[ApacheDS] Adding a security principal in an embedded context

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hello again :-)

There might be a blindingly obvious answer to my question, but I'm 
having a major senior moment and I can't see it myself..In an embedded 
configuration, how does
one go about adding a user as the security principal? Is it a matter of 
creating a cn with the details on startup or is there something a little 
more involved here?

Thanks,

Yiannis.

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Emmanuel Lecharny <el...@apache.org>]

On Mon, Feb 23, 2009 at 3:02 PM, David R Robison
<dr...@openroadsconsulting.com> wrote:
> Is there a procedure for building the Windows Install EXE from the SVN
> sources? Thanks, David

For the installers :
http://directory.apache.org/apacheds/1.5/02-building-trunks.html#0.2.Buildingtrunks-Buildingtheinstallers

and the starting point is :
http://directory.apache.org/apacheds/1.5/02-building-trunks.html

If you have any problem, don't hesitate to post again !

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Alex Karasulu <ak...@gmail.com>]

Just turn on the krb5 schema by removing the m-disabled attribute which is
set to true by default on this schema.  You can do this by logging into the
server as the admin and altering the cn=krb5,ou=schema entry.

Cheers,
Alex

On Mon, Feb 23, 2009 at 10:47 AM, David R Robison <
drrobison@openroadsconsulting.com> wrote:

> Thanks, that did the trick for the installer. However, after installing, I
> get two new errors:
>
> 1) OID for name 'krb5PrincipalName' was not found within the OID registry
> Do I need to manually add this somewhere?
>
> 2) java.lang.ClassNotFoundException:
> org.bouncycastle.jce.provider.BouncyCastleProvider
> Should I include this in the lib directory?
>
> Thanks, David
>
>
> Pierre-Arnaud Marcelot wrote:
>
>> Unfortunately, we have not extracted the makensis path to the user's
>> settings.xml file yet.
>> This is very bad... Moreover, a JIRA should be created for this.
>>
>> So, for now, it's "hardcoded" in the the pom.xml file of the project
>> (which
>> is very very bad...).
>>
>> You might have to twek the location in the pom.xml to get it working on
>> your
>> environment.
>>
>> Regards,
>> Pierre-Arnaud
>>
>> On Mon, Feb 23, 2009 at 3:28 PM, David R Robison <
>> drrobison@openroadsconsulting.com> wrote:
>>
>>
>>
>>> Thanks, can you send me an example of how to configure the
>>> ~/.m2/settings.xml file to point to my makensis install? David
>>>
>>>
>>> Pierre-Arnaud Marcelot wrote:
>>>
>>>
>>>
>>>> Hi David,
>>>>
>>>> You'll need to install the NSIS compiler utility on your machine.
>>>>
>>>> You can find some information on these pages (they're not that complete,
>>>> nor
>>>> up-to-date though).
>>>>
>>>>
>>>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Apache+DS+Installers+Documentation
>>>>
>>>>
>>>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Installing+NSIS+-+All+platforms
>>>>
>>>> Hope this helps,
>>>> Pierre-Arnaud
>>>>
>>>>
>>>> On Mon, Feb 23, 2009 at 3:02 PM, David R Robison <
>>>> drrobison@openroadsconsulting.com> wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>> Is there a procedure for building the Windows Install EXE from the SVN
>>>>> sources? Thanks, David
>>>>>
>>>>> Emmanuel Lecharny wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Is there a release date for 1.5.5 that will include the fix? David
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>
>>>>>>>
>>>>>> Not yet. But you can build the server from trunk.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> --
>>>>>
>>>>> David R Robison
>>>>> Open Roads Consulting, Inc.
>>>>> 103 Watson Road, Chesapeake, VA 23320
>>>>> phone: (757) 546-3401
>>>>> e-mail: drrobison@openroadsconsulting.com
>>>>> web: http://openroadsconsulting.com
>>>>> blog: http://therobe.blogspot.com
>>>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>>>
>>>>> This e-mail communication (including any attachments) may contain
>>>>> confidential and/or privileged material intended solely for the
>>>>> individual
>>>>> or entity to which it is addressed.  If you are not the intended
>>>>> recipient,
>>>>> you should immediately stop reading this message and delete it from all
>>>>> computers that it resides on. Any unauthorized reading, distribution,
>>>>> copying or other use of this communication (or its attachments) is
>>>>> strictly
>>>>> prohibited.  If you have received this communication in error, please
>>>>> notify
>>>>> us immediately.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>>
>>> --
>>>
>>> David R Robison
>>> Open Roads Consulting, Inc.
>>> 103 Watson Road, Chesapeake, VA 23320
>>> phone: (757) 546-3401
>>> e-mail: drrobison@openroadsconsulting.com
>>> web: http://openroadsconsulting.com
>>> blog: http://therobe.blogspot.com
>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>
>>> This e-mail communication (including any attachments) may contain
>>> confidential and/or privileged material intended solely for the
>>> individual
>>> or entity to which it is addressed.  If you are not the intended
>>> recipient,
>>> you should immediately stop reading this message and delete it from all
>>> computers that it resides on. Any unauthorized reading, distribution,
>>> copying or other use of this communication (or its attachments) is
>>> strictly
>>> prohibited.  If you have received this communication in error, please
>>> notify
>>> us immediately.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: (757) 546-3401
> e-mail: drrobison@openroadsconsulting.com
> web: http://openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book: http://www.xulonpress.com/book_detail.php?id=2579
>
> This e-mail communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed.  If you are not the intended recipient,
> you should immediately stop reading this message and delete it from all
> computers that it resides on. Any unauthorized reading, distribution,
> copying or other use of this communication (or its attachments) is strictly
> prohibited.  If you have received this communication in error, please notify
> us immediately.
>
>
>
>
>

