You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by Chung Tran <bs...@gmail.com> on 2019/09/12 06:41:47 UTC

Can help me some demo code about Delegation Control in AD in ldap api

Hi team dev,

- i found about open source project like this :
https://www.programcreek.com/java-api-examples/?code=apache%2Fdirectory-fortress-enmasse%2Fdirectory-fortress-enmasse-master%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fdirectory%2Ffortress%2Frest%2FReviewMgrImpl.java#

- but it hard to understand.

- i can connect to Active Directory Users and Computers(ADUC), via
administrator, write some CRUD user, by using Apache Ldap API in java code.

- i want Admin can make permission for user in [Users], use Delegation of
Control to do this, some delegate: create, delete & manage user acc; or
Reset password, etc.(att pic1)

- Documentation LDAP API dont have content for this.

Q1: can u help write some demo code to slove Delegation of Control to
permission for user ?
Q2: ldap API access [Reset Password..] (att pic2) in ADUC to reset user pw,
can u have me some demo for slove this?

Thanks!

Re: Can help me some demo code about Delegation Control in AD in ldap api

Posted by Shawn McKinney <sm...@apache.org>.

And finally, the project doc page on pw policies:

https://directory.apache.org/apacheds/advanced-ug/4.3-password-policy.html

> On Sep 12, 2019, at 8:45 AM, Shawn McKinney <sm...@apache.org> wrote:
> 
> 
>> On Sep 12, 2019, at 8:44 AM, Shawn McKinney <sm...@apache.org> wrote:
>> 
>> Also you asked about pw policies:
>> 
>> https://iamfortress.net/2015/06/11/what-are-password-policies/
>> 
>> NOt so difficult of a topic as delegation.  Should be easier to find some samples.  
>> 
>> Here’s how fortress does it.  Keep in mind the test class uses the fortress APIs, which then call the Apache LDAP Apis, meaning you’ll have to connect the dots to understand how the pwpolicy is interpreted.
> 
> And the link to fortress pwpolicy tests:
> 
> https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/impl/PswdPolicyMgrImplTest.java
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
> For additional commands, e-mail: dev-help@directory.apache.org
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org

Re: Can help me some demo code about Delegation Control in AD in ldap api

Posted by Shawn McKinney <sm...@apache.org>.

> On Sep 12, 2019, at 8:44 AM, Shawn McKinney <sm...@apache.org> wrote:
> 
> Also you asked about pw policies:
> 
> https://iamfortress.net/2015/06/11/what-are-password-policies/
> 
> NOt so difficult of a topic as delegation.  Should be easier to find some samples.  
> 
> Here’s how fortress does it.  Keep in mind the test class uses the fortress APIs, which then call the Apache LDAP Apis, meaning you’ll have to connect the dots to understand how the pwpolicy is interpreted.

And the link to fortress pwpolicy tests:

https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/impl/PswdPolicyMgrImplTest.java
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org

Re: Can help me some demo code about Delegation Control in AD in ldap api

Posted by Shawn McKinney <sm...@apache.org>.

> On Sep 12, 2019, at 7:49 AM, Shawn McKinney <sm...@apache.org> wrote:
> 
> Fortress provides administrative delegation using the ARBAC02 model.  I’m sure you could do some searching to learn more if you have interest.

Here’s a primer on the topic.  Wish I had something to share with you that was more succinct and to the point.

One day perhaps…

https://iamfortress.net/2015/06/11/what-is-delegated-administration/

https://symas.com/recent-improvements-in-apache-fortress-rest-delegated-administration/

Also you asked about pw policies:

https://iamfortress.net/2015/06/11/what-are-password-policies/

NOt so difficult of a topic as delegation.  Should be easier to find some samples.  

Here’s how fortress does it.  Keep in mind the test class uses the fortress APIs, which then call the Apache LDAP Apis, meaning you’ll have to connect the dots to understand how the pwpolicy is interpreted.

—
Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org

Re: Can help me some demo code about Delegation Control in AD in ldap api

Posted by Shawn McKinney <sm...@apache.org>.

Hello,

> On Sep 12, 2019, at 1:41 AM, Chung Tran <bs...@gmail.com> wrote:
> 
> - i found about open source project like this : https://www.programcreek.com/java-api-examples/?code=apache%2Fdirectory-fortress-enmasse%2Fdirectory-fortress-enmasse-master%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fdirectory%2Ffortress%2Frest%2FReviewMgrImpl.java#
> 
> - but it hard to understand.

That is Apache Fortress Rest, a.k.a. Enmasse. It is a Web service interface for the Apache Fortress Core APIs.

Fortress is built on top of the Apache LDAP API, providing an RBAC centric schema and functionality over an LDAPv3 backend.

> 
> On Sep 12, 2019, at 1:41 AM, Chung Tran <bs...@gmail.com> wrote:
> 
> - i can connect to Active Directory Users and Computers(ADUC), via administrator, write some CRUD user, by using Apache Ldap API in java code.

Yes, that is what the LDAP API is for, connecting to disparate LDAP server back ends to perform ad-hoc functionality.

> 
> On Sep 12, 2019, at 1:41 AM, Chung Tran <bs...@gmail.com> wrote:
> 
> - i want Admin can make permission for user in [Users], use Delegation of Control to do this, some delegate: create, delete & manage user acc; or Reset password, etc.(att pic1)
> 
> - Documentation LDAP API dont have content for this.
> 
> Q1: can u help write some demo code to slove Delegation of Control to permission for user ?
> Q2: ldap API access [Reset Password..] (att pic2) in ADUC to reset user pw, can u have me some demo for slove this?
> 

What do you mean by delegation of control to permission user?

Delegation is an advanced topic.  What’s more there is not a discernible standard on how its to be done making it difficult to provide examples that have broad applicability.

Fortress provides administrative delegation using the ARBAC02 model.  I’m sure you could do some searching to learn more if you have interest.

What’s more, it has basic CRUD for user’s and groups.  I doubt you would find it useful for entries stored in AD, as it has a custom schema that extends inetorgperson.

There are also samples and tests in the fortress core repo that show howto do some of these types of things.

—Shawn
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org