loading ldif in embedded server

[Daan Hoogland <da...@gmail.com>]

LS,
I am embedding a server using
https://github.com/bkoehm/apacheds-embedded/pull/1 I have it running but
have a challenge loading ldif. Is there a documented way this can be done
in core in 2.0.0? I am not talking about schema, just user definitions and
groups.

thanks
-- 
Daan

Re: was and remains: loading ldif in embedded server

[Emmanuel Lécharny <el...@gmail.com>]

On 14/06/2019 12:13, Daan Hoogland wrote:
> @Pierre, Do you ask me to add an extra ticket next to DIRSERVER-1844?
No need. The ticket is already self explanatory.
> @Emmanuel, I saw your argument against it in that ticket. So I was 
> actually asking for a workaround. Is this a couple of days work for a 
> newbee or for you? I can justify a day or so, but certainly not a week.

It's a day or two for me. The code itself would not be complex, the 
biggest issue is to deal with the configuration addition.

I'll give it a try next week.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org

Re: was and remains: loading ldif in embedded server

[Pierre Smits <pi...@apache.org>]

Hallo Daan,

Nope. Niet dus. ;)

I overlooked that there was already one pertaining this. Then I suggest
that you enhance that ticket with your comments.  For now I referenced this
thread there.

Best regards,

Pierre Smits

*Apache Trafodion <https://trafodion.apache.org>, Vice President*
*Apache Directory <https://directory.apache.org>, PMC Member*
Apache Incubator <https://incubator.apache.org>, committer
*Apache OFBiz <https://ofbiz.apache.org>, contributor (without privileges)
since 2008*
Apache Steve <https://steve.apache.org>, committer


On Fri, Jun 14, 2019 at 12:13 PM Daan Hoogland <da...@gmail.com>
wrote:

> @Pierre, Do you ask me to add an extra ticket next to DIRSERVER-1844?
> @Emmanuel, I saw your argument against it in that ticket. So I was
> actually asking for a workaround. Is this a couple of days work for a
> newbee or for you? I can justify a day or so, but certainly not a week.
>
> regards,
>
> On Fri, Jun 14, 2019 at 11:41 AM Pierre Smits <pi...@apache.org>
> wrote:
>
>>
>> At face value this looks like a value-adding feature.
>>
>> @Daan: could you raise a ticket in our JIRA, and elaborate on the
>> requirements? E.g. reference this thread. A ticket will help in capturing
>> details, and enables (other) contributors to work on it.
>>
>> Best regards,
>>
>> Pierre Smits
>>
>> *Apache Trafodion <https://trafodion.apache.org>, Vice President*
>> *Apache Directory <https://directory.apache.org>, PMC Member*
>> Apache Incubator <https://incubator.apache.org>, committer
>> *Apache OFBiz <https://ofbiz.apache.org>, contributor (without
>> privileges) since 2008*
>> Apache Steve <https://steve.apache.org>, committer
>>
>>
>> On Fri, Jun 14, 2019 at 11:29 AM Emmanuel Lécharny <el...@gmail.com>
>> wrote:
>>
>>>
>>> On 14/06/2019 11:08, Daan Hoogland wrote:
>>> > H,
>>> > I got passed loading users
>>>
>>>
>>> Good !
>>>
>>>
>>> > and am facing the next point; the memberOf attribute. It is not
>>> > supposed to be in ADS yet, and as per the latest comment in
>>> > DIRSERVER-1844
>>> > <
>>> https://issues.apache.org/jira/browse/DIRSERVER-1844?focusedCommentId=16519598&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16519598>
>>>
>>> > will probably not be implemented. Now I am testing against an embedded
>>> > ADS and need yto operate on a variety of LDAP servers, so I want to
>>> > have it anyway. Is there a way to hack it in?
>>> > I looked at the stackoverflow question about this
>>> > <
>>> https://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds>
>>>
>>> > but after loading the extra schema the warning "Requested attribute
>>> > memberOf does not exist in the schema, it will be ignored". I don't
>>> > care for the overhead for now but really need to test this
>>> functionality.
>>>
>>> So the whole idea of having the memberOf attribute implemented is to be
>>> able, to 'generate' it on the fly ie when searching for entries that are
>>> member of a 'groupOfNames' entry. A good description is given on
>>>
>>> https://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance
>>>
>>>
>>> How to implement that in ApacheDS ? We would need to create a new
>>> Interceptor that acts upon a search operation by doing a search on
>>> entries containing the 'member' attribute with a DN associated to the
>>> entries being returned by the search. If we find some, then we create
>>> the 'memberOf' attribute and inject the group entry's DN into it.
>>>
>>> That is not really complex, except that if you want it to have good
>>> performance, you need to add an index on the 'member' attribute.
>>>
>>> It's a couple of days work, tests included.
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
>>> For additional commands, e-mail: dev-help@directory.apache.org
>>>
>>>
>
> --
> Daan
>

