Configure (Eve) server from properties file.

["Robert r. Sanders" <ro...@ipov.net>]

I'd like to use the JNDI server so that I can create and run JUnit tests 
of JNDI/LDAP functionality.  To that end I'm trying to figure out the 
easiest way to configure a server instance; it looked like properties 
files would be a decent way (at least better than programmatically 
creating a bunch of JNDI Attribute objects); but I don' t know how to 
get the server to load a properties file - this is what I have so far 
(using properties file contents from documentation example):

Properties env = new Properties();
FileInputStream in = new 
FileInputStream("sandbox/src/test/jndi01.properties");
env.load(in);
env.put( Context.PROVIDER_URL, "ou=system" );
env.put( Context.INITIAL_CONTEXT_FACTORY, 
"org.apache.ldap.server.jndi.ServerContextFactory" );
env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
env.put( Context.SECURITY_CREDENTIALS, "secret" );

DirContext ctx = new InitialDirContext( env );

Once I have the DirContext I have just been using code from the JNDI 
tutorial to see what's there:

NamingEnumeration list = ctx.list("");
while (list.hasMore()) {
    NameClassPair nc = (NameClassPair)list.next();
    System.out.println( nc );
}

Any help would be much appreciated.

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net

Re: Configure (Eve) server from properties file.

[David Boreham <da...@bozemanpass.com>]

> Exactly.  I won't be able to test the quirks of the different server 
> implementations; but I should be able to test a broad range of different 
> user schema and the like.

Yeah, I see what you mean now, but this isn't 'schema' per se
(in the specific meaning applied to that word in LDAP-land).
I'm not quite sure what the right word is...I've heard
a few different words used but none of them is printable ;)

Re: Configure (Eve) server from properties file.

["Robert r. Sanders" <ro...@ipov.net>]

David Boreham wrote:

>
> Quick question: could you expand on what exactly you mean
> by 'a directory configuration' ? I'm guessing that you don't mean
> different vendors' products (e.g. test with Active Directory first,
> then with Novell eDirectory, and next with Apache Directory Server).
> And you probably don't mean something like changing the list port on 
> the server.
> Are you planning to test different
> DIT shapes, different user schema, stuff like that ? (e.g. one site 
> puts all users in one container, others divide them up between 
> containers for functional
> groups; one site uses 'uid' as a naming attribute while
> another uses 'cn'). 

Exactly.  I won't be able to test the quirks of the different server 
implementations; but I should be able to test a broad range of different 
user schema and the like.

> If this is what you mean by
> 'different configuration' then I believe you can probably
> do everything you need to do via LDAP because
> all you're doing is creating container entries in different
> places and with different object classes.
> You can add all the entries in the DIT, run your tests,
> then delete the entire DIT, then iterate with a new one.
>
> Did I get that right ?
>
Ok, I think I finally have gotten what I am trying to do explained. 

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net

Re: Configure (Eve) server from properties file.

[David Boreham <da...@bozemanpass.com>]

> 1. setup a directory configuration.
> 2. load test user's
> 3. configure my auth. code in recommended manner for server config.
> 4. run a set of tests as you say.
> 5. using a different directory configuration, return to step one and 
> repeat until I iterate through all the directory configurations I have 
> (the idea would be to expand this as user's report new and unusual ways 
> that their network admins have decided to configure their servers).

Quick question: could you expand on what exactly you mean
by 'a directory configuration' ? I'm guessing that you don't mean
different vendors' products (e.g. test with Active Directory first,
then with Novell eDirectory, and next with Apache Directory Server).
And you probably don't mean something like changing the 
list port on the server. 

Are you planning to test different
DIT shapes, different user schema, stuff like that ? 
(e.g. one site puts all users in one container, others 
divide them up between containers for functional
groups; one site uses 'uid' as a naming attribute while
another uses 'cn'). If this is what you mean by
'different configuration' then I believe you can probably
do everything you need to do via LDAP because
all you're doing is creating container entries in different
places and with different object classes.
You can add all the entries in the DIT, run your tests,
then delete the entire DIT, then iterate with a new one.

Did I get that right ?

Re: Configure (Eve) server from properties file.

["Robert r. Sanders" <ro...@ipov.net>]

Thanks for taking the time to respond in such detail.