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

We are using 1.5.2 in our other project which was the latest available 
at that time. David

Emmanuel Lecharny wrote:
> On Tue, Feb 24, 2009 at 2:26 PM, David R Robison
> <dr...@openroadsconsulting.com> wrote:
>   
>> Thanks for your quick response. We use ApacheDS in other projects and are
>> quite pleased with it. Thanks again, David
>>     
>
> Which version are you using, for my information ?
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Emmanuel Lecharny <el...@apache.org>]

On Tue, Feb 24, 2009 at 2:26 PM, David R Robison
<dr...@openroadsconsulting.com> wrote:
> Thanks for your quick response. We use ApacheDS in other projects and are
> quite pleased with it. Thanks again, David

Which version are you using, for my information ?

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Thanks for your quick response. We use ApacheDS in other projects and 
are quite pleased with it. Thanks again, David

Emmanuel Lecharny wrote:
> Hi David,
>
> We are having a look at the current Kerberos implementation. I think
> that Christine is jumping in the band wagon atm and will check what's
> going on.
>
> The server was working at some point in the past, but since then, we
> may have introduced some bad modifications, and as Kerberos was not
> our main target, we weren't cautious enough. Our bad.
>
> Thanks for trying, and to keep going. We will do our best to make it
> work back asap.
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Emmanuel Lecharny <el...@apache.org>]

Hi David,

We are having a look at the current Kerberos implementation. I think
that Christine is jumping in the band wagon atm and will check what's
going on.

The server was working at some point in the past, but since then, we
may have introduced some bad modifications, and as Kerberos was not
our main target, we weren't cautious enough. Our bad.

Thanks for trying, and to keep going. We will do our best to make it
work back asap.
-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Felix Knecht <fe...@apache.org>]

You can find the schemas and description (*.xsd, *.xsd.html file) depending on the version you use @

http://repo2.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.2/
http://repo2.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.3/
http://repo2.maven.org/maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.4/
http://vm094.oxylos.org/mirror-maven2/org/apache/directory/server/apacheds-xbean-spring/1.5.5-SNAPSHOT/

This may help using 'better' xml editor.

