You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Nick Faiz <ni...@atlassian.com> on 2005/06/20 08:52:25 UTC
is a org.apache.ldap.server.configuration.Configuration required
in every JNDI connection?
Hi,
It appears that *every* client connection via JNDI must have a
org.apache.apache.ldap.server.configuration.Configuration object stored
within it. In other words, whenever I want to bind against an Apache DS
LDAP instance:
e.g.
ldapContext = new InitialLdapContext( env, null );
I will have to ensure that my env variable contains a config. object!
I understand that the configuration object can be gained from the
Spring context but how will a remote client access it? Surely the client
shouldn't have to know a thing about the configuration of the server, so
long as it fulfills the general contract of behaving as an LDAP client?
:) If I've misunderstood something, please let me know.
Cheers,
Nick
P.S. From org.apache.ldap.server.jndi.AbstractContextFactory:
public final synchronized Context getInitialContext( Hashtable env )
throws NamingException
{
Configuration cfg = Configuration.toConfiguration( env );
//...
From org.apache.ldap.server.configuration.Configuration:
public static Configuration toConfiguration( Hashtable jndiEnvironment )
{
Object value = jndiEnvironment.get( JNDI_KEY );
--
ATLASSIAN - http://www.atlassian.com/
Confluence - the enterprise wiki - tried it yet?
http://www.atlassian.com/confluence/
--
Re: is a org.apache.ldap.server.configuration.Configuration required
in every JNDI connection?
Posted by Enrique Rodriguez <en...@gmail.com>.
Mark Wilcox wrote:
> Is there a Wiki page or URL (or a simple mail message :)) -- to show
> how to enable the Kerberos service provider? I want to minimic a dual
> KDC setup (this is common in Active Directory implementations in
> higher ed where you have one AD tree for students and another for
> staff). ApacheDS seems to be the simplest approach.
>
> But I can't seem to find any docs on how to actually enable the
> Kerberos service provider.
Sorry, no wiki page.
To configure the Apache Kerberos provider, set these env props:
* server.enable.kerberos = true
* kdc.store.searchbase = DN for users, eg: ou=Users,dc=example,dc=com
Enrique
>
> I'm using the .9 release of ApacheDS.
>
> thanks in advance,
>
> Mark
>
Re: [kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration
required in every JNDI connection?)
Posted by Alex Karasulu <ao...@bellsouth.net>.
Mark Wilcox wrote:
>Alex,
>My apologies to f'ing up the subject line :). I'm still getting used
>to Gmail - I swore I updated that subject..
>
>
No problem at all. Just want you and others asking the same question to
be able to get anwers or to dig them up again in an archive.
Thanks,
Alex
Re: [kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?)
Posted by Mark Wilcox <ma...@gmail.com>.
Alex,
My apologies to f'ing up the subject line :). I'm still getting used
to Gmail - I swore I updated that subject..
Thanks for the reply.
mark
On 6/20/05, Alex Karasulu <ao...@bellsouth.net> wrote:
> Hi Mark,
>
> Please try to maintain nettiquette by using a prefix and a descriptive
> email subject. That way the proper people can address your concerns
> rapidly. Also you tacked on your questions to an existing email
> thread. People may ignore it if its in a thread they are not interested
> in. Coming out and saying it's regarding the Kerberos server may
> trigger people to respond.
>
> I understand though that your problem was related to configuration.
> Just trying to give pointers on how you can get the best response
> quickest. Please don't take this personally or as a hazing its just the
> way we do things here - I would recommend this to anyone :-).
>
> Mark Wilcox wrote:
>
> >Is there a Wiki page or URL (or a simple mail message :)) -- to show
> >how to enable the Kerberos service provider? I want to minimic a dual
> >KDC setup (this is common in Active Directory implementations in
> >higher ed where you have one AD tree for students and another for
> >staff). ApacheDS seems to be the simplest approach.
