You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Mike Adamson <mi...@gmail.com> on 2011/06/13 14:35:03 UTC
ACIs not being reloaded after server restart on trunk
Hi,
I am using an embedded DirectoryService instance from trunk. If I start the
service and inject my test data with ACIs they work correctly. E.g. users
can access the data allowed by the ACIs. If I stop the server and start it
again they can't. If I connect to the server as the admin user I can see
that my data is still there and the subEntries are visible they just don't
seem to be being interpreted.
I remember seeing a message on these forums that this was a bug in 1.5.7 but
had been fixed on trunk. I am using the following code to start the service:
InstanceLayout instanceLayout = new InstanceLayout(workingDir);
instanceLayout.mkdirs();
initSchemaPartition(instanceLayout.getPartitionsDirectory());
directoryService = new DefaultDirectoryService();
directoryService.setSchemaManager(schemaManager);
directoryService.setInstanceId(instanceId);
directoryService.setInstanceLayout(instanceLayout);
directoryService.setAccessControlEnabled(true);
directoryService.setAllowAnonymousAccess(false);
Partition systemPartition = createPartition("system",
ServerDNConstants.SYSTEM_DN);
directoryService.setSystemPartition(systemPartition);
directoryService.setDenormalizeOpAttrsEnabled(true);
Partition ratPartition = createPartition(partitionId, partitionDn);
addIndex(ratPartition, "objectClass", "ou", "uid");
SchemaPartition schemaPartition =
directoryService.getSchemaService().getSchemaPartition();
schemaPartition.setWrappedPartition( schemaLdifPartition );
schemaPartition.setSchemaManager( schemaManager );
directoryService.startup();
directoryService.addPartition(ratPartition);
Is there something more I need to do to reload the ACI cache?
Thanks,
Mike Adamson
Re: ACIs not being reloaded after server restart on trunk
Posted by Mike Adamson <mi...@gmail.com>.
Hi,
I've done some digging around and found the problem.
I should have been using directoryService.setPartitions to add my custom
partition to the directory service before calling startup rather than
calling addPartition after startup. The problem being that the
AciAuthorizationInteceptor was initializing it's group cache in the startup
and my users and groups are in the custom partition.
Apologies for wasting time.
Mike Adamson
On 13 June 2011 15:03, Mike Adamson <mi...@gmail.com> wrote:
> Hi,
>
> The code I provided is in a StartStopListener in order to start the
> DirectoryService when a web app starts up. After this I import a couple of
> ldif files into the service if the data doesn't already exist.
>
> I updated from trunk last Friday so I should have that fix. I seem to have
> an issue with restarting my server. I'll try debugging into the search and
> see if it I can see anything.
>
> Thanks,
>
> Mike Adamson
>
>
> On 13 June 2011 13:54, Emmanuel Lecharny <el...@apache.org> wrote:
>
>>
>>
>> On Mon, Jun 13, 2011 at 2:35 PM, Mike Adamson <mi...@gmail.com>wrote:
>>
>>> Hi,
>>>
>>
>> Hi,
>>
>>>
>>> I am using an embedded DirectoryService instance from trunk. If I start
>>> the service and inject my test data with ACIs they work correctly. E.g.
>>> users can access the data allowed by the ACIs. If I stop the server and
>>> start it again they can't. If I connect to the server as the admin user I
>>> can see that my data is still there and the subEntries are visible they just
>>> don't seem to be being interpreted.
>>>
>>> I remember seeing a message on these forums that this was a bug in 1.5.7
>>> but had been fixed on trunk. I am using the following code to start the
>>> service:
>>>
>>
>> Yes, it was fixed in trunk, and the last fix was applied less than a month
>> ago.
>>
>>
>>>
>>> InstanceLayout instanceLayout = new InstanceLayout(workingDir);
>>> instanceLayout.mkdirs();
>>> initSchemaPartition(instanceLayout.getPartitionsDirectory());
>>>
>>> directoryService = new DefaultDirectoryService();
>>> directoryService.setSchemaManager(schemaManager);
>>> directoryService.setInstanceId(instanceId);
>>> directoryService.setInstanceLayout(instanceLayout);
>>>
>>> directoryService.setAccessControlEnabled(true);
>>> directoryService.setAllowAnonymousAccess(false);
>>>
>>> Partition systemPartition = createPartition("system",
>>> ServerDNConstants.SYSTEM_DN);
>>> directoryService.setSystemPartition(systemPartition);
>>>
>>> directoryService.setDenormalizeOpAttrsEnabled(true);
>>>
>>> Partition ratPartition = createPartition(partitionId,
>>> partitionDn);
>>> addIndex(ratPartition, "objectClass", "ou", "uid");
>>>
>>> SchemaPartition schemaPartition =
>>> directoryService.getSchemaService().getSchemaPartition();
>>> schemaPartition.setWrappedPartition( schemaLdifPartition );
>>> schemaPartition.setSchemaManager( schemaManager );
>>>
>>> directoryService.startup();
>>>
>>> directoryService.addPartition(ratPartition);
>>>
>>> Is there something more I need to do to reload the ACI cache?