Regards
Felix

David R Robison schrieb:
> I have. I also tried to give the kdcServer an Id and reference it in the
> apacheDS element:
> 
>  <kdcServer id="kdcServer">
>    <tcpTransport>
>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>    </tcpTransport>
>    <udpTransport>
>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>    </udpTransport>
>    <directoryService>#directoryService</directoryService>
>  </kdcServer>
> ...
>  <apacheDS id="apacheDS"
>            synchPeriodMillis="15000"
>            allowAnonymousAccess="false">
> 
>    <directoryService>#directoryService</directoryService>
>    <ldapService>#ldapService</ldapService>
>    <ldapsService>#ldapsService</ldapsService>
>    <kdcServer>#kdcServer</kdcServer>
>          <!-- We load the orci root context entry here -->
>    <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>  </apacheDS>
> 
> but then it complains that the kdcServer is not a valid property of the
> apacheDS element. My guess is that the kdcServer needs to be references
> somewhere else, but I'm not sure where. David
> 
> Emmanuel Lecharny wrote:
>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>> <dr...@openroadsconsulting.com> wrote:
>>  
>>> I copied the following files to the lib directory of the DS install and
>>> restarted the server.
>>> bcprov-ext-jdk16-141.jar
>>> bcprov-jdk16-141.jar
>>> Things seem to run OK, but the Kerberos server still does not seem to
>>> want
>>> to start up. Here is the log.
>>>     
>>
>> Have you uncommented the kerberos part in the server.xml file ?
>>
>>   <!--
>>   +============================================================+
>>   | Kerberos server configuration                              |
>>   +============================================================+
>>   -->
>>   <!--  missing atou=users,dc=example,dc=com
>> <--------------------- here, remove the starting comment
>>   <kdcServer>
>>     <tcpTransport>
>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>     </tcpTransport>
>>     <udpTransport>
>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>     </udpTransport>
>>     <directoryService>#directoryService</directoryService>
>>   </kdcServer>
>> -->
>>
>> I must tell you that the Kerberos server is really in an hazardous
>> state, atm. It _may_ work, but there are no guarantee :/
>>
>>   
> 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Stefan Seelmann <se...@apache.org>]

Hi David,

sure, just build with

  mvn clean install -Dmaven.test.skip=true

see also http://maven.apache.org/general.html#skip-test

Kind Regards,
Stefan

David R Robison schrieb:
> Is there a way to build the project without running the tests? Thanks,
> David
> 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Is there a way to build the project without running the tests? Thanks, David

David R Robison wrote:
> I'm also getting this error:
> java.lang.ClassCastException: 
> org.apache.mina.core.buffer.SimpleBufferAllocator$SimpleBuffer cannot 
> be cast to 
> org.apache.directory.server.kerberos.shared.messages.KdcRequest
>    at 
> org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:140) 
>
> Any thoughts? David
>
> David R Robison wrote:
>> I'm now getting a new error:
>>
>> java.lang.IllegalArgumentException: Other filter is using the same 
>> name 'codec'
>>
>> It looks like both the KdcServer and KerberosProtocolHandler classes 
>> define that codec. Should it only be done in one place?
>> David
>>
>> David R Robison wrote:
>>> Well, I finally got the kdcServer to startup, I'm proceeding with 
>>> testing against it. The problem was that the kdcServer element in 
>>> the server.xml file needed id="kdcServer"
>>> David
>>>
>>> David R Robison wrote:
>>>> I have. I also tried to give the kdcServer an Id and reference it 
>>>> in the apacheDS element:
>>>>
>>>>  <kdcServer id="kdcServer">
>>>>    <tcpTransport>
>>>>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>>>>    </tcpTransport>
>>>>    <udpTransport>
>>>>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>>>>    </udpTransport>
>>>>    <directoryService>#directoryService</directoryService>
>>>>  </kdcServer>
>>>> ...
>>>>  <apacheDS id="apacheDS"
>>>>            synchPeriodMillis="15000"
>>>>            allowAnonymousAccess="false">
>>>>
>>>>    <directoryService>#directoryService</directoryService>
>>>>    <ldapService>#ldapService</ldapService>
>>>>    <ldapsService>#ldapsService</ldapsService>
>>>>    <kdcServer>#kdcServer</kdcServer>
>>>>          <!-- We load the orci root context entry here -->
>>>>    
>>>> <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>>>>  </apacheDS>
>>>>
>>>> but then it complains that the kdcServer is not a valid property of 
>>>> the apacheDS element. My guess is that the kdcServer needs to be 
>>>> references somewhere else, but I'm not sure where. David
>>>>
>>>> Emmanuel Lecharny wrote:
>>>>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>>>>> <dr...@openroadsconsulting.com> wrote:
>>>>>  
>>>>>> I copied the following files to the lib directory of the DS 
>>>>>> install and
>>>>>> restarted the server.
>>>>>> bcprov-ext-jdk16-141.jar
>>>>>> bcprov-jdk16-141.jar
>>>>>> Things seem to run OK, but the Kerberos server still does not 
>>>>>> seem to want
>>>>>> to start up. Here is the log.
>>>>>>     
>>>>>
>>>>> Have you uncommented the kerberos part in the server.xml file ?
>>>>>
>>>>>   <!--
>>>>>   +============================================================+
>>>>>   | Kerberos server configuration                              |
>>>>>   +============================================================+
>>>>>   -->
>>>>>   <!--  missing atou=users,dc=example,dc=com
>>>>> <--------------------- here, remove the starting comment
>>>>>   <kdcServer>
>>>>>     <tcpTransport>
>>>>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>>     </tcpTransport>
>>>>>     <udpTransport>
>>>>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>>     </udpTransport>
>>>>>     <directoryService>#directoryService</directoryService>
>>>>>   </kdcServer>
>>>>> -->
>>>>>
>>>>> I must tell you that the Kerberos server is really in an hazardous
>>>>> state, atm. It _may_ work, but there are no guarantee :/
>>>>>
>>>>>   
>>>>
>>>
>>
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

