You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Kevin Minder <ke...@hortonworks.com> on 2013/11/26 15:58:26 UTC
WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
I'm trying to provide a very, very simple demo LDAP server for use with
my project. I've managed to create one that is working using the code
at the bottom. However it emits the following two WARN lines when
started. Ideally I'd like to get rid of these as to not confuse/concern
my users.
The first one looks like it could be solved by creating a copy of
DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
rather not do that.
The second one I really have no idea how to resolve. I'd be fine with
setting an instance specific password but it isn't clear what API should
be used or if that would fit into the way the
DefaultDirectoryServiceFactory handles the DefaultDirectoryService
lifecycle.
I can provide a very simple maven project to illustrate if that would
will help someone help me. BTW setting the logger level won't work for
me because I do want any bind authentication failures to be output and
these are WARNs too.
[09:47:45] WARN
[org.apache.directory.server.core.DefaultDirectoryService] - ApacheDS
shutdown hook has NOT been registered with the runtime. This default
setting for standalone operation has been overriden.
[09:47:46] WARN
[org.apache.directory.server.core.DefaultDirectoryService] - You didn't
change the admin password of directory service instance
'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'. Please update the admin
password as soon as possible to prevent a possible security breach.
public SimpleLdapServer( String rootDn, File usersLdif, Transport...
transports ) throws Exception {
factory = new DefaultDirectoryServiceFactory();
factory.init( UUID.randomUUID().toString() );
service = factory.getDirectoryService();
Partition partition = factory.getPartitionFactory().createPartition(
service.getSchemaManager(), "users", rootDn, 500,
service.getInstanceLayout().getInstanceDirectory() );
service.addPartition( partition );
CoreSession session = service.getAdminSession();
LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
lfl.execute();
server = new LdapServer();
server.setTransports( transports );
server.setDirectoryService( service );
service.startup();
server.start();
}
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
Posted by Kevin Minder <ke...@hortonworks.com>.
Thanks for the input Kiran. Turns out to do what you suggest requires
some minor refactoring.
I filed a jira for that and uploaded a patch with the required changes.
DIRSERVER-1920: Refactor
DefaultDirectoryServiceFactory/DefaultDirectoryService for extensibility
https://issues.apache.org/jira/browse/DIRSERVER-1920
On 11/26/13 1:50 PM, Kiran Ayyagari wrote:
> On Wed, Nov 27, 2013 at 12:06 AM, Kevin Minder <kevin.minder@hortonworks.com
>> wrote:
>> there is no way to do this using any API
>> I take this to mean there is no API to do this programmatically.
>> So it seems like I have two choices.
>>
>> 1) Copy DefaultDirectoryServiceFactory and change the implementation of
>> initSystemPartition so that the admin user has a non-default password.
>> Looking at the current implementation of this method it isn't clear how
>> that would be done.
>>
>> no, this method won't help, you need to do in the below mentioned way (if
> you really want to solve this!!)
>
> 1. extend DefaultDirectoryService and overwrite the startup() method with
> all the lines
> except for the call to showSecurityWarnings()
> 2. instantiate the above created custom DirectoryService in your custom
> DirectoryService factory
>
>
>> 2) Use LdapConnection.modify request to set the admin's password. I'd like
>> to see an example of that but I don't think this will solve my problem as
>> the server needs to come up to service that request and therefore the
>> WARNing will be output.
>>
>> So it seems like the only possible solution to both of my issues is likely
>> to copy and modify DefaultDirectoryServiceFactory. Here I'll say that
>> the reason I'm in this position now is because the version of this I had
>> before was based on ApacheDS 1.5.5 and this needs to be totally rewritten
>> for 2.0.0. I'd really like to be able to use something maintained by
>> ApacheDS for this use case. I understand that my use case may not be
>> important to the ApacheDS community.
>>
>> ya this is a warning that _must_ be shown
>> On 11/26/13 12:47 PM, Kiran Ayyagari wrote:
>>
>>> On Tue, Nov 26, 2013 at 8:28 PM, Kevin Minder
>>> <ke...@hortonworks.com>wrote:
>>>
>>> I'm trying to provide a very, very simple demo LDAP server for use with
>>>> my
>>>> project. I've managed to create one that is working using the code at
>>>> the
>>>> bottom. However it emits the following two WARN lines when started.
>>>> Ideally I'd like to get rid of these as to not confuse/concern my
>>>> users.
>>>>
>>>> The first one looks like it could be solved by creating a copy of
>>>> DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
>>>> rather not do that.