> >
> >
> >
> You can turn it on in 0.9 using Kerberos specific properties using
> EnvKeys.ENABLE_KERBEROS set to true or on. This will start the embedded
> Kerberos server. Other properties also exist for configuring the KDC.
> These properties are found in the KdcConfiguration. Perhaps Enrique has
> a wiki page out there on this stuff where these properties documented.
>
> For now look at KdcConfiguration for 0.9. It extracts properties from
> the environment given to it in the constructor if you look here:
>
> http://svn.apache.org/viewcvs.cgi/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java?rev=168482&view=markup
>
> The JNDI provider in the main of apacheds gives these properties to the
> KdcConfiguration and uses that to start the KDC's protocol provider and
> register it with MINA.
>
> >But I can't seem to find any docs on how to actually enable the
> >Kerberos service provider.
> >
> >
> Sorry about that. We should have the docs out there soon.
>
> >I'm using the .9 release of ApacheDS.
> >
> >
>
> Alex
>
>
[kerberos] How to configure? (Re: is a org.apache.ldap.server.configuration.Configuration
required in every JNDI connection?)
Posted by Alex Karasulu <ao...@bellsouth.net>.
Hi Mark,
Please try to maintain nettiquette by using a prefix and a descriptive
email subject. That way the proper people can address your concerns
rapidly. Also you tacked on your questions to an existing email
thread. People may ignore it if its in a thread they are not interested
in. Coming out and saying it's regarding the Kerberos server may
trigger people to respond.
I understand though that your problem was related to configuration.
Just trying to give pointers on how you can get the best response
quickest. Please don't take this personally or as a hazing its just the
way we do things here - I would recommend this to anyone :-).
Mark Wilcox wrote:
>Is there a Wiki page or URL (or a simple mail message :)) -- to show
>how to enable the Kerberos service provider? I want to minimic a dual
>KDC setup (this is common in Active Directory implementations in
>higher ed where you have one AD tree for students and another for
>staff). ApacheDS seems to be the simplest approach.
>
>
>
You can turn it on in 0.9 using Kerberos specific properties using
EnvKeys.ENABLE_KERBEROS set to true or on. This will start the embedded
Kerberos server. Other properties also exist for configuring the KDC.
These properties are found in the KdcConfiguration. Perhaps Enrique has
a wiki page out there on this stuff where these properties documented.
For now look at KdcConfiguration for 0.9. It extracts properties from
the environment given to it in the constructor if you look here:
http://svn.apache.org/viewcvs.cgi/directory/shared/kerberos/trunk/common/src/java/org/apache/kerberos/service/KdcConfiguration.java?rev=168482&view=markup
The JNDI provider in the main of apacheds gives these properties to the
KdcConfiguration and uses that to start the KDC's protocol provider and
register it with MINA.
>But I can't seem to find any docs on how to actually enable the
>Kerberos service provider.
>
>
Sorry about that. We should have the docs out there soon.
>I'm using the .9 release of ApacheDS.
>
>
Alex
Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?
Posted by Trustin Lee <tr...@gmail.com>.
Hi,
2005/6/21, Mark Wilcox <ma...@gmail.com>:
> Is there a Wiki page or URL (or a simple mail message :)) -- to show
> how to enable the Kerberos service provider? I want to minimic a dual
> KDC setup (this is common in Active Directory implementations in
> higher ed where you have one AD tree for students and another for
> staff). ApacheDS seems to be the simplest approach.
You'll have to implement your ContextFactory extending
AbstractContextFactory. Please take a look at ApacheDS/main code to
find out how we did it.
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?
Posted by Mark Wilcox <ma...@gmail.com>.
Is there a Wiki page or URL (or a simple mail message :)) -- to show
how to enable the Kerberos service provider? I want to minimic a dual
KDC setup (this is common in Active Directory implementations in
higher ed where you have one AD tree for students and another for
staff). ApacheDS seems to be the simplest approach.
But I can't seem to find any docs on how to actually enable the
Kerberos service provider.
I'm using the .9 release of ApacheDS.
thanks in advance,
Mark
Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?