> Ok, thanks. The code was a great help in understanding where you're at !
>
> So I'm not sure that you really need to change the server's schema:
> that would entail for example adding a new LDAP object class with
> new attributes : say a 'fordMotorCompanyPerson' with a 'favouriteSuv'
> attribute, or similar. I can't see why you'd want to do that : seems
> that you can use the standard inetOrgPerson schema here.
> Is it possible that when you say 'schema' you aren't using the
> term in the way that it's used in Directory-land ?
>
> Otherwise, it seems to me that you'd want to load some test users
> and perhaps groups into the LDAP server under test, and then call
> your auth code and see if you get the correct results back
> (can authenticate with valid user, can not with unvalid user etc etc).

Here's the only twist: I don't just want to test it for my setup; I want to:

1. setup a directory configuration.
2. load test user's
3. configure my auth. code in recommended manner for server config.
4. run a set of tests as you say.
5. using a different directory configuration, return to step one and 
repeat until I iterate through all the directory configurations I have 
(the idea would be to expand this as user's report new and unusual ways 
that their network admins have decided to configure their servers).

>
> I think your best option for doing that would be to simply write
> JNDI code that adds the users and groups. Forgive my relative
> lack of JNDI knowledge : back in the day JNDI did not
> support the full fidelity of the LDAP protocol, so I've mostly
> worked with other LDAP client libraries that did. However I'm
> fairly confident that you should be able to add basic users
> and groups with JNDI these days.
>
> So all your test code would be a JNDI application. I don't
> think you need LDIF or DSML for this: just write Java that
> generates some user objects and pass then to JNDI.
>
Ok, from what you've said this looks like a good point to start.  I 
think once I get started that I will have a much clearer idea what if 
anything else I may need to learn.  Thanks.

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net

Re: Configure (Eve) server from properties file.

[David Boreham <da...@bozemanpass.com>]

Robert r. Sanders wrote:

>
>    I haven't read the book you note, but I just looked it up and will 
> think about buying it...  I have done a little JNDI in the past, but 
> not a huge amount.
>    The code I am trying to write tests for is:  
> http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/sandbox/src/main/java/net/sf/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationDao.java?rev=1.4&view=log 
>
>
> The code's goal is to validate a username/password against an LDAP 
> server (via JNDI) and retrieve a list of roles associated with the 
> user.  Currently any testing is pretty dependent on a user/developer 
> having an already working LDAP server; my goal is to have a bunch of 
> server configurations which can be 'loaded' so I can see if my code 
> returns the expected results when run against the different 
> configurations - its more functional than unit testing, but if I can 
> get it to work it'll be a whole lot better than the way most such code 
> is tested.

Ok, thanks. The code was a great help in understanding where you're at !

So I'm not sure that you really need to change the server's schema:
that would entail for example adding a new LDAP object class with
new attributes : say a 'fordMotorCompanyPerson' with a 'favouriteSuv'
attribute, or similar. I can't see why you'd want to do that : seems
that you can use the standard inetOrgPerson schema here.
Is it possible that when you say 'schema' you aren't using the
term in the way that it's used in Directory-land ?

Otherwise, it seems to me that you'd want to load some test users
and perhaps groups into the LDAP server under test, and then call
your auth code and see if you get the correct results back
(can authenticate with valid user, can not with unvalid user etc etc).

I think your best option for doing that would be to simply write
JNDI code that adds the users and groups. Forgive my relative
lack of JNDI knowledge : back in the day JNDI did not
support the full fidelity of the LDAP protocol, so I've mostly
worked with other LDAP client libraries that did. However I'm
fairly confident that you should be able to add basic users
and groups with JNDI these days.

So all your test code would be a JNDI application. I don't
think you need LDIF or DSML for this: just write Java that
generates some user objects and pass then to JNDI.

Re: Configure (Eve) server from properties file.

["Robert r. Sanders" <ro...@ipov.net>]

Ok,

    I haven't read the book you note, but I just looked it up and will 
think about buying it...  I have done a little JNDI in the past, but not 
a huge amount. 

    The code I am trying to write tests for is:  
http://cvs.sourceforge.net/viewcvs.py/acegisecurity/acegisecurity/sandbox/src/main/java/net/sf/acegisecurity/providers/dao/ldap/LdapPasswordAuthenticationDao.java?rev=1.4&view=log

The code's goal is to validate a username/password against an LDAP 
server (via JNDI) and retrieve a list of roles associated with the 
user.  Currently any testing is pretty dependent on a user/developer 
having an already working LDAP server; my goal is to have a bunch of 
server configurations which can be 'loaded' so I can see if my code 
returns the expected results when run against the different 
configurations - its more functional than unit testing, but if I can get 
it to work it'll be a whole lot better than the way most such code is 
tested.