I modified the KerberosProtocolHandler to test if the "codec" filter was
previously added to the filter chain:

    public void sessionCreated( IoSession session ) throws Exception
    {
        if ( log.isDebugEnabled() )
        {
            log.debug( "{} CREATED:  {}", session.getRemoteAddress(),
session.getTransportMetadata() );
        }

        if ( session.getTransportMetadata().isConnectionless() )
        {
            if (session.getFilterChain().get("codec") == null)
session.getFilterChain().addFirst( "codec",
                new ProtocolCodecFilter(
KerberosUdpProtocolCodecFactory.getInstance() ) );
        }
        else
        {
            if (session.getFilterChain().get("codec") == null)
session.getFilterChain().addFirst( "codec",
                new ProtocolCodecFilter(
KerberosTcpProtocolCodecFactory.getInstance() ) );
        }
    }

Not I get a new error:

[16:03:34] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Client not found in Kerberos database (6)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Client not found in Kerberos database
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:747)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getClientEntry(AuthenticationService.java:152)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:103)
    at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:156)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:722)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:48)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:802)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:392)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:228)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:48)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:802)
    at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:120)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:417)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:388)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:57)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:341)
    at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:65)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.directory.shared.ldap.NotImplementedException: N
O T   I M P L E M E N T E D   Y E T !
    at
org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:95)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:743)
    ... 23 more

Does this mean that the Kerberos servier in 1.5.5-SNAPSHOT is not
presently implemented? Am I out of luck at this point?
Thanks, David

