You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by dee factorial <de...@gmail.com> on 2007/04/08 00:01:25 UTC
LDAP - null values for uniqueMember
I'm attempting to load the Ldif file for the setup1 of apacheds and I'm
getting errors telling me that the unique member attribute has to have a
value but everywhere I read in the jetspeed documentation says that there
has to be an empty value for the uniqueMember attribute.
#!RESULT ERROR
#!CONNECTION ldap://server.com:10389
#!DATE 2007-04-07T12:55:09.718
#!ERROR Record is invalid
dn: cn=Group2,o=sevenSeas
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember:
cn: Group2
if I remove the attribute I get this error.
#!RESULT ERROR
#!CONNECTION ldap://rhythmicearth.com:10389
#!DATE 2007-04-07T14:27:14.015
#!ERROR [LDAP: error code 65 - failed to add entry cn=Group2,o=sevenSeas:
Required attributes [2.5.4.50] not found within entry cn=Group2,o=sevenSeas]
dn: cn=Group2,o=sevenSeas
objectClass: top
objectClass: groupOfUniqueNames
cn: Group2
a little about my unusual directory server.
I've gone with the embeded Apache DS because I don't want to start up
another java instance for apacheds. I've loaded the Jetspeed.schema using
the Schema generator for apacheds and I've created a configuration with the
basic attributes, Inceptors and Bootstrap Schema.
I've copied the security-spi-ldap.xml file to the jetspeed/WEB-INF/assembly
directory.
Is there any file that needs to be removed?
I've been able to log into jetspeed with admin user but the administrative
interface does not show up.
Any help would be much appreciated.
Thanks,
Dominique
Re: LDAP - null values for uniqueMember
Posted by dee factorial <de...@gmail.com>.
I'm wondering if jetspeed is not reading the user role attribute properly.
In the ldap database under cn=role1 I have a
uniquemember=uid=admin,ou=People,ou=OrgUnit1
I'm wondering if the reason I'm not getting the admin user interface is
because the constructor arguemnt for roleMembershipAttributes is member and
not uniquemember.
These are the constructor arguments in security-spi-ldap.xml
<!-- The roleMembershipAttributes. -->
<constructor-arg index="9"><value>member</value></constructor-arg>
<!-- The userRoleMembershipAttributes. -->
<constructor-arg index="10"><value></value></constructor-arg>
<!-- The groupMembershipAttributes. -->
<constructor-arg
index="11"><value>uniqueMember</value></constructor-arg>
<!-- The userGroupMembershipAttributes. -->
<constructor-arg index="12"><value></value></constructor-arg>
<!-- The groupMembershipForRoleAttributes. -->
<constructor-arg
index="13"><value>uniqueMember</value></constructor-arg>
<!-- The roleGroupMembershipForRoleAttributes. -->
<constructor-arg index="14"><value></value></constructor-arg>
On 4/7/07, dee factorial <de...@gmail.com> wrote:
>
> I've tried to add
>
> uniqueMember: uid=admin,ou=People,ou=OrgUnit1
>
> to all the ones that don't have a value and that will allow them to be
> inserted. But then when I try to login using the adminuser pass admin I can
> log in but there is no administrative interface. When I try to add a user I
> get an error:
>
> Failed to add
> user.org.apache.jetspeed.administration.RegistrationException:
> org.apache.jetspeed.security.SecurityException: The role user does not
> exist.
>
> but it adds the user and I can log in with that new user. if I add the
> uid=newusername too all the places that I find admin in ldap database it
> still won't show me the admin interface.
>
> I've also removed the the files called *security-spi-atn.xml* and *
> security-spi-atz.xml* from the assembly directory.
>
>
> On 4/7/07, Ersin Er < ersin.er@gmail.com> wrote:
> >
> > Hi,
> >
> > I don't know how Jetpeed can suggest* an empty value for uniqueMember
> > attribute but as it should conform to the LDAP Name syntax, it can
> > neither be empty nor anything other than an LDAP name. So instead of
> > an empty value, just put something that "looks like" an LDAP name such
> > as 'uid=dummy'.
> >
> > BTW, newer versions of ApacheDS does more strict schema checking. If
> > you have problems with schema checking (ask to dev@d.a.o then), you
> > can just disable it via ApacheDS configuration really easily (not
> > suggestion really).