Re: was and remains: loading ldif in embedded server

[Daan Hoogland <da...@gmail.com>]

@Pierre, Do you ask me to add an extra ticket next to DIRSERVER-1844?
@Emmanuel, I saw your argument against it in that ticket. So I was actually
asking for a workaround. Is this a couple of days work for a newbee or for
you? I can justify a day or so, but certainly not a week.

regards,

On Fri, Jun 14, 2019 at 11:41 AM Pierre Smits <pi...@apache.org>
wrote:

>
> At face value this looks like a value-adding feature.
>
> @Daan: could you raise a ticket in our JIRA, and elaborate on the
> requirements? E.g. reference this thread. A ticket will help in capturing
> details, and enables (other) contributors to work on it.
>
> Best regards,
>
> Pierre Smits
>
> *Apache Trafodion <https://trafodion.apache.org>, Vice President*
> *Apache Directory <https://directory.apache.org>, PMC Member*
> Apache Incubator <https://incubator.apache.org>, committer
> *Apache OFBiz <https://ofbiz.apache.org>, contributor (without privileges)
> since 2008*
> Apache Steve <https://steve.apache.org>, committer
>
>
> On Fri, Jun 14, 2019 at 11:29 AM Emmanuel Lécharny <el...@gmail.com>
> wrote:
>
>>
>> On 14/06/2019 11:08, Daan Hoogland wrote:
>> > H,
>> > I got passed loading users
>>
>>
>> Good !
>>
>>
>> > and am facing the next point; the memberOf attribute. It is not
>> > supposed to be in ADS yet, and as per the latest comment in
>> > DIRSERVER-1844
>> > <
>> https://issues.apache.org/jira/browse/DIRSERVER-1844?focusedCommentId=16519598&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16519598>
>>
>> > will probably not be implemented. Now I am testing against an embedded
>> > ADS and need yto operate on a variety of LDAP servers, so I want to
>> > have it anyway. Is there a way to hack it in?
>> > I looked at the stackoverflow question about this
>> > <
>> https://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds>
>>
>> > but after loading the extra schema the warning "Requested attribute
>> > memberOf does not exist in the schema, it will be ignored". I don't
>> > care for the overhead for now but really need to test this
>> functionality.
>>
>> So the whole idea of having the memberOf attribute implemented is to be
>> able, to 'generate' it on the fly ie when searching for entries that are
>> member of a 'groupOfNames' entry. A good description is given on
>>
>> https://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance
>>
>>
>> How to implement that in ApacheDS ? We would need to create a new
>> Interceptor that acts upon a search operation by doing a search on
>> entries containing the 'member' attribute with a DN associated to the
>> entries being returned by the search. If we find some, then we create
>> the 'memberOf' attribute and inject the group entry's DN into it.
>>
>> That is not really complex, except that if you want it to have good
>> performance, you need to add an index on the 'member' attribute.
>>
>> It's a couple of days work, tests included.
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
>> For additional commands, e-mail: dev-help@directory.apache.org
>>
>>

-- 
Daan

Re: was and remains: loading ldif in embedded server

[Pierre Smits <pi...@apache.org>]

At face value this looks like a value-adding feature.

@Daan: could you raise a ticket in our JIRA, and elaborate on the
requirements? E.g. reference this thread. A ticket will help in capturing
details, and enables (other) contributors to work on it.