David R Robison wrote:
> I'm also getting this error:
> java.lang.ClassCastException: 
> org.apache.mina.core.buffer.SimpleBufferAllocator$SimpleBuffer cannot 
> be cast to 
> org.apache.directory.server.kerberos.shared.messages.KdcRequest
>    at 
> org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:140) 
>
> Any thoughts? David
>
> David R Robison wrote:
>> I'm now getting a new error:
>>
>> java.lang.IllegalArgumentException: Other filter is using the same 
>> name 'codec'
>>
>> It looks like both the KdcServer and KerberosProtocolHandler classes 
>> define that codec. Should it only be done in one place?
>> David
>>
>> David R Robison wrote:
>>> Well, I finally got the kdcServer to startup, I'm proceeding with 
>>> testing against it. The problem was that the kdcServer element in 
>>> the server.xml file needed id="kdcServer"
>>> David
>>>
>>> David R Robison wrote:
>>>> I have. I also tried to give the kdcServer an Id and reference it 
>>>> in the apacheDS element:
>>>>
>>>>  <kdcServer id="kdcServer">
>>>>    <tcpTransport>
>>>>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>>>>    </tcpTransport>
>>>>    <udpTransport>
>>>>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>>>>    </udpTransport>
>>>>    <directoryService>#directoryService</directoryService>
>>>>  </kdcServer>
>>>> ...
>>>>  <apacheDS id="apacheDS"
>>>>            synchPeriodMillis="15000"
>>>>            allowAnonymousAccess="false">
>>>>
>>>>    <directoryService>#directoryService</directoryService>
>>>>    <ldapService>#ldapService</ldapService>
>>>>    <ldapsService>#ldapsService</ldapsService>
>>>>    <kdcServer>#kdcServer</kdcServer>
>>>>          <!-- We load the orci root context entry here -->
>>>>    
>>>> <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>>>>  </apacheDS>
>>>>
>>>> but then it complains that the kdcServer is not a valid property of 
>>>> the apacheDS element. My guess is that the kdcServer needs to be 
>>>> references somewhere else, but I'm not sure where. David
>>>>
>>>> Emmanuel Lecharny wrote:
>>>>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>>>>> <dr...@openroadsconsulting.com> wrote:
>>>>>  
>>>>>> I copied the following files to the lib directory of the DS 
>>>>>> install and
>>>>>> restarted the server.
>>>>>> bcprov-ext-jdk16-141.jar
>>>>>> bcprov-jdk16-141.jar
>>>>>> Things seem to run OK, but the Kerberos server still does not 
>>>>>> seem to want
>>>>>> to start up. Here is the log.
>>>>>>     
>>>>>
>>>>> Have you uncommented the kerberos part in the server.xml file ?
>>>>>
>>>>>   <!--
>>>>>   +============================================================+
>>>>>   | Kerberos server configuration                              |
>>>>>   +============================================================+
>>>>>   -->
>>>>>   <!--  missing atou=users,dc=example,dc=com
>>>>> <--------------------- here, remove the starting comment
>>>>>   <kdcServer>
>>>>>     <tcpTransport>
>>>>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>>     </tcpTransport>
>>>>>     <udpTransport>
>>>>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>>     </udpTransport>
>>>>>     <directoryService>#directoryService</directoryService>
>>>>>   </kdcServer>
>>>>> -->
>>>>>
>>>>> I must tell you that the Kerberos server is really in an hazardous
>>>>> state, atm. It _may_ work, but there are no guarantee :/
>>>>>
>>>>>   
>>>>
>>>
>>
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain 
confidential and/or privileged material intended solely for the 
individual or entity to which it is addressed.  If you are not the 
intended recipient, you should immediately stop reading this message and 
delete it from all computers that it resides on. Any unauthorized 
reading, distribution, copying or other use of this communication (or 
its attachments) is strictly prohibited.  If you have received this 
communication in error, please notify us immediately.

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

I'm also getting this error:
java.lang.ClassCastException: 
org.apache.mina.core.buffer.SimpleBufferAllocator$SimpleBuffer cannot be 
cast to org.apache.directory.server.kerberos.shared.messages.KdcRequest
    at 
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:140)
Any thoughts? David

David R Robison wrote:
> I'm now getting a new error:
>
> java.lang.IllegalArgumentException: Other filter is using the same 
> name 'codec'
>
> It looks like both the KdcServer and KerberosProtocolHandler classes 
> define that codec. Should it only be done in one place?
> David
>
> David R Robison wrote:
>> Well, I finally got the kdcServer to startup, I'm proceeding with 
>> testing against it. The problem was that the kdcServer element in the 
>> server.xml file needed id="kdcServer"
>> David
>>
>> David R Robison wrote:
>>> I have. I also tried to give the kdcServer an Id and reference it in 
>>> the apacheDS element:
>>>
>>>  <kdcServer id="kdcServer">
>>>    <tcpTransport>
>>>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>>>    </tcpTransport>
>>>    <udpTransport>
>>>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>>>    </udpTransport>
>>>    <directoryService>#directoryService</directoryService>
>>>  </kdcServer>
>>> ...
>>>  <apacheDS id="apacheDS"
>>>            synchPeriodMillis="15000"
>>>            allowAnonymousAccess="false">
>>>
>>>    <directoryService>#directoryService</directoryService>
>>>    <ldapService>#ldapService</ldapService>
>>>    <ldapsService>#ldapsService</ldapsService>
>>>    <kdcServer>#kdcServer</kdcServer>
>>>          <!-- We load the orci root context entry here -->
>>>    
>>> <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>>>  </apacheDS>
>>>
>>> but then it complains that the kdcServer is not a valid property of 
>>> the apacheDS element. My guess is that the kdcServer needs to be 
>>> references somewhere else, but I'm not sure where. David
>>>
>>> Emmanuel Lecharny wrote:
>>>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>>>> <dr...@openroadsconsulting.com> wrote:
>>>>  
>>>>> I copied the following files to the lib directory of the DS 
>>>>> install and
>>>>> restarted the server.
>>>>> bcprov-ext-jdk16-141.jar
>>>>> bcprov-jdk16-141.jar
>>>>> Things seem to run OK, but the Kerberos server still does not seem 
>>>>> to want
>>>>> to start up. Here is the log.
>>>>>     
>>>>
>>>> Have you uncommented the kerberos part in the server.xml file ?
>>>>
>>>>   <!--
>>>>   +============================================================+
>>>>   | Kerberos server configuration                              |
>>>>   +============================================================+
>>>>   -->
>>>>   <!--  missing atou=users,dc=example,dc=com
>>>> <--------------------- here, remove the starting comment
>>>>   <kdcServer>
>>>>     <tcpTransport>
>>>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>     </tcpTransport>
>>>>     <udpTransport>
>>>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>     </udpTransport>
>>>>     <directoryService>#directoryService</directoryService>
>>>>   </kdcServer>
>>>> -->
>>>>
>>>> I must tell you that the Kerberos server is really in an hazardous
>>>> state, atm. It _may_ work, but there are no guarantee :/
>>>>
>>>>   
>>>
>>
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