> >
> > *I am not involved with Jetspeed, so I may be not aware of some custom
> > directory configurations by jetspeed folks which make the suggestions
> > appropriate.
> >
> > HTH,
> >
> > Ersin Er
> > Apache Directory
> >
> >
> > On 4/8/07, dee factorial <de...@gmail.com> wrote:
> > > I'm attempting to load the Ldif file for the setup1 of apacheds and
> > I'm
> > > getting errors telling me that the unique member attribute has to have
> > a
> > > value but everywhere I read in the jetspeed documentation says that
> > there
> > > has to be an empty value for the uniqueMember attribute.
> > >
> > > #!RESULT ERROR
> > > #!CONNECTION ldap://server.com:10389
> > > #!DATE 2007-04-07T12:55:09.718
> > > #!ERROR Record is invalid
> > > dn: cn=Group2,o=sevenSeas
> > > objectClass: top
> > > objectClass: groupOfUniqueNames
> > > uniqueMember:
> > > cn: Group2
> > >
> > > if I remove the attribute I get this error.
> > >
> > > #!RESULT ERROR
> > > #!CONNECTION ldap://rhythmicearth.com:10389
> > > #!DATE 2007-04-07T14:27:14.015
> > > #!ERROR [LDAP: error code 65 - failed to add entry
> > cn=Group2,o=sevenSeas:
> > > Required attributes [2.5.4.50] not found within entry
> > cn=Group2,o=sevenSeas]
> > > dn: cn=Group2,o=sevenSeas
> > > objectClass: top
> > > objectClass: groupOfUniqueNames
> > > cn: Group2
> > >
> > >
> > > a little about my unusual directory server.
> > > I've gone with the embeded Apache DS because I don't want to start up
> > > another java instance for apacheds. I've loaded the Jetspeed.schemausing
> > > the Schema generator for apacheds and I've created a configuration
> > with the
> > > basic attributes, Inceptors and Bootstrap Schema.
> > >
> > > I've copied the security-spi-ldap.xml file to the
> > jetspeed/WEB-INF/assembly
> > > directory.
> > >
> > > Is there any file that needs to be removed?
> > >
> > > I've been able to log into jetspeed with admin user but the
> > administrative
> > > interface does not show up.
> > >
> > > Any help would be much appreciated.
> > > Thanks,
> > > Dominique
> > >
> >
> >
> > --
> > Ersin
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> >
> >
>
Re: LDAP - null values for uniqueMember
Posted by dee factorial <de...@gmail.com>.
I've tried to add
uniqueMember: uid=admin,ou=People,ou=OrgUnit1
to all the ones that don't have a value and that will allow them to be
inserted. But then when I try to login using the adminuser pass admin I can
log in but there is no administrative interface. When I try to add a user I
get an error:
Failed to add user.org.apache.jetspeed.administration.RegistrationException:
org.apache.jetspeed.security.SecurityException: The role user does not
exist.
but it adds the user and I can log in with that new user. if I add the
uid=newusername too all the places that I find admin in ldap database it
still won't show me the admin interface.
I've also removed the the files called *security-spi-atn.xml* and *
security-spi-atz.xml* from the assembly directory.
On 4/7/07, Ersin Er <er...@gmail.com> wrote:
>
> Hi,
>
> I don't know how Jetpeed can suggest* an empty value for uniqueMember
> attribute but as it should conform to the LDAP Name syntax, it can
> neither be empty nor anything other than an LDAP name. So instead of
> an empty value, just put something that "looks like" an LDAP name such
> as 'uid=dummy'.
>
> BTW, newer versions of ApacheDS does more strict schema checking. If
> you have problems with schema checking (ask to dev@d.a.o then), you
> can just disable it via ApacheDS configuration really easily (not
> suggestion really).
>
> *I am not involved with Jetspeed, so I may be not aware of some custom
> directory configurations by jetspeed folks which make the suggestions
> appropriate.
>
> HTH,
>
> Ersin Er
> Apache Directory
>
>
> On 4/8/07, dee factorial <de...@gmail.com> wrote:
> > I'm attempting to load the Ldif file for the setup1 of apacheds and I'm
> > getting errors telling me that the unique member attribute has to have a
> > value but everywhere I read in the jetspeed documentation says that
> there
> > has to be an empty value for the uniqueMember attribute.
