You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by "Yang, Gang CTR (US)" <ga...@mail.mil> on 2013/01/23 00:23:58 UTC
Broken documentation url
Hi,
I've downloaded DS and Directory Studio. However, the Directory Studio user's guide links seem to have been broken leading to non-existing pages. Any workaround?
If anyone knows, what's the default binding DN/user and password for the ApacheDS?
Thanks,
Gang
Re: Error when open configuration from studio
Posted by Kiran Ayyagari <ka...@apache.org>.
ahh, thought his latest version 'is the latest' but turns out not :)
On Mon, Jan 28, 2013 at 10:52 PM, Pierre-Arnaud Marcelot <pa...@marcelot.net>wrote:
> Hi,
>
> The current Studio version is not compatible with the latest ApacheDS
> version.
>
> But you can try teh latest 'latest' builds, which are currently being
> voted :
> http://people.apache.org/~pamarcelot/ApacheDS_2.0.0-M10/
> and
> http://people.apache.org/~pamarcelot/ApacheDirectoryStudio_2.0.0.v20130125/
>
> If the vote is successful, those releases should be publicly available
> tomorrow, but you can test both of them yourself and give some feedback !
>
> Thanks !
>
> Regards,
> Pierre-Arnaud
>
>
> On 28 janv. 2013, at 17:54, "Yang, Gang CTR (US)" <ga...@mail.mil>
> wrote:
>
> > Hi,
> >
> >
> >
> > I downloaded and installed the latest DS and Studio, and connected
> Studio to the DS. But when trying to open the configuration in the Studio,
> I got the error in the configuration editor: "Could not open the editor:
> ERR_04269 ATTRIBUTE_TYPE for OID ads-replenabled does not exist!" Any idea?
> >
> >
> >
> > Thanks,
> >
> > Gang
>
>
--
Kiran Ayyagari
http://keydap.com
Re: Error when open configuration from studio
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi,
The current Studio version is not compatible with the latest ApacheDS version.
But you can try teh latest 'latest' builds, which are currently being voted :
http://people.apache.org/~pamarcelot/ApacheDS_2.0.0-M10/
and
http://people.apache.org/~pamarcelot/ApacheDirectoryStudio_2.0.0.v20130125/
If the vote is successful, those releases should be publicly available tomorrow, but you can test both of them yourself and give some feedback !
Thanks !
Regards,
Pierre-Arnaud
On 28 janv. 2013, at 17:54, "Yang, Gang CTR (US)" <ga...@mail.mil> wrote:
> Hi,
>
>
>
> I downloaded and installed the latest DS and Studio, and connected Studio to the DS. But when trying to open the configuration in the Studio, I got the error in the configuration editor: "Could not open the editor: ERR_04269 ATTRIBUTE_TYPE for OID ads-replenabled does not exist!" Any idea?
>
>
>
> Thanks,
>
> Gang
Re: Error when open configuration from studio
Posted by Kiran Ayyagari <ka...@apache.org>.
looks like you have old schema in the Studio's cache, can you try again
after refreshing/reloading the schema
in Studio
On Mon, Jan 28, 2013 at 10:24 PM, Yang, Gang CTR (US) <
gang.yang.ctr@mail.mil> wrote:
> Hi,
>
>
>
> I downloaded and installed the latest DS and Studio, and connected Studio
> to the DS. But when trying to open the configuration in the Studio, I got
> the error in the configuration editor: "Could not open the editor:
> ERR_04269 ATTRIBUTE_TYPE for OID ads-replenabled does not exist!" Any idea?
>
>
>
> Thanks,
>
> Gang
>
--
Kiran Ayyagari
http://keydap.com
Error when open configuration from studio
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Hi,
I downloaded and installed the latest DS and Studio, and connected Studio to the DS. But when trying to open the configuration in the Studio, I got the error in the configuration editor: "Could not open the editor: ERR_04269 ATTRIBUTE_TYPE for OID ads-replenabled does not exist!" Any idea?
Thanks,
Gang
Re: Query for user's groups
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 1/29/13 10:07 PM, Yang, Gang CTR (US) a écrit :
> Emmanuel,
>
>
>
> Thanks for the reply. I was using ou:dn:=Roles and it did not work. I thought I was doing something wrong. How can I find out what's supported and what's not by ApacheDS?
By asking here, or by helping us to improve the documentation...
> It could've saved me some effort:-(
Well, this is a balance : the effort we spend on writing the server
cant' be spent on documentaion, as much as we would; We expect our users
to help us improving both, so that the effort you have done would not be
completely wasted...
