.cache.social.RelationshipCache.Capacity
cache.exo.social.RelationshipCache.TimeToLive
exo.cache.social.RelationshipCache.TimeToLive
cache.exo.social.RelationshipFromIdentityCache.Capacity
exo.cache.social.RelationshipFromIdentityCache.Capacity
cache.exo.social.RelationshipFromIdentityCache.TimeToLive
exo.cache.social.RelationshipFromIdentityCache.TimeToLive
cache.exo.social.RelationshipsCountCache.Capacity
exo.cache.social.RelationshipsCountCache.Capacity
cache.exo.social.RelationshipsCountCache.TimeToLive
exo.cache.social.RelationshipsCountCache.TimeToLive
cache.exo.social.RelationshipsCache.Capacity
exo.cache.social.RelationshipsCache.Capacity
cache.exo.social.RelationshipsCache.TimeToLive
exo.cache.social.RelationshipsCache.TimeToLive
cache.exo.social.ActivityCache.Capacity
exo.cache.social.ActivityCache.Capacity
cache.exo.social.ActivityCache.TimeToLive
exo.cache.social.ActivityCache.TimeToLive
cache.exo.social.ActivitiesCountCache.Capacity
exo.cache.social.ActivitiesCountCache.Capacity
cache.exo.social.ActivitiesCountCache.TimeToLive
exo.cache.social.ActivitiesCountCache.TimeToLive
cache.exo.social.ActivitiesCache.Capacity
exo.cache.social.ActivitiesCache.Capacity
cache.exo.social.ActivitiesCache.TimeToLive
exo.cache.social.ActivitiesCache.TimeToLive
cache.exo.social.SpaceCache.Capacity
exo.cache.social.SpaceCache.Capacity
cache.exo.social.SpaceCache.TimeToLive
exo.cache.social.SpaceCache.TimeToLive
cache.exo.social.SpaceRefCache.Capacity
exo.cache.social.SpaceRefCache.Capacity
cache.exo.social.SpaceRefCache.TimeToLive
exo.cache.social.SpaceRefCache.TimeToLive
cache.exo.social.SpacesCountCache.Capacity
exo.cache.social.SpacesCountCache.Capacity
cache.exo.social.SpacesCountCache.TimeToLive
exo.cache.social.SpacesCountCache.TimeToLive
cache.exo.social.SpacesCache.Capacity
exo.cache.social.SpacesCache.Capacity
cache.exo.social.SpacesCache.TimeToLive
exo.cache.social.SpacesCache.TimeToLive
cache.exo.forum.UserProfiles.Capacity
exo.cache.forum.UserProfiles.Capacity
cache.exo.forum.UserProfiles.TimeToLive
exo.cache.forum.UserProfiles.TimeToLive
cache.exo.forum.CategoryList.Capacity
exo.cache.forum.CategoryList.Capacity
p.132
Upgrade
Old variable
New variable
cache.exo.forum.CategoryList.TimeToLive
exo.cache.forum.CategoryList.TimeToLive
cache.exo.forum.CategoryData.Capacity
exo.cache.forum.CategoryData.Capacity
cache.exo.forum.CategoryData.TimeToLive
exo.cache.forum.CategoryData.TimeToLive
cache.exo.forum.ForumList.Capacity
exo.cache.forum.ForumList.Capacity
cache.exo.forum.ForumList.TimeToLive
exo.cache.forum.ForumList.TimeToLive
cache.exo.forum.ForumData.Capacity
exo.cache.forum.ForumData.Capacity
cache.exo.forum.ForumData.TimeToLive
exo.cache.forum.ForumData.TimeToLive
cache.exo.forum.TopicData.Capacity
exo.cache.forum.TopicData.Capacity
cache.exo.forum.TopicData.TimeToLive
exo.cache.forum.TopicData.TimeToLive
cache.exo.forum.WatchListData.Capacity
exo.cache.forum.WatchListData.Capacity
cache.exo.forum.WatchListData.TimeToLive
exo.cache.forum.WatchListData.TimeToLive
cache.exo.forum.LinkListData.Capacity
exo.cache.forum.LinkListData.Capacity
cache.exo.forum.LinkListData.TimeToLive
exo.cache.forum.LinkListData.TimeToLive
cache.exo.forum.ObjectNameData.Capacity
exo.cache.forum.ObjectNameData.Capacity
cache.exo.forum.ObjectNameData.TimeToLive
exo.cache.forum.ObjectNameData.TimeToLive
cache.exo.forum.MiscData.Capacity
exo.cache.forum.MiscData.Capacity
cache.exo.forum.MiscData.TimeToLive