> >
> > #!RESULT ERROR
> > #!CONNECTION ldap://server.com:10389
> > #!DATE 2007-04-07T12:55:09.718
> > #!ERROR Record is invalid
> > dn: cn=Group2,o=sevenSeas
> > objectClass: top
> > objectClass: groupOfUniqueNames
> > uniqueMember:
> > cn: Group2
> >
> > if I remove the attribute I get this error.
> >
> > #!RESULT ERROR
> > #!CONNECTION ldap://rhythmicearth.com:10389
> > #!DATE 2007-04-07T14:27:14.015
> > #!ERROR [LDAP: error code 65 - failed to add entry
> cn=Group2,o=sevenSeas:
> > Required attributes [2.5.4.50] not found within entry
> cn=Group2,o=sevenSeas]
> > dn: cn=Group2,o=sevenSeas
> > objectClass: top
> > objectClass: groupOfUniqueNames
> > cn: Group2
> >
> >
> > a little about my unusual directory server.
> > I've gone with the embeded Apache DS because I don't want to start up
> > another java instance for apacheds. I've loaded the Jetspeed.schemausing
> > the Schema generator for apacheds and I've created a configuration with
> the
> > basic attributes, Inceptors and Bootstrap Schema.
> >
> > I've copied the security-spi-ldap.xml file to the
> jetspeed/WEB-INF/assembly
> > directory.
> >
> > Is there any file that needs to be removed?
> >
> > I've been able to log into jetspeed with admin user but the
> administrative
> > interface does not show up.
> >
> > Any help would be much appreciated.
> > Thanks,
> > Dominique
> >
>
>
> --
> Ersin
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
Re: LDAP - null values for uniqueMember
Posted by Ersin Er <er...@gmail.com>.
Hi,
I don't know how Jetpeed can suggest* an empty value for uniqueMember
attribute but as it should conform to the LDAP Name syntax, it can
neither be empty nor anything other than an LDAP name. So instead of
an empty value, just put something that "looks like" an LDAP name such
as 'uid=dummy'.
BTW, newer versions of ApacheDS does more strict schema checking. If
you have problems with schema checking (ask to dev@d.a.o then), you
can just disable it via ApacheDS configuration really easily (not
suggestion really).
*I am not involved with Jetspeed, so I may be not aware of some custom
directory configurations by jetspeed folks which make the suggestions
appropriate.
HTH,
Ersin Er
Apache Directory
On 4/8/07, dee factorial <de...@gmail.com> wrote:
> I'm attempting to load the Ldif file for the setup1 of apacheds and I'm
> getting errors telling me that the unique member attribute has to have a
> value but everywhere I read in the jetspeed documentation says that there
> has to be an empty value for the uniqueMember attribute.
>
> #!RESULT ERROR
> #!CONNECTION ldap://server.com:10389
> #!DATE 2007-04-07T12:55:09.718
> #!ERROR Record is invalid
> dn: cn=Group2,o=sevenSeas
> objectClass: top
> objectClass: groupOfUniqueNames
> uniqueMember:
> cn: Group2
>
> if I remove the attribute I get this error.
>
> #!RESULT ERROR
> #!CONNECTION ldap://rhythmicearth.com:10389
> #!DATE 2007-04-07T14:27:14.015
> #!ERROR [LDAP: error code 65 - failed to add entry cn=Group2,o=sevenSeas:
> Required attributes [2.5.4.50] not found within entry cn=Group2,o=sevenSeas]
> dn: cn=Group2,o=sevenSeas
> objectClass: top
> objectClass: groupOfUniqueNames
> cn: Group2
>
>
> a little about my unusual directory server.
> I've gone with the embeded Apache DS because I don't want to start up
> another java instance for apacheds. I've loaded the Jetspeed.schema using
> the Schema generator for apacheds and I've created a configuration with the
> basic attributes, Inceptors and Bootstrap Schema.
>
> I've copied the security-spi-ldap.xml file to the jetspeed/WEB-INF/assembly
> directory.
>
> Is there any file that needs to be removed?
>
> I've been able to log into jetspeed with admin user but the administrative
> interface does not show up.
>
> Any help would be much appreciated.
> Thanks,
> Dominique
>
--
Ersin
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org