Posted by Trustin Lee <tr...@gmail.com>.
I checked in the fix. Could you try to build apacheds-core? You
shouldn't need to put SyncConfiguration now.
Trustin
2005/6/21, Nick Faiz <ni...@atlassian.com>:
> Hi Trustin,
> Thanks for the quick response.
>
> Yes, there's no immediate problem here for federation. I realise now
> that there's no problem in having to gain access to the original
> Configuration object when creating a new JNDI context each time. I can
> simply create a new SyncConfiguration() each time.
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
Re: is a org.apache.ldap.server.configuration.Configuration required
in every JNDI connection?
Posted by Nick Faiz <ni...@atlassian.com>.
Hi Trustin,
Thanks for the quick response.
Yes, there's no immediate problem here for federation. I realise now
that there's no problem in having to gain access to the original
Configuration object when creating a new JNDI context each time. I can
simply create a new SyncConfiguration() each time.
Still, it does seem a little odd to have to create an empty
SyncConfiguration object each time and ensure it's in the environment
(or provides the environment). From the client's end it doesnt have
anything to do with the connection, unless I want to start the server up
or shut it down.
But it works. :)
Cheers,
Nick
Trustin Lee wrote:
>Hi,
>
>2005/6/21, Alex Karasulu <ao...@bellsouth.net>:
>
>
>>> I understand that the configuration object can be gained from the
>>>Spring context but how will a remote client access it? Surely the
>>>client shouldn't have to know a thing about the configuration of the
>>>server, so long as it fulfills the general contract of behaving as an
>>>LDAP client? :) If I've misunderstood something, please let me know.
>>>
>>>
>
>As Tony mentioned, configuration object is not related with remote
>clients. You'll have to specify three mandatory JNDI properties:
>
>SECURITY_PRINCIPAL
>SECURITY_CREDENTIALS
>SECURITY_AUTHENTICATION
>
>
>
>>If I remember correctly only the apacheds specific configuration
>>information has been put into the configuration object. The JNDI
>>information still has to be put in there I thought. If not we have an
>>issue because this will cause problems when using federation with the
>>provider.
>>
>>Trustin was this the case?
>>
>>
>
>I guess so. But it seems like AbstractContextFactory requires
>Configuration object even if it is already started up and users just
>want to get initial context. So I fixed it.
>
>Trustin
>
>
--
ATLASSIAN - http://www.atlassian.com/
Confluence - the enterprise wiki - tried it yet?
http://www.atlassian.com/confluence/
--
Re: is a org.apache.ldap.server.configuration.Configuration required in every JNDI connection?
Posted by Trustin Lee <tr...@gmail.com>.
Hi,
2005/6/21, Alex Karasulu <ao...@bellsouth.net>:
> > I understand that the configuration object can be gained from the
> > Spring context but how will a remote client access it? Surely the
> > client shouldn't have to know a thing about the configuration of the
> > server, so long as it fulfills the general contract of behaving as an
> > LDAP client? :) If I've misunderstood something, please let me know.
As Tony mentioned, configuration object is not related with remote
clients. You'll have to specify three mandatory JNDI properties:
SECURITY_PRINCIPAL
SECURITY_CREDENTIALS
SECURITY_AUTHENTICATION
> >
> If I remember correctly only the apacheds specific configuration
> information has been put into the configuration object. The JNDI
> information still has to be put in there I thought. If not we have an
> issue because this will cause problems when using federation with the
> provider.
>
> Trustin was this the case?
I guess so. But it seems like AbstractContextFactory requires
Configuration object even if it is already started up and users just
want to get initial context. So I fixed it.
Trustin
--
what we call human nature is actually human habit
--
http://gleamynode.net/
Re: is a org.apache.ldap.server.configuration.Configuration required
in every JNDI connection?
Posted by Alex Karasulu <ao...@bellsouth.net>.
Nick Faiz wrote:
> Hi,
> It appears that *every* client connection via JNDI must have a
> org.apache.apache.ldap.server.configuration.Configuration object
> stored within it. In other words, whenever I want to bind against an
> Apache DS LDAP instance:
>
> e.g.
