You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@directory.apache.org by Stefan Düring <du...@zib.de> on 2017/05/04 07:59:59 UTC

[Studio] Subsequent input of connection password

I'm using Apache Directory Studio Version: 2.0.0.v20161101-M12 in Ubuntu 
16.04 LTS.
I changed language to german.

I save connection password in a keystore with master password.
In a connection I select "Simple authentication" and "Save password".

Now when I open a connection to a LDAP server I have to enter first the 
master password and then the password to access the LDAP.

I expected to be authenticated until I close the connection or the 
Studio, but from time to time I have to enter the connection password 
again when I change to another object in LDAP tree or to a search.

Is there a "session timeout" or another setting to remember the 
authentication until the session ends ?

Stefan

Re: [Studio] Subsequent input of connection password

Posted by Emmanuel Lécharny <el...@gmail.com>.


Le 04/05/2017 à 16:20, Black, Douglas a écrit :
> I use Directory Studio to authenticate to an eDirectory (v8.8) tree and an Active Directory (2008R2) domain forest.  
>
> 1. I create a new LDAP connection, providing my user name and password.  I check the 'save password' box.  
> 2. Under Window > Preferences > Apache Directory Studio > Connections > Passwords Keystore, I click "Store connection passwords" and provide a master password (different from my authentication passwords) when prompted.
>
> With the previous version of Directory Studio, I had to provide the keystore password the first time I tried to open an LDAP connection, but after that I was never prompted again.  With this version, even though I am using the password keystore, I am prompted to re-authenticate, as I said, every few minutes.  This happens both with eDirectory and Active Directory. 

Ok, now I get it.

The latest version added a feature, allowing users to store the
connection passwords in a keystore in order to avoid having those
passwords stored in the XML file containing the connectioninformation in
clear text.

I have configured Studio so that it uses this feature. Give me a bit of
time to see if it asks me for the keystore password.

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: [Studio] Subsequent input of connection password

Posted by Emmanuel Lécharny <el...@gmail.com>.


Le 04/05/2017 à 16:20, Black, Douglas a écrit :
> I use Directory Studio to authenticate to an eDirectory (v8.8) tree and an Active Directory (2008R2) domain forest.  
>
> 1. I create a new LDAP connection, providing my user name and password.  I check the 'save password' box.  
> 2. Under Window > Preferences > Apache Directory Studio > Connections > Passwords Keystore, I click "Store connection passwords" and provide a master password (different from my authentication passwords) when prompted.
>
> With the previous version of Directory Studio, I had to provide the keystore password the first time I tried to open an LDAP connection, but after that I was never prompted again.  With this version, even though I am using the password keystore, I am prompted to re-authenticate, as I said, every few minutes.  This happens both with eDirectory and Active Directory. 

Note that you can check if teh nightly build fixes the issue by
downloading a version here :

https://builds.apache.org/job/dir-studio/lastStableBuild/

WARNING : this is clearly NOT an official build !!!


-- 

Emmanuel Lecharny

Symas.com
directory.apache.org

RE: [Studio] Subsequent input of connection password

Posted by "Black, Douglas" <Do...@osumc.edu>.

Thanks for confirming my experience.  Is there any word on when M13 will be released?  Is there any reason I should not revert to M8 until then? 

Thanks,

Doug Black
doug.black@osumc.edu


-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Thursday, May 4, 2017 12:05
To: users@directory.apache.org
Subject: Re: [Studio] Subsequent input of connection password



Le 04/05/2017 à 16:20, Black, Douglas a écrit :
> I use Directory Studio to authenticate to an eDirectory (v8.8) tree and an Active Directory (2008R2) domain forest.  
>
> 1. I create a new LDAP connection, providing my user name and password.  I check the 'save password' box.  
> 2. Under Window > Preferences > Apache Directory Studio > Connections > Passwords Keystore, I click "Store connection passwords" and provide a master password (different from my authentication passwords) when prompted.
>
> With the previous version of Directory Studio, I had to provide the keystore password the first time I tried to open an LDAP connection, but after that I was never prompted again.  With this version, even though I am using the password keystore, I am prompted to re-authenticate, as I said, every few minutes.  This happens both with eDirectory and Active Directory. 

I think it's already fixed, see
https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_DIRSTUDIO-2D1130&d=DwIFaQ&c=k9MF1d71ITtkuJx-PdWme51dKbmfPEvxwt8SFEkBfs4&r=9lyckcM6ZhJLsBO8S-PrSIMUchQ_vFPG0h87-ifHH1k&m=Z1axRxu6ri8KPlmOG4IDx2d68WbWwI6ys1HNYeEE6YY&s=CS5qHt5F5CSZ1P2Jb2Aaw-xFH5wBROFMx1_zhbsYZrA&e= . This will be available in M13.

