You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Amila Suriarachchi <am...@gmail.com> on 2010/03/03 10:31:42 UTC
persisting subentries
hi all,
In our code we programatically add partitions to embeded Apache DS server
with the following code
JdbmPartition partition = addNewPartition(tenant);
try {
this.directoryService.addPartition(partition);
try {
this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
} catch (Exception e) {
LdapDN tenantdn = new
LdapDN(getTenantSuffix(tenant.getDomain()));
ServerEntry tenantEntry =
this.directoryService.newEntry(tenantdn);
tenantEntry.add("objectClass", "top", "organization",
"extensibleObject");
tenantEntry.add("o", tenant.getDomain());
tenantEntry.add("manager", "uid=" + tenant.getAdminName() +
"," + partition.getSuffix());
tenantEntry.add("administrativeRole",
"accessControlSpecificArea");
this.directoryService.getAdminSession().add(tenantEntry);
addAdminACLEntry(tenant, partition.getSuffix());
addAdmin(tenant, partition.getSuffix());
LdapDN usersdn = new LdapDN("ou=users," +
partition.getSuffixDn());
ServerEntry usersEntry =
this.directoryService.newEntry(usersdn);
usersEntry.add("objectClass", "organizationalUnit", "top");
usersEntry.add("ou", "users");
this.directoryService.getAdminSession().add(usersEntry);
}
} catch (Exception e) {
throw new UserStoreException("Could not add the partition ", e);
}
return tenant.getId();
addAdminACLEntry method looks like this,
private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
Exception {
//add the permission entry
LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
tenantSufix);
ServerEntry adminACLEntry =
directoryService.newEntry(adminACLEntrydn);
adminACLEntry.add("objectClass", "accessControlSubentry",
"subentry", "top");
adminACLEntry.add("cn", "adminACLEntry");
adminACLEntry.add("prescriptiveACI", "{ identificationTag
\"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
"itemOrUserFirst userFirst: { userClasses { name { \"uid=" +
tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
"userPermissions { { protectedItems { entry,
allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
grantExport, grantDiscloseOnError } } } } }");
adminACLEntry.add("subtreeSpecification", "{ }");
directoryService.getAdminSession().add(adminACLEntry);
}
this adminACLEntry is used to give the access rights to admin user to other
entries in the partition.
Every thing works fine. i.e. when I log in as the partition admin user I can
see the other entries of the partition.
If I stop the Embeded server and start it then the newly added partition is
not visible. This can be fixed by adding the partition again
i.e.
public void addPartitionToTenant(Tenant tenant) throws UserStoreException {
try {
this.directoryService.addPartition(addNewPartition(tenant));
this.directoryService.sync();
} catch (Exception e) {
throw new UserStoreException("Can not add the new partition ",
e);
}
}
but after this when I log in as the admin user I can't see the other
entries. However this entry is exists in the Adminsession.
i.e
String tenantSufix = getTenantSuffix(tenant.getDomain());
LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
tenantSufix);
ServerEntry adminACLEntry =
this.directoryService.getAdminSession().lookup(adminACLEntrydn);
returns the correct an entry for adminACLEntry. however I can not delete
this entry and if I tried so it gives a null pointer exception.
i.e.
at
org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
at
org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
Does ApacheDS persists accessControlSubentries ?
Do I have to set any other attribute in order to do so?
thanks,
Amila.
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
Re: persisting subentries
Posted by Ersin Er <er...@gmail.com>.
Hmm, this seems to be a hack :-) But if it works it can be fine for now..
On Fri, Mar 5, 2010 at 07:51, Amila Suriarachchi <
amilasuriarachchi@gmail.com> wrote:
> hi,
>
> I used the following code to initialise the interceptors and it worked
> fine.
>
> List<Interceptor> interceptors = this.directoryService.getInterceptors();
> for (Interceptor interceptor : interceptors) {
> interceptor.init(this.directoryService);
> }
>
> thanks a lot.
>
> Amila.
>
> On Wed, Mar 3, 2010 at 5:01 PM, Ersin Er <er...@gmail.com> wrote:
>
> > If I am not mistaken, ApacheDS cannot lookup for exising partitions
> during
> > startup. You need to specify even existing partitions as a configuration
> > parameter. That's why such a section exists in server.xml. In case of
> > embedding I guess you need to add the partition on each startup. Adding a
> > partition means making the server aware of it. After adding it you can
> > check
> > whether the root entry exists and also add it if necessary (which means
> the
> > partition is being created for the first time).
> >
> > BTW, both the partition and the interceptor chain needs to be initialized
> > correctly and also the chain should include Subentry and ACI
> Authorization
> > interceptors in your case.
> >
> > On Wed, Mar 3, 2010 at 13:07, Amila Suriarachchi <
> > amilasuriarachchi@gmail.com> wrote:
> >
> > > On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <er...@gmail.com> wrote:
> > >
> > > > If the partition has not been appropriately initialized during
> startup,
> > > the
> > > > subentryCache may not have been filled up with existing subentries'
> > > > information. So trying to remove an non-existent entry from the cache
> > can
> > > > result in NPE.
> > > >
> > > > However I am not sure as I do not know exactly which like is the
> 599th
> > > one.
> > > >
> > > > If I am correct you need to solve the problem of partition
> > initialization
> > > > first. This may not be really directly related to Subentries or
> Access
> > > > Control Subsystem.
> > > >
> > >
> > > if I create a partition programatically, does ApacheDS suppose to save
> > the
> > > partition and make
> > > that available at the re start of the server?
> > >
> > > thanks,
> > > Amila.
> > >
> > > >
> > > > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> > > > amilasuriarachchi@gmail.com> wrote:
> > > >
> > > > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <
> > elecharny@gmail.com
> > > > > >wrote:
> > > > >
> > > > > > Can you try to call the DirectoryService sync() method before
> > closing
> > > > the
> > > > > > server ? Data are flushed on disk every 15 secondes by defaultn
> > that
> > > > > could
> > > > > > explain why you don't get your data persisted (this is
> configured,
> > > and
> > > > if
> > > > > > you set the default value to 0, everything is flushed
> immediately,
> > at
> > > > the
> > > > > > price of a slower server)
> > > > >
> > > > >
> > > > > I set the sync time to 0. but still have the problem.
> > > > >
> > > > > As I can see this entry is can be seen if I access it with
> > > > >
> > > > > ServerEntry adminACLEntry =
> > > > > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > >
> > > > > but for some reason it seems to be not working.