> ldapContext = new InitialLdapContext( env, null );
>
> I will have to ensure that my env variable contains a config. object!
>
> I understand that the configuration object can be gained from the
> Spring context but how will a remote client access it? Surely the
> client shouldn't have to know a thing about the configuration of the
> server, so long as it fulfills the general contract of behaving as an
> LDAP client? :) If I've misunderstood something, please let me know.
>
If I remember correctly only the apacheds specific configuration
information has been put into the configuration object. The JNDI
information still has to be put in there I thought. If not we have an
issue because this will cause problems when using federation with the
provider.
Trustin was this the case?
Alex
Re: is a org.apache.ldap.server.configuration.Configuration required
in every JNDI connection?
Posted by Nick Faiz <ni...@atlassian.com>.
Okay,
I've since realised that I need to create SyncConfiguration() and
ShutdownConfiguration() objects on the fly, after my initial connection.
It feels kind of odd but it works. :)
Cheers,
Nick
Nick Faiz wrote:
> Hi,
> It appears that *every* client connection via JNDI must have a
> org.apache.apache.ldap.server.configuration.Configuration object
> stored within it. In other words, whenever I want to bind against an
> Apache DS LDAP instance:
>
> e.g.
> ldapContext = new InitialLdapContext( env, null );
>
> I will have to ensure that my env variable contains a config. object!
>
> I understand that the configuration object can be gained from the
> Spring context but how will a remote client access it? Surely the
> client shouldn't have to know a thing about the configuration of the
> server, so long as it fulfills the general contract of behaving as an
> LDAP client? :) If I've misunderstood something, please let me know.
>
> Cheers,
> Nick
>
> P.S. From org.apache.ldap.server.jndi.AbstractContextFactory:
> public final synchronized Context getInitialContext( Hashtable env )
> throws NamingException
> {
> Configuration cfg = Configuration.toConfiguration( env );
>
> //...
>
> From org.apache.ldap.server.configuration.Configuration:
> public static Configuration toConfiguration( Hashtable
> jndiEnvironment )
> {
> Object value = jndiEnvironment.get( JNDI_KEY );
>
>
--
ATLASSIAN - http://www.atlassian.com/
Confluence - the enterprise wiki - tried it yet?
http://www.atlassian.com/confluence/
--
Re: is a org.apache.ldap.server.configuration.Configuration required
in every JNDI connection?
Posted by Tony Blanchard <bl...@wanadoo.fr>.
I had codded a client before the configuration system changed.
When I updated to the last apacheds, I changed nothing in my client code
and it worked perfectly using JNDI properties system.
This is the server wich work with this new congiguration system. And I
had just to change its property file by a xml configuration file.
Hope this help,
Tony Blanchard
Nick Faiz a écrit :
> Hi,
> It appears that *every* client connection via JNDI must have a
> org.apache.apache.ldap.server.configuration.Configuration object
> stored within it. In other words, whenever I want to bind against an
> Apache DS LDAP instance:
>
> e.g.
> ldapContext = new InitialLdapContext( env, null );
>
> I will have to ensure that my env variable contains a config. object!
>
> I understand that the configuration object can be gained from the
> Spring context but how will a remote client access it? Surely the
> client shouldn't have to know a thing about the configuration of the
> server, so long as it fulfills the general contract of behaving as an
> LDAP client? :) If I've misunderstood something, please let me know.
>
> Cheers,
> Nick
>
> P.S. From org.apache.ldap.server.jndi.AbstractContextFactory:
> public final synchronized Context getInitialContext( Hashtable env )
> throws NamingException
> {
> Configuration cfg = Configuration.toConfiguration( env );
>
> //...
>
> From org.apache.ldap.server.configuration.Configuration:
> public static Configuration toConfiguration( Hashtable
> jndiEnvironment )
> {
> Object value = jndiEnvironment.get( JNDI_KEY );
>
>