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
RE: Query for user's groups
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Emmanuel,
Thanks for the reply. I was using ou:dn:=Roles and it did not work. I thought I was doing something wrong. How can I find out what's supported and what's not by ApacheDS? It could've saved me some effort:-(
Gang
________________________________
From: Emmanuel Lécharny [elecharny@gmail.com]
Sent: Tuesday, January 29, 2013 2:32 PM
To: users@directory.apache.org
Subject: Re: Query for user's groups
Le 1/29/13 8:52 PM, Yang, Gang CTR (US) a écrit :
> Sorry, I should've said knowing the group's parent's RDN, "Roles".
If you know what is the parent's DN, then use it as a base for your
search request, using the same filter.
Sadly, would Apacheds support ExtensibleMatch, you would be able to do
it using such a filter :
(&(ou:dn:=Roles)(objectClass=groupOfUniqueNames)(uniqueMember=uid=abc,ou=People,dc-sample,dc=com))
but we don't support (yet) extensibleMatch in filters ... That would be
*the* solution.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com<http://www.iktek.com/>
Re: Query for user's groups
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 1/29/13 8:52 PM, Yang, Gang CTR (US) a écrit :
> Sorry, I should've said knowing the group's parent's RDN, "Roles".
If you know what is the parent's DN, then use it as a base for your
search request, using the same filter.
Sadly, would Apacheds support ExtensibleMatch, you would be able to do
it using such a filter :
(&(ou:dn:=Roles)(objectClass=groupOfUniqueNames)(uniqueMember=uid=abc,ou=People,dc-sample,dc=com))
but we don't support (yet) extensibleMatch in filters ... That would be
*the* solution.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
RE: Query for user's groups
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Sorry, I should've said knowing the group's parent's RDN, "Roles".
Gang
________________________________
From: Yang, Gang CTR (US) [gang.yang.ctr@mail.mil]
Sent: Tuesday, January 29, 2013 1:46 PM
To: users@directory.apache.org
Subject: RE: Query for user's groups
I guess I wasn't clear. Say user with DN, uid=abc,ou=People,dc=sample,dc=com, belongs to two groups with DNs, cn=group1,ou=Roles,dc=sample,dc=com and cn=group2,ou=Groups,dc=sample,dc=com. Both groups have objectClass, groupOfUniqueNames. Knowing the group's RDN, "Roles" and the user's DN, I would like to write a filter that returns group1 (which is under "Roles", but not group2 (which is under "Groups").
Gang
________________________________
From: ayyagarikiran@gmail.com [ayyagarikiran@gmail.com] on behalf of Kiran Ayyagari [kayyagari@apache.org]
Sent: Tuesday, January 29, 2013 12:50 PM
To: users@directory.apache.org
Subject: Re: Query for user's groups
On Wed, Jan 30, 2013 at 12:15 AM, Yang, Gang CTR (US) <
gang.yang.ctr@mail.mil> wrote:
> Hi,
>
>
>
> I've been trying to write an LDAP filter that returns the group/role
> (knowing only the the group's RDN, say "Roles") a particular user (knowning
> the user's DN, say "uid=abc,ou=Peole,dc=sample,dc=com") belongs to and of
> course failed. I was able to return all groups the user belongs to by using
> the following filter:
>
>
>
>
> (&(objectClass=groupOfUniqueNames)(uniqueMember=uid=abc,ou=People,dc-sample,dc=com))
>
>
>
> But how do I qualify the group with the paren's RDN, "Roles"? Any help is
> greatly appreciated.
>
> not sure I understand your question completely
are you trying to search for the roles under a DN like
ou=Roles,dc=sample,dc=com?
>
>
> Gang
>
--
Kiran Ayyagari
http://keydap.com<http://keydap.com/>
RE: Query for user's groups
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
I guess I wasn't clear. Say user with DN, uid=abc,ou=People,dc=sample,dc=com, belongs to two groups with DNs, cn=group1,ou=Roles,dc=sample,dc=com and cn=group2,ou=Groups,dc=sample,dc=com. Both groups have objectClass, groupOfUniqueNames. Knowing the group's RDN, "Roles" and the user's DN, I would like to write a filter that returns group1 (which is under "Roles", but not group2 (which is under "Groups").
Gang
________________________________
From: ayyagarikiran@gmail.com [ayyagarikiran@gmail.com] on behalf of Kiran Ayyagari [kayyagari@apache.org]
Sent: Tuesday, January 29, 2013 12:50 PM
To: users@directory.apache.org
Subject: Re: Query for user's groups
On Wed, Jan 30, 2013 at 12:15 AM, Yang, Gang CTR (US) <
gang.yang.ctr@mail.mil> wrote:
> Hi,
>
>
>
> I've been trying to write an LDAP filter that returns the group/role
> (knowing only the the group's RDN, say "Roles") a particular user (knowning
> the user's DN, say "uid=abc,ou=Peole,dc=sample,dc=com") belongs to and of
> course failed. I was able to return all groups the user belongs to by using
> the following filter:
>
>
>
>
> (&(objectClass=groupOfUniqueNames)(uniqueMember=uid=abc,ou=People,dc-sample,dc=com))
>
>
>
> But how do I qualify the group with the paren's RDN, "Roles"? Any help is
> greatly appreciated.