>>>>
>>>> The second one I really have no idea how to resolve. I'd be fine with
>>>> setting an instance specific password but it isn't clear what API should
>>>> be
>>>> used or if that would fit into the way the DefaultDirectoryServiceFactory
>>>> handles the DefaultDirectoryService lifecycle.
>>>>
>>>> there is no way to do this using any API
>>>> I can provide a very simple maven project to illustrate if that would
>>>> will
>>>> help someone help me. BTW setting the logger level won't work for me
>>>> because I do want any bind authentication failures to be output and these
>>>> are WARNs too.
>>>>
>>>> [09:47:45] WARN [org.apache.directory.server.
>>>> core.DefaultDirectoryService]
>>>> - ApacheDS shutdown hook has NOT been registered with the runtime. This
>>>> default setting for standalone operation has been overriden.
>>>> [09:47:46] WARN [org.apache.directory.server.
>>>> core.DefaultDirectoryService]
>>>> - You didn't change the admin password of directory service instance
>>>> 'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'. Please update the admin
>>>> password
>>>> as soon as possible to prevent a possible security breach.
>>>>
>>>> public SimpleLdapServer( String rootDn, File usersLdif, Transport...
>>>> transports ) throws Exception {
>>>> factory = new DefaultDirectoryServiceFactory();
>>>> factory.init( UUID.randomUUID().toString() );
>>>> service = factory.getDirectoryService();
>>>>
>>>> Partition partition = factory.getPartitionFactory().
>>>> createPartition(
>>>> service.getSchemaManager(), "users", rootDn, 500,
>>>> service.getInstanceLayout().getInstanceDirectory() );
>>>> service.addPartition( partition );
>>>>
>>>> CoreSession session = service.getAdminSession();
>>>> LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
>>>> lfl.execute();
>>>>
>>>> server = new LdapServer();
>>>> server.setTransports( transports );
>>>> server.setDirectoryService( service );
>>>> service.startup();
>>>> server.start();
>>>> }
>>>>
>>>> --
>>>> CONFIDENTIALITY NOTICE
>>>> NOTICE: This message is intended for the use of the individual or entity
>>>> to which it is addressed and may contain information that is
>>>> confidential,
>>>> privileged and exempt from disclosure under applicable law. If the reader
>>>> of this message is not the intended recipient, you are hereby notified
>>>> that
>>>> any printing, copying, dissemination, distribution, disclosure or
>>>> forwarding of this communication is strictly prohibited. If you have
>>>> received this communication in error, please contact the sender
>>>> immediately
>>>> and delete it from your system. Thank You.
>>>>
>>>>
>>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender immediately
>> and delete it from your system. Thank You.
>>
>
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Nov 27, 2013 at 12:06 AM, Kevin Minder <kevin.minder@hortonworks.com
> wrote:
> there is no way to do this using any API
>>
> I take this to mean there is no API to do this programmatically.
> So it seems like I have two choices.
>
> 1) Copy DefaultDirectoryServiceFactory and change the implementation of
> initSystemPartition so that the admin user has a non-default password.
> Looking at the current implementation of this method it isn't clear how
> that would be done.
>
> no, this method won't help, you need to do in the below mentioned way (if
you really want to solve this!!)
1. extend DefaultDirectoryService and overwrite the startup() method with
all the lines
except for the call to showSecurityWarnings()
2. instantiate the above created custom DirectoryService in your custom
DirectoryService factory
> 2) Use LdapConnection.modify request to set the admin's password. I'd like
> to see an example of that but I don't think this will solve my problem as
> the server needs to come up to service that request and therefore the
> WARNing will be output.
>
> So it seems like the only possible solution to both of my issues is likely
> to copy and modify DefaultDirectoryServiceFactory. Here I'll say that
> the reason I'm in this position now is because the version of this I had
> before was based on ApacheDS 1.5.5 and this needs to be totally rewritten
> for 2.0.0. I'd really like to be able to use something maintained by
> ApacheDS for this use case. I understand that my use case may not be
> important to the ApacheDS community.
>
> ya this is a warning that _must_ be shown
>
> On 11/26/13 12:47 PM, Kiran Ayyagari wrote:
>
>> On Tue, Nov 26, 2013 at 8:28 PM, Kevin Minder
>> <ke...@hortonworks.com>wrote:
>>
>> I'm trying to provide a very, very simple demo LDAP server for use with
>>> my
>>> project. I've managed to create one that is working using the code at
>>> the
>>> bottom. However it emits the following two WARN lines when started.