exo.cache.forum.MiscData.TimeToLive
cache.exo.wiki.PageRenderingCache.Capacity
exo.cache.wiki.PageRenderingCache.Capacity
cache.exo.wiki.PageRenderingCache.TimeToLive
exo.cache.wiki.PageRenderingCache.TimeToLive
cache.exo.calendar.GroupCalendarCache.Capacity
exo.cache.calendar.GroupCalendarCache.Capacity
cache.exo.calendar.GroupCalendarCache.TimeToLive
exo.cache.calendar.GroupCalendarCache.TimeToLive
JCR
Old variable
New variable
gatein.jcr.datasource.dialect
exo.jcr.datasource.dialect
gatein.jcr.db-structure-type
exo.jcr.db-structure-type
gatein.jcr.sessionregistry.sessionmaxage
exo.jcr.sessionregistry.sessionmaxage
gatein.jcr.storage.enabled
exo.jcr.storage.enabled
gatein.jcr.repository.default
exo.jcr.repository.default
gatein.jcr.workspace.default
exo.jcr.workspace.default
gatein.jcr.workspace.system
exo.jcr.workspace.system
Calendar
Old variable
New variable
exo.calendar.default.event.suggest
exo.calendar.default.event.suggest
exo.calendar.default.task.suggest
exo.calendar.default.task.suggest
exo.calendar.remote.synchronization.job.period
exo.calendar.remote.synchronization.job.period
Wiki
p.133
Upgrade
Old variable
New variable
wiki.autosave.interval
exo.wiki.autosave.interval
Clustering
Old variable
New variable
exo.cluster.partition.name
exo.cluster.partition.name
gatein.jcr.jgroups.config
exo.jcr.cluster.jgroups.config-url
gatein.jcr.cache.config
exo.jcr.cache.config
gatein.jcr.cache.config.workspace.portalsystem
exo.jcr.cache.config.workspace.portal-system
gatein.jcr.lock.cache.config
exo.jcr.lock.cache.config
gatein.jcr.index.cache.config
exo.jcr.index.cache.config
Add-ons
Old variable
New variable
acme.portalConfig.metadata.override
exo.acme.portalConfig.metadata.override
ide.portalConfig.metadata.override
exo.ide.portalConfig.metadata.override
GateIn
Old variable
New variable
gatein.conf.dir
exo.conf.dir
See more information below for how to customize this property.
gatein.data.dir
exo.data.dir
gatein.jcr.data.dir
exo.jcr.data.dir
gatein.jcr.index.data.dir
exo.jcr.index.data.dir
gatein.jcr.storage.data.dir
exo.jcr.storage.data.dir
gatein.assets.version
exo.assets.version
In Tomcat: customize the variable EXO_CONF_DIR=/path/to/your/folder (see Customizing variables for howto).
<sytem-properties>
<property name="exo.conf.dir" value="/path/to/your/folder"/>
</system-properties>
New variable
exo.security.domain
exo.security.domain
gatein.portal.idm.createuserportal
exo.portal.idm.createuserportal
p.134
Upgrade
Old variable
New variable
gatein.portal.idm.destroyuserportal
exo.portal.idm.destroyuserportal
Datasources
Old variable
New variable
gatein.jcr.datasource.name
exo.jcr.datasource.name
gatein.idm.datasource.name
exo.idm.datasource.name
p.135
Upgrade
gatein-domain {
org.gatein.sso.integration.SSODelegateLoginModule required
enabled="#{gatein.sso.login.module.enabled}"
delegateClassName="#{gatein.sso.login.module.class}"
portalContainerName=portal
realmName=gatein-domain
password-stacking=useFirstPass;
org.exoplatform.services.security.j2ee.TomcatLoginModule required
portalContainerName=portal
realmName=gatein-domain;
};
In which:
gatein-domain is the Realm name which will be refered by applications. If you change this default name, you
need to re-configure all the applications that use the Realm (listed later).
p.136
Security
The default Realm is declared in the $PLATFORM_TOMCAT_HOME/conf/jaas.conf file. Its content is exactly the
above example.