> > > > >
> > > > > If I try to delete it, it gives a null pointer exception here.
> > > > > (SubEntryInterceptor.java 599)
> > > > >
> > > > > if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > > > > {
> > > > > SubtreeSpecification ss = subentryCache.removeSubentry(
> > > > > name.toNormName() ).getSubtreeSpecification();
> > > > > next.delete( opContext );
> > > > >
> > > > > at this point subentryCache is empty.
> > > > >
> > > > > thanks,
> > > > > Amila.
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > > > > >
> > > > > >> hi all,
> > > > > >>
> > > > > >> In our code we programatically add partitions to embeded Apache
> DS
> > > > > server
> > > > > >> with the following code
> > > > > >>
> > > > > >> JdbmPartition partition = addNewPartition(tenant);
> > > > > >>
> > > > > >> try {
> > > > > >> this.directoryService.addPartition(partition);
> > > > > >> try {
> > > > > >>
> > > > > >>
> > > >
> > this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > > > > >> } catch (Exception e) {
> > > > > >> LdapDN tenantdn = new
> > > > > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > > > > >> ServerEntry tenantEntry =
> > > > > >> this.directoryService.newEntry(tenantdn);
> > > > > >> tenantEntry.add("objectClass", "top",
> > > "organization",
> > > > > >> "extensibleObject");
> > > > > >> tenantEntry.add("o", tenant.getDomain());
> > > > > >> tenantEntry.add("manager", "uid=" +
> > > > > tenant.getAdminName()
> > > > > >> +
> > > > > >> "," + partition.getSuffix());
> > > > > >> tenantEntry.add("administrativeRole",
> > > > > >> "accessControlSpecificArea");
> > > > > >>
> > > > > >>
> > > > > this.directoryService.getAdminSession().add(tenantEntry);
> > > > > >>
> > > > > >> addAdminACLEntry(tenant, partition.getSuffix());
> > > > > >> addAdmin(tenant, partition.getSuffix());
> > > > > >>
> > > > > >> LdapDN usersdn = new LdapDN("ou=users," +
> > > > > >> partition.getSuffixDn());
> > > > > >> ServerEntry usersEntry =
> > > > > >> this.directoryService.newEntry(usersdn);
> > > > > >> usersEntry.add("objectClass",
> > "organizationalUnit",
> > > > > >> "top");
> > > > > >> usersEntry.add("ou", "users");
> > > > > >>
> > > > > >>
> > > > this.directoryService.getAdminSession().add(usersEntry);
> > > > > >>
> > > > > >> }
> > > > > >> } catch (Exception e) {
> > > > > >> throw new UserStoreException("Could not add the
> > > partition
> > > > ",
> > > > > >> e);
> > > > > >> }
> > > > > >> return tenant.getId();
> > > > > >>
> > > > > >> addAdminACLEntry method looks like this,
> > > > > >>
> > > > > >> private void addAdminACLEntry(Tenant tenant, String
> tenantSufix)
> > > > throws
> > > > > >> Exception {
> > > > > >> //add the permission entry
> > > > > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry,"
> +
> > > > > >> tenantSufix);
> > > > > >> ServerEntry adminACLEntry =
> > > > > >> directoryService.newEntry(adminACLEntrydn);
> > > > > >> adminACLEntry.add("objectClass",
> "accessControlSubentry",
> > > > > >> "subentry", "top");
> > > > > >> adminACLEntry.add("cn", "adminACLEntry");
> > > > > >> adminACLEntry.add("prescriptiveACI", "{
> identificationTag
> > > > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple,
> "
> > +
> > > > > >> "itemOrUserFirst userFirst: { userClasses { name
> {
> > > > > \"uid="
> > > > > >> +
> > > > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > > > > >> "userPermissions { { protectedItems { entry,
> > > > > >> allUserAttributeTypesAndValues }, grantsAndDenials {
> grantBrowse,
> > > > > >> grantFilterMatch, grantModify, grantAdd, grantCompare,
> > grantRename,
> > > > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > > > > >> grantExport, grantDiscloseOnError } } } } }");
> > > > > >> adminACLEntry.add("subtreeSpecification", "{ }");
> > > > > >>
> > > > > >> directoryService.getAdminSession().add(adminACLEntry);
> > > > > >> }
> > > > > >>
> > > > > >> this adminACLEntry is used to give the access rights to admin
> user
> > > to
> > > > > >> other
> > > > > >> entries in the partition.
> > > > > >>
> > > > > >> Every thing works fine. i.e. when I log in as the partition
> admin
> > > user
> > > > I
> > > > > >> can
> > > > > >> see the other entries of the partition.
> > > > > >>
> > > > > >> If I stop the Embeded server and start it then the newly added
> > > > partition
> > > > > >> is
> > > > > >> not visible. This can be fixed by adding the partition again
> > > > > >>
> > > > > >> i.e.
> > > > > >>
> > > > > >> public void addPartitionToTenant(Tenant tenant) throws
> > > > > UserStoreException
> > > > > >> {
> > > > > >> try {
> > > > > >>
> > > > this.directoryService.addPartition(addNewPartition(tenant));
> > > > > >> this.directoryService.sync();
> > > > > >> } catch (Exception e) {
> > > > > >> throw new UserStoreException("Can not add the new
> > > > partition
> > > > > ",
> > > > > >> e);
> > > > > >> }
> > > > > >> }
> > > > > >>
> > > > > >> but after this when I log in as the admin user I can't see the
> > other
> > > > > >> entries. However this entry is exists in the Adminsession.
> > > > > >>
> > > > > >> i.e
> > > > > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > > > > >> LdapDN adminACLEntrydn = new
> > LdapDN("cn=adminACLEntry,"
> > > +
> > > > > >> tenantSufix);
> > > > > >> ServerEntry adminACLEntry =
> > > > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > > >>
> > > > > >> returns the correct an entry for adminACLEntry. however I can
> not
> > > > delete
> > > > > >> this entry and if I tried so it gives a null pointer exception.
> > > > > >>
> > > > > >> i.e.
> > > > > >> at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > > > > >> at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > > >> at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > > > > >> at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > > >>
> > > > > >> Does ApacheDS persists accessControlSubentries ?
> > > > > >>
> > > > > >> Do I have to set any other attribute in order to do so?
> > > > > >>
> > > > > >> thanks,
> > > > > >> Amila.
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Regards,
> > > > > > Cordialement,
> > > > > > Emmanuel Lécharny
> > > > > > www.nextury.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Amila Suriarachchi
> > > > > WSO2 Inc.