Best regards,

Pierre Smits

*Apache Trafodion <https://trafodion.apache.org>, Vice President*
*Apache Directory <https://directory.apache.org>, PMC Member*
Apache Incubator <https://incubator.apache.org>, committer
*Apache OFBiz <https://ofbiz.apache.org>, contributor (without privileges)
since 2008*
Apache Steve <https://steve.apache.org>, committer


On Fri, Jun 14, 2019 at 11:29 AM Emmanuel Lécharny <el...@gmail.com>
wrote:

>
> On 14/06/2019 11:08, Daan Hoogland wrote:
> > H,
> > I got passed loading users
>
>
> Good !
>
>
> > and am facing the next point; the memberOf attribute. It is not
> > supposed to be in ADS yet, and as per the latest comment in
> > DIRSERVER-1844
> > <
> https://issues.apache.org/jira/browse/DIRSERVER-1844?focusedCommentId=16519598&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16519598>
>
> > will probably not be implemented. Now I am testing against an embedded
> > ADS and need yto operate on a variety of LDAP servers, so I want to
> > have it anyway. Is there a way to hack it in?
> > I looked at the stackoverflow question about this
> > <
> https://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds>
>
> > but after loading the extra schema the warning "Requested attribute
> > memberOf does not exist in the schema, it will be ignored". I don't
> > care for the overhead for now but really need to test this functionality.
>
> So the whole idea of having the memberOf attribute implemented is to be
> able, to 'generate' it on the fly ie when searching for entries that are
> member of a 'groupOfNames' entry. A good description is given on
>
> https://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance
>
>
> How to implement that in ApacheDS ? We would need to create a new
> Interceptor that acts upon a search operation by doing a search on
> entries containing the 'member' attribute with a DN associated to the
> entries being returned by the search. If we find some, then we create
> the 'memberOf' attribute and inject the group entry's DN into it.
>
> That is not really complex, except that if you want it to have good
> performance, you need to add an index on the 'member' attribute.
>
> It's a couple of days work, tests included.
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
> For additional commands, e-mail: dev-help@directory.apache.org
>
>

Re: was and remains: loading ldif in embedded server

[Emmanuel Lécharny <el...@gmail.com>]

On 14/06/2019 11:08, Daan Hoogland wrote:
> H,
> I got passed loading users


Good !


> and am facing the next point; the memberOf attribute. It is not 
> supposed to be in ADS yet, and as per the latest comment in 
> DIRSERVER-1844 
> <https://issues.apache.org/jira/browse/DIRSERVER-1844?focusedCommentId=16519598&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16519598> 
> will probably not be implemented. Now I am testing against an embedded 
> ADS and need yto operate on a variety of LDAP servers, so I want to 
> have it anyway. Is there a way to hack it in?
> I looked at the stackoverflow question about this 
> <https://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds> 
> but after loading the extra schema the warning "Requested attribute 
> memberOf does not exist in the schema, it will be ignored". I don't 
> care for the overhead for now but really need to test this functionality.

So the whole idea of having the memberOf attribute implemented is to be 
able, to 'generate' it on the fly ie when searching for entries that are 
member of a 'groupOfNames' entry. A good description is given on 
https://www.openldap.org/doc/admin24/overlays.html#Reverse%20Group%20Membership%20Maintenance


How to implement that in ApacheDS ? We would need to create a new 
Interceptor that acts upon a search operation by doing a search on 
entries containing the 'member' attribute with a DN associated to the 
entries being returned by the search. If we find some, then we create 
the 'memberOf' attribute and inject the group entry's DN into it.

That is not really complex, except that if you want it to have good 
performance, you need to add an index on the 'member' attribute.

It's a couple of days work, tests included.



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org

was and remains: loading ldif in embedded server

[Daan Hoogland <da...@gmail.com>]

H,
I got passed loading users and am facing the next point; the memberOf
attribute. It is not supposed to be in ADS yet, and as per the latest
comment in DIRSERVER-1844
<https://issues.apache.org/jira/browse/DIRSERVER-1844?focusedCommentId=16519598&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-16519598>
will probably not be implemented. Now I am testing against an embedded ADS
and need yto operate on a variety of LDAP servers, so I want to have it
anyway. Is there a way to hack it in?
I looked at the stackoverflow question about this
<https://stackoverflow.com/questions/11174835/add-memberof-attribute-to-apacheds>
but after loading the extra schema the warning "Requested attribute
memberOf does not exist in the schema, it will be ignored". I don't care
for the overhead for now but really need to test this functionality.

thanks again,
-- 
Daan