Stefan, can you confirm ?

--
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: [Studio] Subsequent input of connection password

Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.

On 05/05/2017 08:15 AM, Stefan Düring wrote:
> Thanks Emmanuel, I installed the snapshot and the first try was like
> expected:
> 
> I just have to enter the master password and don't have to
> re-authenticate with an user password again.

Just another warning that the snapshot is not an official release, and
especially currently the Studio snapshot uses ApacheDS and LDAP API
snapshots, so it's rather unpredictable which code your run.

> Am 04.05.2017 um 18:04 schrieb Emmanuel Lécharny:
>>
>> Le 04/05/2017 à 16:20, Black, Douglas a écrit :
>>> I use Directory Studio to authenticate to an eDirectory (v8.8) tree
>>> and an Active Directory (2008R2) domain forest.
>>>
>>> 1. I create a new LDAP connection, providing my user name and
>>> password.  I check the 'save password' box.
>>> 2. Under Window > Preferences > Apache Directory Studio > Connections
>>> > Passwords Keystore, I click "Store connection passwords" and
>>> provide a master password (different from my authentication
>>> passwords) when prompted.
>>>
>>> With the previous version of Directory Studio, I had to provide the
>>> keystore password the first time I tried to open an LDAP connection,
>>> but after that I was never prompted again.  With this version, even
>>> though I am using the password keystore, I am prompted to
>>> re-authenticate, as I said, every few minutes.  This happens both
>>> with eDirectory and Active Directory.
>> I think it's already fixed, see
>> https://issues.apache.org/jira/browse/DIRSTUDIO-1130. This will be
>> available in M13.
>>
>> Stefan, can you confirm ?

I guess you meant me? Yes it is fixed. I'll send another mail about
release plans...

Kind Regards,
Stefan

Re: [Studio] Subsequent input of connection password

Posted by Stefan Düring <du...@zib.de>.

Thanks Emmanuel, I installed the snapshot and the first try was like 
expected:

I just have to enter the master password and don't have to 
re-authenticate with an user password again.

Stefan

Am 04.05.2017 um 18:04 schrieb Emmanuel Lécharny:
>
> Le 04/05/2017 à 16:20, Black, Douglas a écrit :
>> I use Directory Studio to authenticate to an eDirectory (v8.8) tree and an Active Directory (2008R2) domain forest.
>>
>> 1. I create a new LDAP connection, providing my user name and password.  I check the 'save password' box.
>> 2. Under Window > Preferences > Apache Directory Studio > Connections > Passwords Keystore, I click "Store connection passwords" and provide a master password (different from my authentication passwords) when prompted.
>>
>> With the previous version of Directory Studio, I had to provide the keystore password the first time I tried to open an LDAP connection, but after that I was never prompted again.  With this version, even though I am using the password keystore, I am prompted to re-authenticate, as I said, every few minutes.  This happens both with eDirectory and Active Directory.
> I think it's already fixed, see
> https://issues.apache.org/jira/browse/DIRSTUDIO-1130. This will be
> available in M13.
>
> Stefan, can you confirm ?
>

Re: [Studio] Subsequent input of connection password

Posted by Emmanuel Lécharny <el...@gmail.com>.


Le 04/05/2017 à 16:20, Black, Douglas a écrit :
> I use Directory Studio to authenticate to an eDirectory (v8.8) tree and an Active Directory (2008R2) domain forest.  
>
> 1. I create a new LDAP connection, providing my user name and password.  I check the 'save password' box.  
> 2. Under Window > Preferences > Apache Directory Studio > Connections > Passwords Keystore, I click "Store connection passwords" and provide a master password (different from my authentication passwords) when prompted.
>
> With the previous version of Directory Studio, I had to provide the keystore password the first time I tried to open an LDAP connection, but after that I was never prompted again.  With this version, even though I am using the password keystore, I am prompted to re-authenticate, as I said, every few minutes.  This happens both with eDirectory and Active Directory. 

I think it's already fixed, see
https://issues.apache.org/jira/browse/DIRSTUDIO-1130. This will be
available in M13.

Stefan, can you confirm ?

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

RE: [Studio] Subsequent input of connection password

Posted by "Black, Douglas" <Do...@osumc.edu>.

