You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Xu Yaning (JIRA)" <ji...@apache.org> on 2015/06/18 08:58:00 UTC
[jira] [Comment Edited] (DIRKRB-303) Define Ldap schema for
LdapBackendIdentity
[ https://issues.apache.org/jira/browse/DIRKRB-303?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14591364#comment-14591364 ]
Xu Yaning edited comment on DIRKRB-303 at 6/18/15 6:57 AM:
-----------------------------------------------------------
Thanks Kiran for your advice. I've used {{krb5KeyVersionNumber}} to store {{keyVersion}}. A solution is to store both {{keyVersion}} and {{krb5kvno}} in {{krb5KeyVersionNumber}}. Another question is, I've tried to use {{createTimestamp}}, however, when I try to get the attribute, it returns {{null}}. The code is as follows.
{code}
protected KrbIdentity doAddIdentity(KrbIdentity identity) {
String principalName = identity.getPrincipalName();
String[] names = principalName.split("@");
String uid = names[0];
Entry entry = new DefaultEntry();
KeysInfo keysInfo = new KeysInfo(identity);
try {
Dn dn = new Dn(new Rdn("uid", uid), new Dn(BASE_DN));
entry.setDn(dn);
entry.add("objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry");
entry.add("cn", names[0]);
entry.add( "sn", names[0]);
entry.add(KerberosAttribute.KRB5_KEY_AT, keysInfo.getKeys());//keyData stored in krb5Key
entry.add( "krb5EncryptionType", keysInfo.getEtypes());
entry.add("givenName", keysInfo.getKvnos());//kvno stored in attribute givenName
entry.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalName);
entry.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, identity.getKeyVersion() + "");
entry.add( "krb5KDCFlags", "" + identity.getKdcFlags());
entry.add( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT, "" + identity.isDisabled());
// createTime stored in krb5ValidStart attribute
entry.add( "createTimestamp",
toGeneralizedTime(identity.getCreatedTime()));
entry.add(KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT, "" + identity.isLocked());
entry.add( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT,
toGeneralizedTime(identity.getExpireTime()));
connection.add(entry);
System.out.println(connection.lookup(dn).get("createTimestamp"));//return null
} catch (LdapInvalidDnException e) {
e.printStackTrace();
} catch (LdapException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return identity;
}
{code}
Is there something I need to do to solve this?
was (Author: yaningxu):
Thanks Kiran for your advice. I've use {{krb5KeyVersionNumber}} to store {{keyVersion}}. A solution is to store both {{keyVersion}} and {{krb5kvno}} in {{krb5KeyVersionNumber}}. Another question is, I've tried to use {{createTimestamp}}, however, when I try to get the attribute, it returns {{null}}. The code is as follows.
{code}
protected KrbIdentity doAddIdentity(KrbIdentity identity) {
String principalName = identity.getPrincipalName();
String[] names = principalName.split("@");
String uid = names[0];
Entry entry = new DefaultEntry();
KeysInfo keysInfo = new KeysInfo(identity);
try {
Dn dn = new Dn(new Rdn("uid", uid), new Dn(BASE_DN));
entry.setDn(dn);
entry.add("objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry");
entry.add("cn", names[0]);
entry.add( "sn", names[0]);
entry.add(KerberosAttribute.KRB5_KEY_AT, keysInfo.getKeys());//keyData stored in krb5Key
entry.add( "krb5EncryptionType", keysInfo.getEtypes());
entry.add("givenName", keysInfo.getKvnos());//kvno stored in attribute givenName
entry.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalName);
entry.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, identity.getKeyVersion() + "");
entry.add( "krb5KDCFlags", "" + identity.getKdcFlags());
entry.add( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT, "" + identity.isDisabled());
// createTime stored in krb5ValidStart attribute
entry.add( "createTimestamp",
toGeneralizedTime(identity.getCreatedTime()));
entry.add(KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT, "" + identity.isLocked());
entry.add( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT,
toGeneralizedTime(identity.getExpireTime()));
connection.add(entry);
System.out.println(connection.lookup(dn).get("createTimestamp"));//return null
} catch (LdapInvalidDnException e) {
e.printStackTrace();
} catch (LdapException e) {
e.printStackTrace();
} catch (Exception e) {
e.printStackTrace();
}
return identity;
}
{code}
Is there something I need to do to solve this?
> Define Ldap schema for LdapBackendIdentity
> ------------------------------------------
>
> Key: DIRKRB-303
> URL: https://issues.apache.org/jira/browse/DIRKRB-303
> Project: Directory Kerberos
> Issue Type: New Feature
> Reporter: Xu Yaning
>
> Since there are some attributes the built-in shema in ApacheDS doesn't support. It's better to define a new schema for Kerby.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)