David Boreham wrote:

> Robert r. Sanders wrote:
>
>> I am not trying to test the server; what I'd like to do is test some 
>> JNDI code that is designed to work against an LDAP server (OpenLDAP, 
>> ActiveDirectory, etc..) by:
>>
>> 1. Loading a server instance from the test code.
>> 2. Telling the server (if possible) to read in some schema + data.
>> 3. Configuring JNDI Client code.
>> 4. Running JNDI Client code tests.
>> 5. Shutting down server.
>>
>> Note that some server specific responses may not be testable this 
>> way; that's ok.  What I want to test is that certain client 
>> configurations return the expected results when run against known 
>> server schemas.
>
>
> Hmm...you've kind of lost me.  Perhaps you could give an example.
> I don't know what you mean by 'telling the server to read in
> some schema + data'.
>
>> Any pointers as to where to get started here?  I have been looking 
>> around for information, and pretty much everything I've found already 
>> assumes you know what it is talking about.
>
>
> Perhaps you could say where you're at in learning about this:
> Have you read Tim Howes, Mark Smith and Gordon Good's book for example ?
>
>
>

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net

Re: Configure (Eve) server from properties file.

[David Boreham <da...@bozemanpass.com>]

Robert r. Sanders wrote:

> I am not trying to test the server; what I'd like to do is test some 
> JNDI code that is designed to work against an LDAP server (OpenLDAP, 
> ActiveDirectory, etc..) by:
>
> 1. Loading a server instance from the test code.
> 2. Telling the server (if possible) to read in some schema + data.
> 3. Configuring JNDI Client code.
> 4. Running JNDI Client code tests.
> 5. Shutting down server.
>
> Note that some server specific responses may not be testable this way; 
> that's ok.  What I want to test is that certain client configurations 
> return the expected results when run against known server schemas.

Hmm...you've kind of lost me.  Perhaps you could give an example.
I don't know what you mean by 'telling the server to read in
some schema + data'.

> Any pointers as to where to get started here?  I have been looking 
> around for information, and pretty much everything I've found already 
> assumes you know what it is talking about.

Perhaps you could say where you're at in learning about this:
Have you read Tim Howes, Mark Smith and Gordon Good's book for example ?

Re: Configure (Eve) server from properties file.

["Robert r. Sanders" <ro...@ipov.net>]

>
> Not sure if I am understanding your goals here, but I'll take a stab:
>
> 1. If you're testing, wouldn't you want to write the data via LDAP, 
> and read it
> back to verify via LDAP ? (or am I missing something here ? perhaps this
> is a unit test designed specifically to NOT test end-to-end 
> functionality?).

I am not trying to test the server; what I'd like to do is test some 
JNDI code that is designed to work against an LDAP server (OpenLDAP, 
ActiveDirectory, etc..) by:

1. Loading a server instance from the test code.
2. Telling the server (if possible) to read in some schema + data.
3. Configuring JNDI Client code.
4. Running JNDI Client code tests.
5. Shutting down server.

Note that some server specific responses may not be testable this way; 
that's ok.  What I want to test is that certain client configurations 
return the expected results when run against known server schemas.

>
> 2. Why not use LDIF ? Or if you like XML, use DSML, which is an XML
> syntax for LDIF.

Any pointers as to where to get started here?  I have been looking 
around for information, and pretty much everything I've found already 
assumes you know what it is talking about.

>
> 3. For some kinds of test it's easier to generate the test data
> at run time in the test program (saves having to manage
> LDIF or whatever files, which tends to have to be done
> by a human).
>
> 4. If it saves time, there are plenty of existing LDAP clients
> that will happily read LDIF and send it over-the-wire.

Hmm, I may need to look into option #4 as a way to configure the server 
instance...

>
> Apologies if I've missed the point.
>
Thanks quite alright, I am not sure that I was making the point very clear.

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net

Re: Configure (Eve) server from properties file.

[David Boreham <da...@bozemanpass.com>]

Robert r. Sanders wrote:

> I know this is more of a user's list question, but there doesn't seem 
> to be one yet.
>
> After looking back over my code, I think that what I was doing was not 
> what I was trying to do.  What I want is to have several alternative 
> configurations (schemas + data) as text files; and load those (not all 
> at once) into the server so I can then test some JNDI calls to see if 
> they are returning the expected results (given the data that was 
> loaded).  I think something like LDIF files are what I am aiming for 
> (although a clean xml syntax might be cool) - are there any examples 
> or docs that would be useful to me in figuring this out?  Thanks for 
> your time.