I'm now getting a new error:

java.lang.IllegalArgumentException: Other filter is using the same name 
'codec'

It looks like both the KdcServer and KerberosProtocolHandler classes 
define that codec. Should it only be done in one place?
David

David R Robison wrote:
> Well, I finally got the kdcServer to startup, I'm proceeding with 
> testing against it. The problem was that the kdcServer element in the 
> server.xml file needed id="kdcServer"
> David
>
> David R Robison wrote:
>> I have. I also tried to give the kdcServer an Id and reference it in 
>> the apacheDS element:
>>
>>  <kdcServer id="kdcServer">
>>    <tcpTransport>
>>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>>    </tcpTransport>
>>    <udpTransport>
>>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>>    </udpTransport>
>>    <directoryService>#directoryService</directoryService>
>>  </kdcServer>
>> ...
>>  <apacheDS id="apacheDS"
>>            synchPeriodMillis="15000"
>>            allowAnonymousAccess="false">
>>
>>    <directoryService>#directoryService</directoryService>
>>    <ldapService>#ldapService</ldapService>
>>    <ldapsService>#ldapsService</ldapsService>
>>    <kdcServer>#kdcServer</kdcServer>
>>          <!-- We load the orci root context entry here -->
>>    
>> <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>>  </apacheDS>
>>
>> but then it complains that the kdcServer is not a valid property of 
>> the apacheDS element. My guess is that the kdcServer needs to be 
>> references somewhere else, but I'm not sure where. David
>>
>> Emmanuel Lecharny wrote:
>>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>>> <dr...@openroadsconsulting.com> wrote:
>>>  
>>>> I copied the following files to the lib directory of the DS install 
>>>> and
>>>> restarted the server.
>>>> bcprov-ext-jdk16-141.jar
>>>> bcprov-jdk16-141.jar
>>>> Things seem to run OK, but the Kerberos server still does not seem 
>>>> to want
>>>> to start up. Here is the log.
>>>>     
>>>
>>> Have you uncommented the kerberos part in the server.xml file ?
>>>
>>>   <!--
>>>   +============================================================+
>>>   | Kerberos server configuration                              |
>>>   +============================================================+
>>>   -->
>>>   <!--  missing atou=users,dc=example,dc=com
>>> <--------------------- here, remove the starting comment
>>>   <kdcServer>
>>>     <tcpTransport>
>>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>>     </tcpTransport>
>>>     <udpTransport>
>>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>>     </udpTransport>
>>>     <directoryService>#directoryService</directoryService>
>>>   </kdcServer>
>>> -->
>>>
>>> I must tell you that the Kerberos server is really in an hazardous
>>> state, atm. It _may_ work, but there are no guarantee :/
>>>
>>>   
>>
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Well, I finally got the kdcServer to startup, I'm proceeding with 
testing against it. The problem was that the kdcServer element in the 
server.xml file needed id="kdcServer"
David