>
> not sure I understand your question completely
are you trying to search for the roles under a DN like
ou=Roles,dc=sample,dc=com?
>
>
> Gang
>
--
Kiran Ayyagari
http://keydap.com<http://keydap.com/>
RE: Diguest-MD5 authentication
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
After some experiments based on the errors I was getting and tips I found from searching the Internet, here's a summary on using diguest-MD5 authentication with Apache DS so far:
On the ApacheDS server side: (using Apache Directory Studio for configuration)
- Define a host domain name in host file for ldap.example.com
- Use host domain name instead of 127.0.0.1 in ApacheDS configuration for SASL Host
- Make sure the Search Base DN parameter in SASL settings points to where the users entries are stored in DIT
- Store the user password in clear text. In order to acchieve this, some discussions from the mailing list suggested to disable the default passwordPolicies and passwordHashing interceptors
- Restart ApacheDS after chaning the configuration
On the client side: (using Apache Directory Studio)
- Use host domain name instead of 127.0.0.1 in connection configuration for Hostname under Network Parameters
- Use uid alone w/o "uid=" instead of full DN of the user for Bind DN or User under Authentication
- Make sure to select the right SASL realm, example.com in my case, in SASL Settings
Ater doing all these, I'm still getting the error:
LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: cannot acquire password for Gang.Yang in realm : example.com
Anyone who's knowledgeable in this area, please help. I'm using a newly downloaded latest ApacheDS and Apache Directory Studio (2.0.0-M10 and 2.0.0-M4).
Thanks in advance,
Gang
________________________________
From: Yang, Gang CTR (US) [gang.yang.ctr@mail.mil]
Sent: Monday, February 04, 2013 12:28 PM
To: users@directory.apache.org
Subject: Diguest-MD5 authentication
Hi,
I'm using the latest ApacheDS and Apache Directory Studio. I can bind using Simple authentication, but failed using Diguest-MD5 or Kerboros. I'm sure it's the configuration, but I could not find any section in the user's guide (basic or advanced) that tells me how. Any help and pointers are appreciated.
Thanks,
Gang
Diguest-MD5 authentication
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Hi,
I'm using the latest ApacheDS and Apache Directory Studio. I can bind using Simple authentication, but failed using Diguest-MD5 or Kerboros. I'm sure it's the configuration, but I could not find any section in the user's guide (basic or advanced) that tells me how. Any help and pointers are appreciated.
Thanks,
Gang
Re: return distinguishedName or dn?
Posted by Kiran Ayyagari <ka...@apache.org>.
yes, the attribute name is 'entryDn' this is supported since version
2.0.0-M9
On Thu, Jan 31, 2013 at 9:43 PM, Yang, Gang CTR (US) <gang.yang.ctr@mail.mil
> wrote:
> Hi,
>
>
>
> Does ApacheDS return distinguishedName or dn attribute? I tried it and it
> does not seem to work. If not, is there any other way I can get DN back?
>
>
>
> Thanks,
>
> Gang
>
> ________________________________
> From: Emmanuel Lécharny [elecharny@gmail.com]
> Sent: Wednesday, January 30, 2013 3:38 PM
> To: users@directory.apache.org
> Subject: Re: memberOf or like attribute?
>
> Le 1/30/13 10:05 PM, Yang, Gang CTR (US) a écrit :
> > Hi,
> >
> >
> >
> > I read some discussion about memberOf attribute in some other websites.
> Some mentioned using ApacheDS, but could not get it to work. I tried it on
> the latest version and it does not seem to work. I'm wondering if memberOf
> or similar capability is supported by ApacheDS.
> We don't support the virtual attribute memberOf in ApacheDS.
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com<http://www.iktek.com/>
>
>
--
Kiran Ayyagari
http://keydap.com
return distinguishedName or dn?
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Hi,
Does ApacheDS return distinguishedName or dn attribute? I tried it and it does not seem to work. If not, is there any other way I can get DN back?
Thanks,
Gang
________________________________
From: Emmanuel Lécharny [elecharny@gmail.com]
Sent: Wednesday, January 30, 2013 3:38 PM
To: users@directory.apache.org
Subject: Re: memberOf or like attribute?
Le 1/30/13 10:05 PM, Yang, Gang CTR (US) a écrit :
> Hi,
>
>
>
> I read some discussion about memberOf attribute in some other websites. Some mentioned using ApacheDS, but could not get it to work. I tried it on the latest version and it does not seem to work. I'm wondering if memberOf or similar capability is supported by ApacheDS.