> > > > > blog: http://amilachinthaka.blogspot.com/
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Ersin ER
> > > > http://www.ersiner.net
> > > >
> > >
> > >
> > >
> > > --
> > > Amila Suriarachchi
> > > WSO2 Inc.
> > > blog: http://amilachinthaka.blogspot.com/
> > >
> >
> >
> >
> > --
> > Ersin ER
> > http://www.ersiner.net
> >
>
>
>
> --
> Amila Suriarachchi
> WSO2 Inc.
> blog: http://amilachinthaka.blogspot.com/
>
--
Ersin ER
http://www.ersiner.net
Re: persisting subentries
Posted by Amila Suriarachchi <am...@gmail.com>.
hi,
I used the following code to initialise the interceptors and it worked fine.
List<Interceptor> interceptors = this.directoryService.getInterceptors();
for (Interceptor interceptor : interceptors) {
interceptor.init(this.directoryService);
}
thanks a lot.
Amila.
On Wed, Mar 3, 2010 at 5:01 PM, Ersin Er <er...@gmail.com> wrote:
> If I am not mistaken, ApacheDS cannot lookup for exising partitions during
> startup. You need to specify even existing partitions as a configuration
> parameter. That's why such a section exists in server.xml. In case of
> embedding I guess you need to add the partition on each startup. Adding a
> partition means making the server aware of it. After adding it you can
> check
> whether the root entry exists and also add it if necessary (which means the
> partition is being created for the first time).
>
> BTW, both the partition and the interceptor chain needs to be initialized
> correctly and also the chain should include Subentry and ACI Authorization
> interceptors in your case.
>
> On Wed, Mar 3, 2010 at 13:07, Amila Suriarachchi <
> amilasuriarachchi@gmail.com> wrote:
>
> > On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <er...@gmail.com> wrote:
> >
> > > If the partition has not been appropriately initialized during startup,
> > the
> > > subentryCache may not have been filled up with existing subentries'
> > > information. So trying to remove an non-existent entry from the cache
> can
> > > result in NPE.
> > >
> > > However I am not sure as I do not know exactly which like is the 599th
> > one.
> > >
> > > If I am correct you need to solve the problem of partition
> initialization
> > > first. This may not be really directly related to Subentries or Access
> > > Control Subsystem.
> > >
> >
> > if I create a partition programatically, does ApacheDS suppose to save
> the
> > partition and make
> > that available at the re start of the server?
> >
> > thanks,
> > Amila.
> >
> > >
> > > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> > > amilasuriarachchi@gmail.com> wrote:
> > >
> > > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <
> elecharny@gmail.com
> > > > >wrote:
> > > >
> > > > > Can you try to call the DirectoryService sync() method before
> closing
> > > the
> > > > > server ? Data are flushed on disk every 15 secondes by defaultn
> that
> > > > could
> > > > > explain why you don't get your data persisted (this is configured,
> > and
> > > if
> > > > > you set the default value to 0, everything is flushed immediately,
> at
> > > the
> > > > > price of a slower server)
> > > >
> > > >
> > > > I set the sync time to 0. but still have the problem.
> > > >
> > > > As I can see this entry is can be seen if I access it with
> > > >
> > > > ServerEntry adminACLEntry =
> > > > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > >
> > > > but for some reason it seems to be not working.
> > > >
> > > > If I try to delete it, it gives a null pointer exception here.
> > > > (SubEntryInterceptor.java 599)
> > > >
> > > > if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > > > {
> > > > SubtreeSpecification ss = subentryCache.removeSubentry(
> > > > name.toNormName() ).getSubtreeSpecification();
> > > > next.delete( opContext );
> > > >
> > > > at this point subentryCache is empty.
> > > >
> > > > thanks,
> > > > Amila.
> > > >
> > > >
> > > >
> > > > >
> > > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > > > >
> > > > >> hi all,
> > > > >>
> > > > >> In our code we programatically add partitions to embeded Apache DS
> > > > server
> > > > >> with the following code
> > > > >>
> > > > >> JdbmPartition partition = addNewPartition(tenant);
> > > > >>
> > > > >> try {
> > > > >> this.directoryService.addPartition(partition);
> > > > >> try {
> > > > >>
> > > > >>
> > >
> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > > > >> } catch (Exception e) {
> > > > >> LdapDN tenantdn = new
> > > > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > > > >> ServerEntry tenantEntry =
> > > > >> this.directoryService.newEntry(tenantdn);
> > > > >> tenantEntry.add("objectClass", "top",
> > "organization",
> > > > >> "extensibleObject");
> > > > >> tenantEntry.add("o", tenant.getDomain());
> > > > >> tenantEntry.add("manager", "uid=" +
> > > > tenant.getAdminName()
> > > > >> +
> > > > >> "," + partition.getSuffix());
> > > > >> tenantEntry.add("administrativeRole",
> > > > >> "accessControlSpecificArea");
> > > > >>
> > > > >>
> > > > this.directoryService.getAdminSession().add(tenantEntry);
> > > > >>
> > > > >> addAdminACLEntry(tenant, partition.getSuffix());
> > > > >> addAdmin(tenant, partition.getSuffix());
> > > > >>
> > > > >> LdapDN usersdn = new LdapDN("ou=users," +
> > > > >> partition.getSuffixDn());
> > > > >> ServerEntry usersEntry =
> > > > >> this.directoryService.newEntry(usersdn);
> > > > >> usersEntry.add("objectClass",
> "organizationalUnit",
> > > > >> "top");
> > > > >> usersEntry.add("ou", "users");
> > > > >>
> > > > >>
> > > this.directoryService.getAdminSession().add(usersEntry);
> > > > >>
> > > > >> }
> > > > >> } catch (Exception e) {
> > > > >> throw new UserStoreException("Could not add the
> > partition
> > > ",
> > > > >> e);
> > > > >> }
> > > > >> return tenant.getId();
> > > > >>
> > > > >> addAdminACLEntry method looks like this,
> > > > >>
> > > > >> private void addAdminACLEntry(Tenant tenant, String tenantSufix)
> > > throws
> > > > >> Exception {
> > > > >> //add the permission entry
> > > > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> > > > >> tenantSufix);
> > > > >> ServerEntry adminACLEntry =
> > > > >> directoryService.newEntry(adminACLEntrydn);
> > > > >> adminACLEntry.add("objectClass", "accessControlSubentry",
> > > > >> "subentry", "top");
> > > > >> adminACLEntry.add("cn", "adminACLEntry");
> > > > >> adminACLEntry.add("prescriptiveACI", "{ identificationTag
> > > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, "
> +
> > > > >> "itemOrUserFirst userFirst: { userClasses { name {
> > > > \"uid="
> > > > >> +
> > > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > > > >> "userPermissions { { protectedItems { entry,
> > > > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> > > > >> grantFilterMatch, grantModify, grantAdd, grantCompare,
> grantRename,
> > > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > > > >> grantExport, grantDiscloseOnError } } } } }");
> > > > >> adminACLEntry.add("subtreeSpecification", "{ }");
> > > > >>
> > > > >> directoryService.getAdminSession().add(adminACLEntry);
> > > > >> }
> > > > >>
> > > > >> this adminACLEntry is used to give the access rights to admin user
> > to
> > > > >> other
> > > > >> entries in the partition.