David R Robison wrote:
> I have. I also tried to give the kdcServer an Id and reference it in 
> the apacheDS element:
>
>  <kdcServer id="kdcServer">
>    <tcpTransport>
>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>    </tcpTransport>
>    <udpTransport>
>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>    </udpTransport>
>    <directoryService>#directoryService</directoryService>
>  </kdcServer>
> ...
>  <apacheDS id="apacheDS"
>            synchPeriodMillis="15000"
>            allowAnonymousAccess="false">
>
>    <directoryService>#directoryService</directoryService>
>    <ldapService>#ldapService</ldapService>
>    <ldapsService>#ldapsService</ldapsService>
>    <kdcServer>#kdcServer</kdcServer>
>          <!-- We load the orci root context entry here -->
>    <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>  </apacheDS>
>
> but then it complains that the kdcServer is not a valid property of 
> the apacheDS element. My guess is that the kdcServer needs to be 
> references somewhere else, but I'm not sure where. David
>
> Emmanuel Lecharny wrote:
>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>> <dr...@openroadsconsulting.com> wrote:
>>  
>>> I copied the following files to the lib directory of the DS install and
>>> restarted the server.
>>> bcprov-ext-jdk16-141.jar
>>> bcprov-jdk16-141.jar
>>> Things seem to run OK, but the Kerberos server still does not seem 
>>> to want
>>> to start up. Here is the log.
>>>     
>>
>> Have you uncommented the kerberos part in the server.xml file ?
>>
>>   <!--
>>   +============================================================+
>>   | Kerberos server configuration                              |
>>   +============================================================+
>>   -->
>>   <!--  missing atou=users,dc=example,dc=com
>> <--------------------- here, remove the starting comment
>>   <kdcServer>
>>     <tcpTransport>
>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>     </tcpTransport>
>>     <udpTransport>
>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>     </udpTransport>
>>     <directoryService>#directoryService</directoryService>
>>   </kdcServer>
>> -->
>>
>> I must tell you that the Kerberos server is really in an hazardous
>> state, atm. It _may_ work, but there are no guarantee :/
>>
>>   
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

I have. I also tried to give the kdcServer an Id and reference it in the 
apacheDS element:

  <kdcServer id="kdcServer">
    <tcpTransport>
      <tcpTransport port="88" nbThreads="4" backLog="50"/>
    </tcpTransport>
    <udpTransport>
      <udpTransport port="88" nbThreads="4" backLog="50"/>
    </udpTransport>
    <directoryService>#directoryService</directoryService>
  </kdcServer>
...
  <apacheDS id="apacheDS"
            synchPeriodMillis="15000"
            allowAnonymousAccess="false">

    <directoryService>#directoryService</directoryService>
    <ldapService>#ldapService</ldapService>
    <ldapsService>#ldapsService</ldapsService>
    <kdcServer>#kdcServer</kdcServer>
       
    <!-- We load the orci root context entry here -->
    <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
  </apacheDS>

but then it complains that the kdcServer is not a valid property of the 
apacheDS element. My guess is that the kdcServer needs to be references 
somewhere else, but I'm not sure where. David

Emmanuel Lecharny wrote:
> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
> <dr...@openroadsconsulting.com> wrote:
>   
>> I copied the following files to the lib directory of the DS install and
>> restarted the server.
>> bcprov-ext-jdk16-141.jar
>> bcprov-jdk16-141.jar
>> Things seem to run OK, but the Kerberos server still does not seem to want
>> to start up. Here is the log.
>>     
>
> Have you uncommented the kerberos part in the server.xml file ?
>
>   <!--
>   +============================================================+
>   | Kerberos server configuration                              |
>   +============================================================+
>   -->
>   <!--  missing atou=users,dc=example,dc=com
> <--------------------- here, remove the starting comment
>   <kdcServer>
>     <tcpTransport>
>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>     </tcpTransport>
>     <udpTransport>
>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>     </udpTransport>
>     <directoryService>#directoryService</directoryService>
>   </kdcServer>
> -->
>
> I must tell you that the Kerberos server is really in an hazardous
> state, atm. It _may_ work, but there are no guarantee :/
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Emmanuel Lecharny <el...@apache.org>]

On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
<dr...@openroadsconsulting.com> wrote:
> I copied the following files to the lib directory of the DS install and
> restarted the server.
> bcprov-ext-jdk16-141.jar
> bcprov-jdk16-141.jar
> Things seem to run OK, but the Kerberos server still does not seem to want
> to start up. Here is the log.

Have you uncommented the kerberos part in the server.xml file ?