exo.security.domain=gatein-domain
The default Realm is declared in the $PLATFORM_JBOSS_HOME/standalone/configuration/standaloneexo.xml file, at the following lines:
exo.security.domain=gatein-domain
In WEB-INF/jboss-web.xml:
<security-domain>java:/jaas/gatein-domain</security-domain>
In WEB-INF/web.xml:
<realm-name>gatein-domain</realm-name>
p.137
Security
In META-INF/context.xml:
appName='gatein-domain'
As mentioned above, if you change "gatein-domain", you need to re-configure all the applications that use the Realm
to refer to the new Realm. Here is the list of webapps and the files you need to re-configure:
In the Tomcat bundle:
ecm-wcm-extension.war: /WEB-INF/jboss-web.xml.
calendar-extension.war: /WEB-INF/jboss-web.xml.
forum-extension.war: /WEB-INF/jboss-web.xml.
wiki-extension.war: /WEB-INF/jboss-web.xml.
ecm-wcm-core.war: /WEB-INF/jboss-web.xml.
Note
The .war files are located under the $PLATFORM_TOMCAT_HOME/webapps folder.
In the JBoss package:
ecm-wcm-extension.war: /WEB-INF/jboss-web.xml.
calendar-extension-webapp.war: /WEB-INF/jboss-web.xml.
forum-extension-webapp.war: /WEB-INF/jboss-web.xml.
wiki-extension-webapp.war: /WEB-INF/jboss-web.xml.
ecms-core-webapp.war: /WEB-INF/jboss-web.xml.
ecms-packaging-wcm-webapp.war: /WEB-INF/jboss-web.xml.
Note
The .war files are located under the $PLATFORM_JBOSS_HOME/standalone/deployments/
platform.ear folder.
See also
p.138
Security
HTTPS configuration
$PLATFORM_JBOSS_HOME/standalone/deployments/platform.ear/exo.portal.web.portal.war/
WEB-INF/conf/common/common-configuration.xml (in JBoss).
<component>
<key>org.exoplatform.web.security.proxy.ProxyFilterService</key>
<type>org.exoplatform.web.security.proxy.ProxyFilterService</type>
<init-params>
<values-param>
<!-- The white list -->
<name>white-list</name>
<!-- We accept anything not black listed -->
<value>*</value>
</values-param>
<values-param>
<name>black-list</name>
<value>*.evil.org</value>
</values-param>
</init-params>
</component>
Only domain names in white list and NOT in black list are allowed.
Multiple values can be added (by adding more value tags) and wildcards can be used, as in the following example:
<component>
<key>org.exoplatform.web.security.proxy.ProxyFilterService</key>
<type>org.exoplatform.web.security.proxy.ProxyFilterService</type>
<init-params>
<values-param>
<name>white-list</name>
<value>*.example.com</value>
<value>www.example.net</value>
p.139
Security
HTTPS configuration
</values-param>
<values-param>
<name>black-list</name>
<value>evil.example.com</value>
</values-param>
</init-params>
</component>
See also
HTTPS configuration
keytool -genkey -alias serverkeys -keyalg RSA -keystore server.keystore -storepass 123456 -keypass 123456 -dname "CN=localhost,
OU=MYOU, O=MYORG, L=MYCITY, ST=MYSTATE, C=MY"
Note
On the MAC OS X, the cacerts file is located at $JAVA_HOME/lib/security/cacerts.
Also, since your Sun JDK keystore has a different password than the one used for the key you created in the first step,
you have to change your key password to match the new keystore password (The default JDK keystore pasword may be
'changeit').
p.140
Security
...
</subsystem>
2.
2.
3.
Restart server. If your configuration is correct, you can access the portal via https://<ServerAddress>:8443/portal.
See also
A token is saved in the server side. The user password is encrypted and saved along with the token.
The token ID is sent back to the browser and saved in the "rememberme" cookie.
When the users visit the website for next time from the same browser on the same machine, they do not need to type
their username and password. The browser sends the cookies, and the server validates it using the token. By that way,
the login step is automatically completed.
Updating password encryption key
The password encryption uses a keystore file. By default, the file is:
To update the password encryption key, just remove the file, then restart the server. The keystore file will be re-created at
the startup time.
p.141
Security
Note
Updating the password encryption key causes the invalidation of existing tokens, so the users must re-login.
For more details about the feature and its configuration, refer to Remember me password encryption.
See also
HTTPS configuration
p.142
Security