I use Directory Studio to authenticate to an eDirectory (v8.8) tree and an Active Directory (2008R2) domain forest.  

1. I create a new LDAP connection, providing my user name and password.  I check the 'save password' box.  
2. Under Window > Preferences > Apache Directory Studio > Connections > Passwords Keystore, I click "Store connection passwords" and provide a master password (different from my authentication passwords) when prompted.

With the previous version of Directory Studio, I had to provide the keystore password the first time I tried to open an LDAP connection, but after that I was never prompted again.  With this version, even though I am using the password keystore, I am prompted to re-authenticate, as I said, every few minutes.  This happens both with eDirectory and Active Directory. 




-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Thursday, May 4, 2017 10:09
To: users@directory.apache.org
Subject: Re: [Studio] Subsequent input of connection password



Le 04/05/2017 à 14:45, Black, Douglas a écrit :
> I have the same issue, and it only started happening when I switched to the latest release of Apache Directory Studio.  When I was on version 2.0.0.v20150606-M9, I was able to enter the master password once and it never asked for additional authentication after that.  Now it requires me to re-authenticate literally every few minutes.  

Ok, now, I'm a bit lost.

Ca you describe the full manipulation ?
- how you do store the password in the keystore,
- how you use the save password
- which LDAP server you are using.

Thanks !

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: [Studio] Subsequent input of connection password

Posted by Emmanuel Lécharny <el...@gmail.com>.


Le 04/05/2017 à 14:45, Black, Douglas a écrit :
> I have the same issue, and it only started happening when I switched to the latest release of Apache Directory Studio.  When I was on version 2.0.0.v20150606-M9, I was able to enter the master password once and it never asked for additional authentication after that.  Now it requires me to re-authenticate literally every few minutes.  

Ok, now, I'm a bit lost.

Ca you describe the full manipulation ?
- how you do store the password in the keystore,
- how you use the save password
- which LDAP server you are using.

Thanks !

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

RE: [Studio] Subsequent input of connection password

Posted by "Black, Douglas" <Do...@osumc.edu>.

I have the same issue, and it only started happening when I switched to the latest release of Apache Directory Studio.  When I was on version 2.0.0.v20150606-M9, I was able to enter the master password once and it never asked for additional authentication after that.  Now it requires me to re-authenticate literally every few minutes.  

-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Thursday, May 4, 2017 04:53
To: users@directory.apache.org
Subject: Re: [Studio] Subsequent input of connection password

Le 04/05/2017 à 09:59, Stefan Düring a écrit :
> I'm using Apache Directory Studio Version: 2.0.0.v20161101-M12 in 
> Ubuntu 16.04 LTS.
> I changed language to german.
>
> I save connection password in a keystore with master password.
> In a connection I select "Simple authentication" and "Save password".
>
> Now when I open a connection to a LDAP server I have to enter first 
> the master password and then the password to access the LDAP.
>
> I expected to be authenticated until I close the connection or the 
> Studio, but from time to time I have to enter the connection password 
> again when I change to another object in LDAP tree or to a search.
>
> Is there a "session timeout" or another setting to remember the 
> authentication until the session ends ?

I would say it depends on your server configuration. If you keep the connection open for a very long time, it's likely that the socket get automatically closed by the underlying OS.

Otherwise, there is no such thing as a connection timeout, beside the timeout we have when a request is sent and the client is waiting for a response - but this timeout does not close the connection, t just aborts the operation -.

--
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: [Studio] Subsequent input of connection password

Posted by Emmanuel Lécharny <el...@gmail.com>.


Le 04/05/2017 à 09:59, Stefan Düring a écrit :
> I'm using Apache Directory Studio Version: 2.0.0.v20161101-M12 in
> Ubuntu 16.04 LTS.
> I changed language to german.
>
> I save connection password in a keystore with master password.
> In a connection I select "Simple authentication" and "Save password".
>
> Now when I open a connection to a LDAP server I have to enter first
> the master password and then the password to access the LDAP.
>
> I expected to be authenticated until I close the connection or the
> Studio, but from time to time I have to enter the connection password
> again when I change to another object in LDAP tree or to a search.
>
> Is there a "session timeout" or another setting to remember the
> authentication until the session ends ?

I would say it depends on your server configuration. If you keep the
connection open for a very long time, it's likely that the socket get
automatically closed by the underlying OS.

Otherwise, there is no such thing as a connection timeout, beside the
timeout we have when a request is sent and the client is waiting for a
response - but this timeout does not close the connection, t just aborts
the operation -.

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org