Not sure if I am understanding your goals here, but I'll take a stab:

1. If you're testing, wouldn't you want to write the data via LDAP, and 
read it
back to verify via LDAP ? (or am I missing something here ? perhaps this
is a unit test designed specifically to NOT test end-to-end functionality?).

2. Why not use LDIF ? Or if you like XML, use DSML, which is an XML
syntax for LDIF.

3. For some kinds of test it's easier to generate the test data
at run time in the test program (saves having to manage
LDIF or whatever files, which tends to have to be done
by a human).

4. If it saves time, there are plenty of existing LDAP clients
that will happily read LDIF and send it over-the-wire.

Apologies if I've missed the point.

Re: Configure (Eve) server from properties file.

["Robert r. Sanders" <ro...@ipov.net>]

I know this is more of a user's list question, but there doesn't seem to 
be one yet.

After looking back over my code, I think that what I was doing was not 
what I was trying to do.  What I want is to have several alternative 
configurations (schemas + data) as text files; and load those (not all 
at once) into the server so I can then test some JNDI calls to see if 
they are returning the expected results (given the data that was 
loaded).  I think something like LDIF files are what I am aiming for 
(although a clean xml syntax might be cool) - are there any examples or 
docs that would be useful to me in figuring this out?  Thanks for your time.

Alex Karasulu wrote:

> Robert r. Sanders wrote:
>
>> I'd like to use the JNDI server so that I can create and run JUnit 
>> tests of JNDI/LDAP functionality.  To that end I'm trying to figure 
>> out the easiest way to configure a server instance; it looked like 
>> properties files would be a decent way (at least better than 
>> programmatically creating a bunch of JNDI Attribute objects); but I 
>> don' t know how to get the server to load a properties file - this is 
>> what I have so far (using properties file contents from documentation 
>> example):
>>
> When running it via command line it can have prop file arg but you 
> don't need that.  Looks like you're doing it right below.
>
>> Properties env = new Properties();
>> FileInputStream in = new 
>> FileInputStream("sandbox/src/test/jndi01.properties");
>> env.load(in);
>> env.put( Context.PROVIDER_URL, "ou=system" );
>> env.put( Context.INITIAL_CONTEXT_FACTORY, 
>> "org.apache.ldap.server.jndi.ServerContextFactory" );
>> env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
>> env.put( Context.SECURITY_CREDENTIALS, "secret" );
>>
> Looks good to me.  Is this not working?
>
>> DirContext ctx = new InitialDirContext( env );
>>
>> Once I have the DirContext I have just been using code from the JNDI 
>> tutorial to see what's there:
>>
>> NamingEnumeration list = ctx.list("");
>> while (list.hasMore()) {
>>    NameClassPair nc = (NameClassPair)list.next();
>>    System.out.println( nc );
>> }
>
>
> You should see the listing of some entries.  Let me know if you have a 
> problem.  You approach looks good.
>
> Alex
>

-- 
    Robert r. Sanders
    Chief Technologist
    iPOV
    (334) 821-5412
    www.ipov.net

Re: Configure (Eve) server from properties file.

[Alex Karasulu <ao...@bellsouth.net>]

Robert r. Sanders wrote:

> I'd like to use the JNDI server so that I can create and run JUnit 
> tests of JNDI/LDAP functionality.  To that end I'm trying to figure 
> out the easiest way to configure a server instance; it looked like 
> properties files would be a decent way (at least better than 
> programmatically creating a bunch of JNDI Attribute objects); but I 
> don' t know how to get the server to load a properties file - this is 
> what I have so far (using properties file contents from documentation 
> example):
>
When running it via command line it can have prop file arg but you don't 
need that.  Looks like you're doing it right below.

> Properties env = new Properties();
> FileInputStream in = new 
> FileInputStream("sandbox/src/test/jndi01.properties");
> env.load(in);
> env.put( Context.PROVIDER_URL, "ou=system" );
> env.put( Context.INITIAL_CONTEXT_FACTORY, 
> "org.apache.ldap.server.jndi.ServerContextFactory" );
> env.put( Context.SECURITY_PRINCIPAL, "uid=admin,ou=system" );
> env.put( Context.SECURITY_CREDENTIALS, "secret" );
>
Looks good to me.  Is this not working?

> DirContext ctx = new InitialDirContext( env );
>
> Once I have the DirContext I have just been using code from the JNDI 
> tutorial to see what's there:
>
> NamingEnumeration list = ctx.list("");
> while (list.hasMore()) {
>    NameClassPair nc = (NameClassPair)list.next();
>    System.out.println( nc );
> }

You should see the listing of some entries.  Let me know if you have a 
problem.  You approach looks good.

Alex