>>>
>>
>> Hmmm, the code you expose won't do anything else than starting the server,
>> no ?
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel Lécharny
>> www.iktek.com
>>
>
>
Re: ACIs not being reloaded after server restart on trunk
Posted by Mike Adamson <mi...@gmail.com>.
Hi,
The code I provided is in a StartStopListener in order to start the
DirectoryService when a web app starts up. After this I import a couple of
ldif files into the service if the data doesn't already exist.
I updated from trunk last Friday so I should have that fix. I seem to have
an issue with restarting my server. I'll try debugging into the search and
see if it I can see anything.
Thanks,
Mike Adamson
On 13 June 2011 13:54, Emmanuel Lecharny <el...@apache.org> wrote:
>
>
> On Mon, Jun 13, 2011 at 2:35 PM, Mike Adamson <mi...@gmail.com> wrote:
>
>> Hi,
>>
>
> Hi,
>
>>
>> I am using an embedded DirectoryService instance from trunk. If I start
>> the service and inject my test data with ACIs they work correctly. E.g.
>> users can access the data allowed by the ACIs. If I stop the server and
>> start it again they can't. If I connect to the server as the admin user I
>> can see that my data is still there and the subEntries are visible they just
>> don't seem to be being interpreted.
>>
>> I remember seeing a message on these forums that this was a bug in 1.5.7
>> but had been fixed on trunk. I am using the following code to start the
>> service:
>>
>
> Yes, it was fixed in trunk, and the last fix was applied less than a month
> ago.
>
>
>>
>> InstanceLayout instanceLayout = new InstanceLayout(workingDir);
>> instanceLayout.mkdirs();
>> initSchemaPartition(instanceLayout.getPartitionsDirectory());
>>
>> directoryService = new DefaultDirectoryService();
>> directoryService.setSchemaManager(schemaManager);
>> directoryService.setInstanceId(instanceId);
>> directoryService.setInstanceLayout(instanceLayout);
>>
>> directoryService.setAccessControlEnabled(true);
>> directoryService.setAllowAnonymousAccess(false);
>>
>> Partition systemPartition = createPartition("system",
>> ServerDNConstants.SYSTEM_DN);
>> directoryService.setSystemPartition(systemPartition);
>>
>> directoryService.setDenormalizeOpAttrsEnabled(true);
>>
>> Partition ratPartition = createPartition(partitionId,
>> partitionDn);
>> addIndex(ratPartition, "objectClass", "ou", "uid");
>>
>> SchemaPartition schemaPartition =
>> directoryService.getSchemaService().getSchemaPartition();
>> schemaPartition.setWrappedPartition( schemaLdifPartition );
>> schemaPartition.setSchemaManager( schemaManager );
>>
>> directoryService.startup();
>>
>> directoryService.addPartition(ratPartition);
>>
>> Is there something more I need to do to reload the ACI cache?
>>
>
> Hmmm, the code you expose won't do anything else than starting the server,
> no ?
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
Re: ACIs not being reloaded after server restart on trunk
Posted by Emmanuel Lecharny <el...@apache.org>.
On Mon, Jun 13, 2011 at 2:35 PM, Mike Adamson <mi...@gmail.com> wrote:
> Hi,
>
Hi,
>
> I am using an embedded DirectoryService instance from trunk. If I start the
> service and inject my test data with ACIs they work correctly. E.g. users
> can access the data allowed by the ACIs. If I stop the server and start it
> again they can't. If I connect to the server as the admin user I can see
> that my data is still there and the subEntries are visible they just don't
> seem to be being interpreted.
>
> I remember seeing a message on these forums that this was a bug in 1.5.7
> but had been fixed on trunk. I am using the following code to start the
> service:
>
Yes, it was fixed in trunk, and the last fix was applied less than a month
ago.
>
> InstanceLayout instanceLayout = new InstanceLayout(workingDir);
> instanceLayout.mkdirs();
> initSchemaPartition(instanceLayout.getPartitionsDirectory());
>
> directoryService = new DefaultDirectoryService();
> directoryService.setSchemaManager(schemaManager);
> directoryService.setInstanceId(instanceId);
> directoryService.setInstanceLayout(instanceLayout);
>
> directoryService.setAccessControlEnabled(true);
> directoryService.setAllowAnonymousAccess(false);
>
> Partition systemPartition = createPartition("system",
> ServerDNConstants.SYSTEM_DN);
> directoryService.setSystemPartition(systemPartition);
>
> directoryService.setDenormalizeOpAttrsEnabled(true);
>
> Partition ratPartition = createPartition(partitionId, partitionDn);
> addIndex(ratPartition, "objectClass", "ou", "uid");
>
> SchemaPartition schemaPartition =
> directoryService.getSchemaService().getSchemaPartition();
> schemaPartition.setWrappedPartition( schemaLdifPartition );
> schemaPartition.setSchemaManager( schemaManager );
>
> directoryService.startup();
>
> directoryService.addPartition(ratPartition);
>
> Is there something more I need to do to reload the ACI cache?
>
Hmmm, the code you expose won't do anything else than starting the server,
no ?
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com