> > > > >>
> > > > >> Every thing works fine. i.e. when I log in as the partition admin
> > user
> > > I
> > > > >> can
> > > > >> see the other entries of the partition.
> > > > >>
> > > > >> If I stop the Embeded server and start it then the newly added
> > > partition
> > > > >> is
> > > > >> not visible. This can be fixed by adding the partition again
> > > > >>
> > > > >> i.e.
> > > > >>
> > > > >> public void addPartitionToTenant(Tenant tenant) throws
> > > > UserStoreException
> > > > >> {
> > > > >> try {
> > > > >>
> > > this.directoryService.addPartition(addNewPartition(tenant));
> > > > >> this.directoryService.sync();
> > > > >> } catch (Exception e) {
> > > > >> throw new UserStoreException("Can not add the new
> > > partition
> > > > ",
> > > > >> e);
> > > > >> }
> > > > >> }
> > > > >>
> > > > >> but after this when I log in as the admin user I can't see the
> other
> > > > >> entries. However this entry is exists in the Adminsession.
> > > > >>
> > > > >> i.e
> > > > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > > > >> LdapDN adminACLEntrydn = new
> LdapDN("cn=adminACLEntry,"
> > +
> > > > >> tenantSufix);
> > > > >> ServerEntry adminACLEntry =
> > > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > >>
> > > > >> returns the correct an entry for adminACLEntry. however I can not
> > > delete
> > > > >> this entry and if I tried so it gives a null pointer exception.
> > > > >>
> > > > >> i.e.
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > >>
> > > > >> Does ApacheDS persists accessControlSubentries ?
> > > > >>
> > > > >> Do I have to set any other attribute in order to do so?
> > > > >>
> > > > >> thanks,
> > > > >> Amila.
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Cordialement,
> > > > > Emmanuel Lécharny
> > > > > www.nextury.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Amila Suriarachchi
> > > > WSO2 Inc.
> > > > blog: http://amilachinthaka.blogspot.com/
> > > >
> > >
> > >
> > >
> > > --
> > > Ersin ER
> > > http://www.ersiner.net
> > >
> >
> >
> >
> > --
> > Amila Suriarachchi
> > WSO2 Inc.
> > blog: http://amilachinthaka.blogspot.com/
> >
>
>
>
> --
> Ersin ER
> http://www.ersiner.net
>
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
Re: persisting subentries
Posted by Ersin Er <er...@gmail.com>.
If I am not mistaken, ApacheDS cannot lookup for exising partitions during
startup. You need to specify even existing partitions as a configuration
parameter. That's why such a section exists in server.xml. In case of
embedding I guess you need to add the partition on each startup. Adding a
partition means making the server aware of it. After adding it you can check
whether the root entry exists and also add it if necessary (which means the
partition is being created for the first time).
BTW, both the partition and the interceptor chain needs to be initialized
correctly and also the chain should include Subentry and ACI Authorization
interceptors in your case.
On Wed, Mar 3, 2010 at 13:07, Amila Suriarachchi <
amilasuriarachchi@gmail.com> wrote:
> On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <er...@gmail.com> wrote:
>
> > If the partition has not been appropriately initialized during startup,
> the
> > subentryCache may not have been filled up with existing subentries'
> > information. So trying to remove an non-existent entry from the cache can
> > result in NPE.
> >
> > However I am not sure as I do not know exactly which like is the 599th
> one.
> >
> > If I am correct you need to solve the problem of partition initialization
> > first. This may not be really directly related to Subentries or Access
> > Control Subsystem.
> >
>
> if I create a partition programatically, does ApacheDS suppose to save the
> partition and make
> that available at the re start of the server?
>
> thanks,
> Amila.
>
> >
> > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> > amilasuriarachchi@gmail.com> wrote:
> >
> > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <elecharny@gmail.com
> > > >wrote:
> > >
> > > > Can you try to call the DirectoryService sync() method before closing
> > the
> > > > server ? Data are flushed on disk every 15 secondes by defaultn that
> > > could
> > > > explain why you don't get your data persisted (this is configured,
> and
> > if
> > > > you set the default value to 0, everything is flushed immediately, at
> > the
> > > > price of a slower server)
> > >
> > >
> > > I set the sync time to 0. but still have the problem.
> > >
> > > As I can see this entry is can be seen if I access it with
> > >
> > > ServerEntry adminACLEntry =
> > > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > >
> > > but for some reason it seems to be not working.
> > >
> > > If I try to delete it, it gives a null pointer exception here.
> > > (SubEntryInterceptor.java 599)
> > >
> > > if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > > {
> > > SubtreeSpecification ss = subentryCache.removeSubentry(
> > > name.toNormName() ).getSubtreeSpecification();
> > > next.delete( opContext );
> > >
> > > at this point subentryCache is empty.
> > >
> > > thanks,
> > > Amila.