We don't support the virtual attribute memberOf in ApacheDS.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com<http://www.iktek.com/>
Re: memberOf or like attribute?
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 1/30/13 10:05 PM, Yang, Gang CTR (US) a écrit :
> Hi,
>
>
>
> I read some discussion about memberOf attribute in some other websites. Some mentioned using ApacheDS, but could not get it to work. I tried it on the latest version and it does not seem to work. I'm wondering if memberOf or similar capability is supported by ApacheDS.
We don't support the virtual attribute memberOf in ApacheDS.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
memberOf or like attribute?
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Hi,
I read some discussion about memberOf attribute in some other websites. Some mentioned using ApacheDS, but could not get it to work. I tried it on the latest version and it does not seem to work. I'm wondering if memberOf or similar capability is supported by ApacheDS.
Thanks,
Gang
Re: Query for user's groups
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Jan 30, 2013 at 12:15 AM, Yang, Gang CTR (US) <
gang.yang.ctr@mail.mil> wrote:
> Hi,
>
>
>
> I've been trying to write an LDAP filter that returns the group/role
> (knowing only the the group's RDN, say "Roles") a particular user (knowning
> the user's DN, say "uid=abc,ou=Peole,dc=sample,dc=com") belongs to and of
> course failed. I was able to return all groups the user belongs to by using
> the following filter:
>
>
>
>
> (&(objectClass=groupOfUniqueNames)(uniqueMember=uid=abc,ou=People,dc-sample,dc=com))
>
>
>
> But how do I qualify the group with the paren's RDN, "Roles"? Any help is
> greatly appreciated.
>
> not sure I understand your question completely
are you trying to search for the roles under a DN like
ou=Roles,dc=sample,dc=com?
>
>
> Gang
>
--
Kiran Ayyagari
http://keydap.com
Query for user's groups
Posted by "Yang, Gang CTR (US)" <ga...@mail.mil>.
Hi,
I've been trying to write an LDAP filter that returns the group/role (knowing only the the group's RDN, say "Roles") a particular user (knowning the user's DN, say "uid=abc,ou=Peole,dc=sample,dc=com") belongs to and of course failed. I was able to return all groups the user belongs to by using the following filter:
(&(objectClass=groupOfUniqueNames)(uniqueMember=uid=abc,ou=People,dc-sample,dc=com))
But how do I qualify the group with the paren's RDN, "Roles"? Any help is greatly appreciated.
Gang
Re: Broken documentation url
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Jan 23, 2013 at 4:53 AM, Yang, Gang CTR (US) <gang.yang.ctr@mail.mil
> wrote:
> Hi,
>
>
>
> I've downloaded DS and Directory Studio. However, the Directory Studio
> user's guide links seem to have been broken leading to non-existing pages.
> Any workaround?
>
>
>
> If anyone knows, what's the default binding DN/user and password for the
> ApacheDS?
>
>
> uid=admin,ou=system
secret
>
> Thanks,
>
> Gang
>
--
Kiran Ayyagari
http://keydap.com
Re: Broken documentation url
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Done!
The guides are back online.
Regards,
Pierre-Arnaud
On 23 janv. 2013, at 08:56, Pierre-Arnaud Marcelot <pa...@marcelot.net> wrote:
> Hi,
>
> We recently moved our website to a new publishing system and some static content has been left behind.
> I'm going to republish Studio's user guide within the day.
>
> Thanks for letting us know.
>
> Regards,
> Pierre-Arnaud
>
>
> On 23 janv. 2013, at 00:23, "Yang, Gang CTR (US)" <ga...@mail.mil> wrote:
>
>> Hi,
>>
>>
>>
>> I've downloaded DS and Directory Studio. However, the Directory Studio user's guide links seem to have been broken leading to non-existing pages. Any workaround?
>>
>>
>>
>> If anyone knows, what's the default binding DN/user and password for the ApacheDS?
>>
>>
>>
>> Thanks,
>>
>> Gang
>
Re: Broken documentation url
Posted by Pierre-Arnaud Marcelot <pa...@marcelot.net>.
Hi,
We recently moved our website to a new publishing system and some static content has been left behind.
I'm going to republish Studio's user guide within the day.
Thanks for letting us know.
Regards,
Pierre-Arnaud
On 23 janv. 2013, at 00:23, "Yang, Gang CTR (US)" <ga...@mail.mil> wrote:
> Hi,
>
>
>
> I've downloaded DS and Directory Studio. However, the Directory Studio user's guide links seem to have been broken leading to non-existing pages. Any workaround?
>
>
>
> If anyone knows, what's the default binding DN/user and password for the ApacheDS?
>
>
>
> Thanks,
>
> Gang