>>> Ideally I'd like to get rid of these as to not confuse/concern my
>>> users.
>>>
>>> The first one looks like it could be solved by creating a copy of
>>> DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
>>> rather not do that.
>>>
>>> The second one I really have no idea how to resolve. I'd be fine with
>>> setting an instance specific password but it isn't clear what API should
>>> be
>>> used or if that would fit into the way the DefaultDirectoryServiceFactory
>>> handles the DefaultDirectoryService lifecycle.
>>>
>>> there is no way to do this using any API
>>> I can provide a very simple maven project to illustrate if that would
>>> will
>>> help someone help me. BTW setting the logger level won't work for me
>>> because I do want any bind authentication failures to be output and these
>>> are WARNs too.
>>>
>>> [09:47:45] WARN [org.apache.directory.server.
>>> core.DefaultDirectoryService]
>>> - ApacheDS shutdown hook has NOT been registered with the runtime. This
>>> default setting for standalone operation has been overriden.
>>> [09:47:46] WARN [org.apache.directory.server.
>>> core.DefaultDirectoryService]
>>> - You didn't change the admin password of directory service instance
>>> 'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'. Please update the admin
>>> password
>>> as soon as possible to prevent a possible security breach.
>>>
>>> public SimpleLdapServer( String rootDn, File usersLdif, Transport...
>>> transports ) throws Exception {
>>> factory = new DefaultDirectoryServiceFactory();
>>> factory.init( UUID.randomUUID().toString() );
>>> service = factory.getDirectoryService();
>>>
>>> Partition partition = factory.getPartitionFactory().
>>> createPartition(
>>> service.getSchemaManager(), "users", rootDn, 500,
>>> service.getInstanceLayout().getInstanceDirectory() );
>>> service.addPartition( partition );
>>>
>>> CoreSession session = service.getAdminSession();
>>> LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
>>> lfl.execute();
>>>
>>> server = new LdapServer();
>>> server.setTransports( transports );
>>> server.setDirectoryService( service );
>>> service.startup();
>>> server.start();
>>> }
>>>
>>> --
>>> CONFIDENTIALITY NOTICE
>>> NOTICE: This message is intended for the use of the individual or entity
>>> to which it is addressed and may contain information that is
>>> confidential,
>>> privileged and exempt from disclosure under applicable law. If the reader
>>> of this message is not the intended recipient, you are hereby notified
>>> that
>>> any printing, copying, dissemination, distribution, disclosure or
>>> forwarding of this communication is strictly prohibited. If you have
>>> received this communication in error, please contact the sender
>>> immediately
>>> and delete it from your system. Thank You.
>>>
>>>
>>
>>
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
--
Kiran Ayyagari
http://keydap.com
Re: WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
Posted by Kevin Minder <ke...@hortonworks.com>.
> there is no way to do this using any API
I take this to mean there is no API to do this programmatically.
So it seems like I have two choices.
1) Copy DefaultDirectoryServiceFactory and change the implementation of
initSystemPartition so that the admin user has a non-default password.
Looking at the current implementation of this method it isn't clear how
that would be done.
2) Use LdapConnection.modify request to set the admin's password. I'd
like to see an example of that but I don't think this will solve my
problem as the server needs to come up to service that request and
therefore the WARNing will be output.
So it seems like the only possible solution to both of my issues is
likely to copy and modify DefaultDirectoryServiceFactory. Here I'll say
that the reason I'm in this position now is because the version of this
I had before was based on ApacheDS 1.5.5 and this needs to be totally
rewritten for 2.0.0. I'd really like to be able to use something
maintained by ApacheDS for this use case. I understand that my use case
may not be important to the ApacheDS community.
On 11/26/13 12:47 PM, Kiran Ayyagari wrote:
> On Tue, Nov 26, 2013 at 8:28 PM, Kevin Minder
> <ke...@hortonworks.com>wrote:
>
>> I'm trying to provide a very, very simple demo LDAP server for use with my
>> project. I've managed to create one that is working using the code at the
>> bottom. However it emits the following two WARN lines when started.
>> Ideally I'd like to get rid of these as to not confuse/concern my users.
>>
>> The first one looks like it could be solved by creating a copy of
>> DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
>> rather not do that.
>>
>> The second one I really have no idea how to resolve. I'd be fine with
>> setting an instance specific password but it isn't clear what API should be
>> used or if that would fit into the way the DefaultDirectoryServiceFactory
>> handles the DefaultDirectoryService lifecycle.