> > >
> > >
> > >
> > > >
> > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > > >
> > > >> hi all,
> > > >>
> > > >> In our code we programatically add partitions to embeded Apache DS
> > > server
> > > >> with the following code
> > > >>
> > > >> JdbmPartition partition = addNewPartition(tenant);
> > > >>
> > > >> try {
> > > >> this.directoryService.addPartition(partition);
> > > >> try {
> > > >>
> > > >>
> > this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > > >> } catch (Exception e) {
> > > >> LdapDN tenantdn = new
> > > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > > >> ServerEntry tenantEntry =
> > > >> this.directoryService.newEntry(tenantdn);
> > > >> tenantEntry.add("objectClass", "top",
> "organization",
> > > >> "extensibleObject");
> > > >> tenantEntry.add("o", tenant.getDomain());
> > > >> tenantEntry.add("manager", "uid=" +
> > > tenant.getAdminName()
> > > >> +
> > > >> "," + partition.getSuffix());
> > > >> tenantEntry.add("administrativeRole",
> > > >> "accessControlSpecificArea");
> > > >>
> > > >>
> > > this.directoryService.getAdminSession().add(tenantEntry);
> > > >>
> > > >> addAdminACLEntry(tenant, partition.getSuffix());
> > > >> addAdmin(tenant, partition.getSuffix());
> > > >>
> > > >> LdapDN usersdn = new LdapDN("ou=users," +
> > > >> partition.getSuffixDn());
> > > >> ServerEntry usersEntry =
> > > >> this.directoryService.newEntry(usersdn);
> > > >> usersEntry.add("objectClass", "organizationalUnit",
> > > >> "top");
> > > >> usersEntry.add("ou", "users");
> > > >>
> > > >>
> > this.directoryService.getAdminSession().add(usersEntry);
> > > >>
> > > >> }
> > > >> } catch (Exception e) {
> > > >> throw new UserStoreException("Could not add the
> partition
> > ",
> > > >> e);
> > > >> }
> > > >> return tenant.getId();
> > > >>
> > > >> addAdminACLEntry method looks like this,
> > > >>
> > > >> private void addAdminACLEntry(Tenant tenant, String tenantSufix)
> > throws
> > > >> Exception {
> > > >> //add the permission entry
> > > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> > > >> tenantSufix);
> > > >> ServerEntry adminACLEntry =
> > > >> directoryService.newEntry(adminACLEntrydn);
> > > >> adminACLEntry.add("objectClass", "accessControlSubentry",
> > > >> "subentry", "top");
> > > >> adminACLEntry.add("cn", "adminACLEntry");
> > > >> adminACLEntry.add("prescriptiveACI", "{ identificationTag
> > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
> > > >> "itemOrUserFirst userFirst: { userClasses { name {
> > > \"uid="
> > > >> +
> > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > > >> "userPermissions { { protectedItems { entry,
> > > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> > > >> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
> > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > > >> grantExport, grantDiscloseOnError } } } } }");
> > > >> adminACLEntry.add("subtreeSpecification", "{ }");
> > > >>
> > > >> directoryService.getAdminSession().add(adminACLEntry);
> > > >> }
> > > >>
> > > >> this adminACLEntry is used to give the access rights to admin user
> to
> > > >> other
> > > >> entries in the partition.
> > > >>
> > > >> Every thing works fine. i.e. when I log in as the partition admin
> user
> > I
> > > >> can
> > > >> see the other entries of the partition.
> > > >>
> > > >> If I stop the Embeded server and start it then the newly added
> > partition
> > > >> is
> > > >> not visible. This can be fixed by adding the partition again
> > > >>
> > > >> i.e.
> > > >>
> > > >> public void addPartitionToTenant(Tenant tenant) throws
> > > UserStoreException
> > > >> {
> > > >> try {
> > > >>
> > this.directoryService.addPartition(addNewPartition(tenant));
> > > >> this.directoryService.sync();
> > > >> } catch (Exception e) {
> > > >> throw new UserStoreException("Can not add the new
> > partition
> > > ",
> > > >> e);
> > > >> }
> > > >> }
> > > >>
> > > >> but after this when I log in as the admin user I can't see the other
> > > >> entries. However this entry is exists in the Adminsession.
> > > >>
> > > >> i.e
> > > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry,"
> +
> > > >> tenantSufix);
> > > >> ServerEntry adminACLEntry =
> > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > >>
> > > >> returns the correct an entry for adminACLEntry. however I can not
> > delete
> > > >> this entry and if I tried so it gives a null pointer exception.
> > > >>
> > > >> i.e.
> > > >> at
> > > >>
> > > >>
> > >
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > > >> at
> > > >>
> > > >>
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > >> at
> > > >>
> > > >>
> > >
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > > >> at
> > > >>
> > > >>
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > >>
> > > >> Does ApacheDS persists accessControlSubentries ?
> > > >>
> > > >> Do I have to set any other attribute in order to do so?
> > > >>
> > > >> thanks,
> > > >> Amila.
> > > >>
> > > >>
> > > >>
> > > >>
> > > >
> > > >
> > > > --
> > > > Regards,
> > > > Cordialement,
> > > > Emmanuel Lécharny
> > > > www.nextury.com
> > > >
> > > >
> > > >
> > >
> > >
> > > --
> > > Amila Suriarachchi
> > > WSO2 Inc.
> > > blog: http://amilachinthaka.blogspot.com/
> > >
> >
> >
> >
> > --
> > Ersin ER
> > http://www.ersiner.net
> >
>
>
>
> --
> Amila Suriarachchi
> WSO2 Inc.
> blog: http://amilachinthaka.blogspot.com/
>
--
Ersin ER
http://www.ersiner.net
Re: persisting subentries
Posted by Amila Suriarachchi <am...@gmail.com>.
On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <er...@gmail.com> wrote:
> If the partition has not been appropriately initialized during startup, the
> subentryCache may not have been filled up with existing subentries'
> information. So trying to remove an non-existent entry from the cache can
> result in NPE.
>
> However I am not sure as I do not know exactly which like is the 599th one.
>
> If I am correct you need to solve the problem of partition initialization
> first. This may not be really directly related to Subentries or Access
> Control Subsystem.
>
if I create a partition programatically, does ApacheDS suppose to save the
partition and make
that available at the re start of the server?
thanks,
Amila.
>
> On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> amilasuriarachchi@gmail.com> wrote:
>
> > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <elecharny@gmail.com
> > >wrote:
> >
> > > Can you try to call the DirectoryService sync() method before closing
> the
> > > server ? Data are flushed on disk every 15 secondes by defaultn that
> > could
> > > explain why you don't get your data persisted (this is configured, and
> if
> > > you set the default value to 0, everything is flushed immediately, at
> the
> > > price of a slower server)
> >
> >
> > I set the sync time to 0. but still have the problem.
> >
> > As I can see this entry is can be seen if I access it with
> >
> > ServerEntry adminACLEntry =
> > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> >
> > but for some reason it seems to be not working.
> >
> > If I try to delete it, it gives a null pointer exception here.
> > (SubEntryInterceptor.java 599)
> >
> > if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > {
> > SubtreeSpecification ss = subentryCache.removeSubentry(
> > name.toNormName() ).getSubtreeSpecification();
> > next.delete( opContext );
> >
> > at this point subentryCache is empty.
> >
> > thanks,
> > Amila.
> >
> >
> >
> > >
> > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > >
> > >> hi all,
> > >>
> > >> In our code we programatically add partitions to embeded Apache DS
> > server
> > >> with the following code
> > >>
> > >> JdbmPartition partition = addNewPartition(tenant);
> > >>
> > >> try {
> > >> this.directoryService.addPartition(partition);
> > >> try {
> > >>
> > >>
> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > >> } catch (Exception e) {
> > >> LdapDN tenantdn = new
> > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > >> ServerEntry tenantEntry =
> > >> this.directoryService.newEntry(tenantdn);
> > >> tenantEntry.add("objectClass", "top", "organization",
> > >> "extensibleObject");
> > >> tenantEntry.add("o", tenant.getDomain());
> > >> tenantEntry.add("manager", "uid=" +
> > tenant.getAdminName()
> > >> +
> > >> "," + partition.getSuffix());
> > >> tenantEntry.add("administrativeRole",
> > >> "accessControlSpecificArea");
> > >>
> > >>
> > this.directoryService.getAdminSession().add(tenantEntry);
> > >>
> > >> addAdminACLEntry(tenant, partition.getSuffix());
> > >> addAdmin(tenant, partition.getSuffix());
> > >>
> > >> LdapDN usersdn = new LdapDN("ou=users," +
> > >> partition.getSuffixDn());
> > >> ServerEntry usersEntry =
> > >> this.directoryService.newEntry(usersdn);
> > >> usersEntry.add("objectClass", "organizationalUnit",
> > >> "top");
> > >> usersEntry.add("ou", "users");
> > >>
> > >>
> this.directoryService.getAdminSession().add(usersEntry);
> > >>
> > >> }
> > >> } catch (Exception e) {
> > >> throw new UserStoreException("Could not add the partition
> ",
> > >> e);
> > >> }
> > >> return tenant.getId();
> > >>
> > >> addAdminACLEntry method looks like this,
> > >>
> > >> private void addAdminACLEntry(Tenant tenant, String tenantSufix)
> throws
> > >> Exception {
> > >> //add the permission entry
> > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> > >> tenantSufix);
> > >> ServerEntry adminACLEntry =
> > >> directoryService.newEntry(adminACLEntrydn);
> > >> adminACLEntry.add("objectClass", "accessControlSubentry",
> > >> "subentry", "top");
> > >> adminACLEntry.add("cn", "adminACLEntry");
> > >> adminACLEntry.add("prescriptiveACI", "{ identificationTag
> > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
> > >> "itemOrUserFirst userFirst: { userClasses { name {
> > \"uid="
> > >> +
> > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > >> "userPermissions { { protectedItems { entry,
> > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> > >> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
> > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > >> grantExport, grantDiscloseOnError } } } } }");
> > >> adminACLEntry.add("subtreeSpecification", "{ }");
> > >>
> > >> directoryService.getAdminSession().add(adminACLEntry);
> > >> }
> > >>
> > >> this adminACLEntry is used to give the access rights to admin user to
> > >> other
> > >> entries in the partition.
> > >>
> > >> Every thing works fine. i.e. when I log in as the partition admin user
> I
> > >> can
> > >> see the other entries of the partition.
> > >>
> > >> If I stop the Embeded server and start it then the newly added
> partition
> > >> is
> > >> not visible. This can be fixed by adding the partition again
> > >>
> > >> i.e.
> > >>
> > >> public void addPartitionToTenant(Tenant tenant) throws
> > UserStoreException
> > >> {
> > >> try {
> > >>
> this.directoryService.addPartition(addNewPartition(tenant));
> > >> this.directoryService.sync();
> > >> } catch (Exception e) {
> > >> throw new UserStoreException("Can not add the new
> partition
> > ",
> > >> e);
> > >> }
> > >> }
> > >>
> > >> but after this when I log in as the admin user I can't see the other
> > >> entries. However this entry is exists in the Adminsession.
> > >>
> > >> i.e
> > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> > >> tenantSufix);
> > >> ServerEntry adminACLEntry =
> > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > >>
> > >> returns the correct an entry for adminACLEntry. however I can not
> delete
> > >> this entry and if I tried so it gives a null pointer exception.
> > >>
> > >> i.e.
> > >> at
> > >>
> > >>
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > >> at
> > >>
> > >>
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > >> at
> > >>
> > >>
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > >> at
> > >>
> > >>
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > >>
> > >> Does ApacheDS persists accessControlSubentries ?
> > >>
> > >> Do I have to set any other attribute in order to do so?
> > >>
> > >> thanks,
> > >> Amila.
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Regards,
> > > Cordialement,
> > > Emmanuel Lécharny
> > > www.nextury.com
> > >
> > >
> > >
> >
> >
> > --
> > Amila Suriarachchi
> > WSO2 Inc.
> > blog: http://amilachinthaka.blogspot.com/
> >
>
>
>
> --
> Ersin ER
> http://www.ersiner.net
>
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
Re: persisting subentries
Posted by Ersin Er <er...@gmail.com>.
If the partition has not been appropriately initialized during startup, the
subentryCache may not have been filled up with existing subentries'
information. So trying to remove an non-existent entry from the cache can
result in NPE.
However I am not sure as I do not know exactly which like is the 599th one.
If I am correct you need to solve the problem of partition initialization
first. This may not be really directly related to Subentries or Access
Control Subsystem.
On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
amilasuriarachchi@gmail.com> wrote:
> On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <elecharny@gmail.com
> >wrote:
>
> > Can you try to call the DirectoryService sync() method before closing the
> > server ? Data are flushed on disk every 15 secondes by defaultn that
> could
> > explain why you don't get your data persisted (this is configured, and if
> > you set the default value to 0, everything is flushed immediately, at the
> > price of a slower server)
>
>
> I set the sync time to 0. but still have the problem.
>
> As I can see this entry is can be seen if I access it with
>
> ServerEntry adminACLEntry =
> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
>
> but for some reason it seems to be not working.
>
> If I try to delete it, it gives a null pointer exception here.
> (SubEntryInterceptor.java 599)
>
> if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> {
> SubtreeSpecification ss = subentryCache.removeSubentry(
> name.toNormName() ).getSubtreeSpecification();
> next.delete( opContext );
>
> at this point subentryCache is empty.
>
> thanks,
> Amila.