>>
>> there is no way to do this using any API
>> I can provide a very simple maven project to illustrate if that would will
>> help someone help me. BTW setting the logger level won't work for me
>> because I do want any bind authentication failures to be output and these
>> are WARNs too.
>>
>> [09:47:45] WARN [org.apache.directory.server.core.DefaultDirectoryService]
>> - ApacheDS shutdown hook has NOT been registered with the runtime. This
>> default setting for standalone operation has been overriden.
>> [09:47:46] WARN [org.apache.directory.server.core.DefaultDirectoryService]
>> - You didn't change the admin password of directory service instance
>> 'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'. Please update the admin password
>> as soon as possible to prevent a possible security breach.
>>
>> public SimpleLdapServer( String rootDn, File usersLdif, Transport...
>> transports ) throws Exception {
>> factory = new DefaultDirectoryServiceFactory();
>> factory.init( UUID.randomUUID().toString() );
>> service = factory.getDirectoryService();
>>
>> Partition partition = factory.getPartitionFactory().createPartition(
>> service.getSchemaManager(), "users", rootDn, 500,
>> service.getInstanceLayout().getInstanceDirectory() );
>> service.addPartition( partition );
>>
>> CoreSession session = service.getAdminSession();
>> LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
>> lfl.execute();
>>
>> server = new LdapServer();
>> server.setTransports( transports );
>> server.setDirectoryService( service );
>> service.startup();
>> server.start();
>> }
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender immediately
>> and delete it from your system. Thank You.
>>
>
>
--
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
privileged and exempt from disclosure under applicable law. If the reader
of this message is not the intended recipient, you are hereby notified that
any printing, copying, dissemination, distribution, disclosure or
forwarding of this communication is strictly prohibited. If you have
received this communication in error, please contact the sender immediately
and delete it from your system. Thank You.
Re: WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
Posted by Kiran Ayyagari <ka...@apache.org>.
On Tue, Nov 26, 2013 at 8:28 PM, Kevin Minder
<ke...@hortonworks.com>wrote:
> I'm trying to provide a very, very simple demo LDAP server for use with my
> project. I've managed to create one that is working using the code at the
> bottom. However it emits the following two WARN lines when started.
> Ideally I'd like to get rid of these as to not confuse/concern my users.
>
> The first one looks like it could be solved by creating a copy of
> DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
> rather not do that.
>
> The second one I really have no idea how to resolve. I'd be fine with
> setting an instance specific password but it isn't clear what API should be
> used or if that would fit into the way the DefaultDirectoryServiceFactory
> handles the DefaultDirectoryService lifecycle.
>
> there is no way to do this using any API
> I can provide a very simple maven project to illustrate if that would will
> help someone help me. BTW setting the logger level won't work for me
> because I do want any bind authentication failures to be output and these
> are WARNs too.
>
> [09:47:45] WARN [org.apache.directory.server.core.DefaultDirectoryService]
> - ApacheDS shutdown hook has NOT been registered with the runtime. This
> default setting for standalone operation has been overriden.
> [09:47:46] WARN [org.apache.directory.server.core.DefaultDirectoryService]
> - You didn't change the admin password of directory service instance
> 'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'. Please update the admin password
> as soon as possible to prevent a possible security breach.
>
> public SimpleLdapServer( String rootDn, File usersLdif, Transport...
> transports ) throws Exception {
> factory = new DefaultDirectoryServiceFactory();
> factory.init( UUID.randomUUID().toString() );
> service = factory.getDirectoryService();
>
> Partition partition = factory.getPartitionFactory().createPartition(
> service.getSchemaManager(), "users", rootDn, 500,
> service.getInstanceLayout().getInstanceDirectory() );
> service.addPartition( partition );
>
> CoreSession session = service.getAdminSession();
> LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
> lfl.execute();
>
> server = new LdapServer();
> server.setTransports( transports );
> server.setDirectoryService( service );
> service.startup();
> server.start();
> }
>
> --
> CONFIDENTIALITY NOTICE
> NOTICE: This message is intended for the use of the individual or entity
> to which it is addressed and may contain information that is confidential,
> privileged and exempt from disclosure under applicable law. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any printing, copying, dissemination, distribution, disclosure or
> forwarding of this communication is strictly prohibited. If you have
> received this communication in error, please contact the sender immediately
> and delete it from your system. Thank You.
>
--
Kiran Ayyagari
http://keydap.com