>
>
>
> >
> > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> >
> >> hi all,
> >>
> >> In our code we programatically add partitions to embeded Apache DS
> server
> >> with the following code
> >>
> >> JdbmPartition partition = addNewPartition(tenant);
> >>
> >> try {
> >> this.directoryService.addPartition(partition);
> >> try {
> >>
> >> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> >> } catch (Exception e) {
> >> LdapDN tenantdn = new
> >> LdapDN(getTenantSuffix(tenant.getDomain()));
> >> ServerEntry tenantEntry =
> >> this.directoryService.newEntry(tenantdn);
> >> tenantEntry.add("objectClass", "top", "organization",
> >> "extensibleObject");
> >> tenantEntry.add("o", tenant.getDomain());
> >> tenantEntry.add("manager", "uid=" +
> tenant.getAdminName()
> >> +
> >> "," + partition.getSuffix());
> >> tenantEntry.add("administrativeRole",
> >> "accessControlSpecificArea");
> >>
> >>
> this.directoryService.getAdminSession().add(tenantEntry);
> >>
> >> addAdminACLEntry(tenant, partition.getSuffix());
> >> addAdmin(tenant, partition.getSuffix());
> >>
> >> LdapDN usersdn = new LdapDN("ou=users," +
> >> partition.getSuffixDn());
> >> ServerEntry usersEntry =
> >> this.directoryService.newEntry(usersdn);
> >> usersEntry.add("objectClass", "organizationalUnit",
> >> "top");
> >> usersEntry.add("ou", "users");
> >>
> >> this.directoryService.getAdminSession().add(usersEntry);
> >>
> >> }
> >> } catch (Exception e) {
> >> throw new UserStoreException("Could not add the partition ",
> >> e);
> >> }
> >> return tenant.getId();
> >>
> >> addAdminACLEntry method looks like this,
> >>
> >> private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
> >> Exception {
> >> //add the permission entry
> >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> >> tenantSufix);
> >> ServerEntry adminACLEntry =
> >> directoryService.newEntry(adminACLEntrydn);
> >> adminACLEntry.add("objectClass", "accessControlSubentry",
> >> "subentry", "top");
> >> adminACLEntry.add("cn", "adminACLEntry");
> >> adminACLEntry.add("prescriptiveACI", "{ identificationTag
> >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
> >> "itemOrUserFirst userFirst: { userClasses { name {
> \"uid="
> >> +
> >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> >> "userPermissions { { protectedItems { entry,
> >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> >> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
> >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> >> grantExport, grantDiscloseOnError } } } } }");
> >> adminACLEntry.add("subtreeSpecification", "{ }");
> >>
> >> directoryService.getAdminSession().add(adminACLEntry);
> >> }
> >>
> >> this adminACLEntry is used to give the access rights to admin user to
> >> other
> >> entries in the partition.
> >>
> >> Every thing works fine. i.e. when I log in as the partition admin user I
> >> can
> >> see the other entries of the partition.
> >>
> >> If I stop the Embeded server and start it then the newly added partition
> >> is
> >> not visible. This can be fixed by adding the partition again
> >>
> >> i.e.
> >>
> >> public void addPartitionToTenant(Tenant tenant) throws
> UserStoreException
> >> {
> >> try {
> >> this.directoryService.addPartition(addNewPartition(tenant));
> >> this.directoryService.sync();
> >> } catch (Exception e) {
> >> throw new UserStoreException("Can not add the new partition
> ",
> >> e);
> >> }
> >> }
> >>
> >> but after this when I log in as the admin user I can't see the other
> >> entries. However this entry is exists in the Adminsession.
> >>
> >> i.e
> >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> >> tenantSufix);
> >> ServerEntry adminACLEntry =
> >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> >>
> >> returns the correct an entry for adminACLEntry. however I can not delete
> >> this entry and if I tried so it gives a null pointer exception.
> >>
> >> i.e.
> >> at
> >>
> >>
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> >> at
> >>
> >>
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> >> at
> >>
> >>
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> >> at
> >>
> >>
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> >>
> >> Does ApacheDS persists accessControlSubentries ?
> >>
> >> Do I have to set any other attribute in order to do so?
> >>
> >> thanks,
> >> Amila.
> >>
> >>
> >>
> >>
> >
> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel Lécharny
> > www.nextury.com
> >
> >
> >
>
>
> --
> Amila Suriarachchi
> WSO2 Inc.
> blog: http://amilachinthaka.blogspot.com/
>
--
Ersin ER
http://www.ersiner.net
Re: persisting subentries
Posted by Amila Suriarachchi <am...@gmail.com>.
On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <el...@gmail.com>wrote:
> Can you try to call the DirectoryService sync() method before closing the
> server ? Data are flushed on disk every 15 secondes by defaultn that could
> explain why you don't get your data persisted (this is configured, and if
> you set the default value to 0, everything is flushed immediately, at the
> price of a slower server)
I set the sync time to 0. but still have the problem.
As I can see this entry is can be seen if I access it with
ServerEntry adminACLEntry =
this.directoryService.getAdminSession().lookup(adminACLEntrydn);
but for some reason it seems to be not working.
If I try to delete it, it gives a null pointer exception here.
(SubEntryInterceptor.java 599)
if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
{
SubtreeSpecification ss = subentryCache.removeSubentry(
name.toNormName() ).getSubtreeSpecification();
next.delete( opContext );
at this point subentryCache is empty.
thanks,
Amila.
>
> On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
>
>> hi all,
>>
>> In our code we programatically add partitions to embeded Apache DS server
>> with the following code
>>
>> JdbmPartition partition = addNewPartition(tenant);
>>
>> try {
>> this.directoryService.addPartition(partition);
>> try {
>>
>> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
>> } catch (Exception e) {
>> LdapDN tenantdn = new
>> LdapDN(getTenantSuffix(tenant.getDomain()));
>> ServerEntry tenantEntry =
>> this.directoryService.newEntry(tenantdn);
>> tenantEntry.add("objectClass", "top", "organization",
>> "extensibleObject");
>> tenantEntry.add("o", tenant.getDomain());
>> tenantEntry.add("manager", "uid=" + tenant.getAdminName()
>> +
>> "," + partition.getSuffix());
>> tenantEntry.add("administrativeRole",
>> "accessControlSpecificArea");
>>
>> this.directoryService.getAdminSession().add(tenantEntry);
>>
>> addAdminACLEntry(tenant, partition.getSuffix());
>> addAdmin(tenant, partition.getSuffix());
>>
>> LdapDN usersdn = new LdapDN("ou=users," +
>> partition.getSuffixDn());
>> ServerEntry usersEntry =
>> this.directoryService.newEntry(usersdn);
>> usersEntry.add("objectClass", "organizationalUnit",
>> "top");
>> usersEntry.add("ou", "users");
>>
>> this.directoryService.getAdminSession().add(usersEntry);
>>
>> }
>> } catch (Exception e) {
>> throw new UserStoreException("Could not add the partition ",
>> e);
>> }
>> return tenant.getId();
>>
>> addAdminACLEntry method looks like this,
>>
>> private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
>> Exception {
>> //add the permission entry
>> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
>> tenantSufix);
>> ServerEntry adminACLEntry =
>> directoryService.newEntry(adminACLEntrydn);
>> adminACLEntry.add("objectClass", "accessControlSubentry",
>> "subentry", "top");
>> adminACLEntry.add("cn", "adminACLEntry");
>> adminACLEntry.add("prescriptiveACI", "{ identificationTag
>> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
>> "itemOrUserFirst userFirst: { userClasses { name { \"uid="
>> +
>> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
>> "userPermissions { { protectedItems { entry,
>> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
>> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
>> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
>> grantExport, grantDiscloseOnError } } } } }");
>> adminACLEntry.add("subtreeSpecification", "{ }");
>>
>> directoryService.getAdminSession().add(adminACLEntry);
>> }
>>
>> this adminACLEntry is used to give the access rights to admin user to
>> other
>> entries in the partition.
>>
>> Every thing works fine. i.e. when I log in as the partition admin user I
>> can
>> see the other entries of the partition.
>>
>> If I stop the Embeded server and start it then the newly added partition
>> is
>> not visible. This can be fixed by adding the partition again
>>
>> i.e.
>>
>> public void addPartitionToTenant(Tenant tenant) throws UserStoreException
>> {
>> try {
>> this.directoryService.addPartition(addNewPartition(tenant));
>> this.directoryService.sync();
>> } catch (Exception e) {
>> throw new UserStoreException("Can not add the new partition ",
>> e);
>> }
>> }
>>
>> but after this when I log in as the admin user I can't see the other
>> entries. However this entry is exists in the Adminsession.
>>
>> i.e
>> String tenantSufix = getTenantSuffix(tenant.getDomain());
>> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
>> tenantSufix);
>> ServerEntry adminACLEntry =
>> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
>>
>> returns the correct an entry for adminACLEntry. however I can not delete
>> this entry and if I tried so it gives a null pointer exception.
>>
>> i.e.
>> at
>>
>> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
>> at
>>
>> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>> at
>>
>> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
>> at
>>
>> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>>
>> Does ApacheDS persists accessControlSubentries ?
>>
>> Do I have to set any other attribute in order to do so?
>>
>> thanks,
>> Amila.
>>
>>
>>
>>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.nextury.com
>
>
>
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
Re: persisting subentries
Posted by Emmanuel Lecharny <el...@gmail.com>.
Can you try to call the DirectoryService sync() method before closing
the server ? Data are flushed on disk every 15 secondes by defaultn that
could explain why you don't get your data persisted (this is configured,
and if you set the default value to 0, everything is flushed
immediately, at the price of a slower server)
On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> hi all,
>
> In our code we programatically add partitions to embeded Apache DS server
> with the following code
>
> JdbmPartition partition = addNewPartition(tenant);
>
> try {
> this.directoryService.addPartition(partition);
> try {
>
> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> } catch (Exception e) {
> LdapDN tenantdn = new
> LdapDN(getTenantSuffix(tenant.getDomain()));
> ServerEntry tenantEntry =
> this.directoryService.newEntry(tenantdn);
> tenantEntry.add("objectClass", "top", "organization",
> "extensibleObject");
> tenantEntry.add("o", tenant.getDomain());
> tenantEntry.add("manager", "uid=" + tenant.getAdminName() +
> "," + partition.getSuffix());
> tenantEntry.add("administrativeRole",
> "accessControlSpecificArea");
>
> this.directoryService.getAdminSession().add(tenantEntry);
>
> addAdminACLEntry(tenant, partition.getSuffix());
> addAdmin(tenant, partition.getSuffix());
>
> LdapDN usersdn = new LdapDN("ou=users," +
> partition.getSuffixDn());
> ServerEntry usersEntry =
> this.directoryService.newEntry(usersdn);
> usersEntry.add("objectClass", "organizationalUnit", "top");
> usersEntry.add("ou", "users");
>
> this.directoryService.getAdminSession().add(usersEntry);
>
> }
> } catch (Exception e) {
> throw new UserStoreException("Could not add the partition ", e);
> }
> return tenant.getId();
>
> addAdminACLEntry method looks like this,
>
> private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
> Exception {
> //add the permission entry
> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> tenantSufix);
> ServerEntry adminACLEntry =
> directoryService.newEntry(adminACLEntrydn);
> adminACLEntry.add("objectClass", "accessControlSubentry",
> "subentry", "top");
> adminACLEntry.add("cn", "adminACLEntry");
> adminACLEntry.add("prescriptiveACI", "{ identificationTag
> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
> "itemOrUserFirst userFirst: { userClasses { name { \"uid=" +
> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> "userPermissions { { protectedItems { entry,
> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> grantExport, grantDiscloseOnError } } } } }");
> adminACLEntry.add("subtreeSpecification", "{ }");
>
> directoryService.getAdminSession().add(adminACLEntry);
> }
>
> this adminACLEntry is used to give the access rights to admin user to other
> entries in the partition.
>
> Every thing works fine. i.e. when I log in as the partition admin user I can
> see the other entries of the partition.
>
> If I stop the Embeded server and start it then the newly added partition is
> not visible. This can be fixed by adding the partition again
>
> i.e.
>
> public void addPartitionToTenant(Tenant tenant) throws UserStoreException {
> try {
> this.directoryService.addPartition(addNewPartition(tenant));
> this.directoryService.sync();
> } catch (Exception e) {
> throw new UserStoreException("Can not add the new partition ",
> e);
> }
> }
>
> but after this when I log in as the admin user I can't see the other
> entries. However this entry is exists in the Adminsession.
>
> i.e
> String tenantSufix = getTenantSuffix(tenant.getDomain());
> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> tenantSufix);
> ServerEntry adminACLEntry =
> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
>
> returns the correct an entry for adminACLEntry. however I can not delete
> this entry and if I tried so it gives a null pointer exception.
>
> i.e.
> at
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> at
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>
> Does ApacheDS persists accessControlSubentries ?
>
> Do I have to set any other attribute in order to do so?
>
> thanks,
> Amila.
>
>
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.nextury.com