  <!--
  +============================================================+
  | Kerberos server configuration                              |
  +============================================================+
  -->
  <!--  missing atou=users,dc=example,dc=com
<--------------------- here, remove the starting comment
  <kdcServer>
    <tcpTransport>
      <tcpTransport port="60088" nbThreads="4" backLog="50"/>
    </tcpTransport>
    <udpTransport>
      <udpTransport port="60088" nbThreads="4" backLog="50"/>
    </udpTransport>
    <directoryService>#directoryService</directoryService>
  </kdcServer>
-->

I must tell you that the Kerberos server is really in an hazardous
state, atm. It _may_ work, but there are no guarantee :/

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

I copied the following files to the lib directory of the DS install and 
restarted the server.
bcprov-ext-jdk16-141.jar
bcprov-jdk16-141.jar
Things seem to run OK, but the Kerberos server still does not seem to 
want to start up. Here is the log.

STATUS | wrapper  | 2009/02/23 11:01:56 | --> Wrapper Started as Service
STATUS | wrapper  | 2009/02/23 11:01:56 | Launching a JVM...
INFO   | jvm 1    | 2009/02/23 11:01:57 | Wrapper (Version 3.2.3) 
http://wrapper.tanukisoftware.org
INFO   | jvm 1    | 2009/02/23 11:01:57 |   Copyright 1999-2006 Tanuki 
Software, Inc.  All Rights Reserved.
INFO   | jvm 1    | 2009/02/23 11:01:57 |
INFO   | jvm 1    | 2009/02/23 11:01:57 | Starting the LDAP server
INFO   | jvm 1    | 2009/02/23 11:01:57 | [11:01:57] INFO 
[org.apache.directory.server.Service] - Starting the LDAP server
INFO   | jvm 1    | 2009/02/23 11:01:57 |            
_                     _          ____  ____  
INFO   | jvm 1    | 2009/02/23 11:01:57 |           / \   _ __    ___  
___| |__   ___|  _ \/ ___| 
INFO   | jvm 1    | 2009/02/23 11:01:57 |          / _ \ | '_ \ / _` |/ 
__| '_ \ / _ \ | | \___ \ 
INFO   | jvm 1    | 2009/02/23 11:01:57 |         / ___ \| |_) | (_| | 
(__| | | |  __/ |_| |___) |
INFO   | jvm 1    | 2009/02/23 11:01:57 |        /_/   \_\ .__/ 
\__,_|\___|_| |_|\___|____/|____/ 
INFO   | jvm 1    | 2009/02/23 11:01:57 |                
|_|                                      
INFO   | jvm 1    | 2009/02/23 11:01:57 |
INFO   | jvm 1    | 2009/02/23 11:01:57 | [11:01:57] INFO 
[org.apache.directory.server.Service] - server: loading settings from
INFO   | jvm 1    | 2009/02/23 11:01:57 | [11:01:57] INFO 
[org.apache.xbean.spring.context.FileSystemXmlApplicationContext] - 
Refreshing 
org.apache.xbean.spring.context.FileSystemXmlApplicationContext@194df86: 
display name 
[org.apache.xbean.spring.context.FileSystemXmlApplicationContext@194df86]; 
startup date [Mon Feb 23 11:01:57 EST 2009]; root of context hierarchy
INFO   | jvm 1    | 2009/02/23 11:01:57 | [11:01:57] INFO 
[org.apache.xbean.spring.context.v2.XBeanXmlBeanDefinitionReader] - 
Loading XML bean definitions from URL 
[file:/C:/Program%20Files/Apache%20Directory%20Server/instances/default/conf/server.xml]
INFO   | jvm 1    | 2009/02/23 11:01:58 | [11:01:58] INFO 
[org.apache.xbean.spring.context.FileSystemXmlApplicationContext] - Bean 
factory for application context 
[org.apache.xbean.spring.context.FileSystemXmlApplicationContext@194df86]: 
org.springframework.beans.factory.support.DefaultListableBeanFactory@15663a2
INFO   | jvm 1    | 2009/02/23 11:01:59 | UDP Transport created : 
<localhost:88, 3>
INFO   | jvm 1    | 2009/02/23 11:01:59 | [11:01:59] INFO 
[org.apache.directory.server.configuration.ApacheDS] - Starting the 
Apache Directory Server
INFO   | jvm 1    | 2009/02/23 11:01:59 | [11:01:59] INFO 
[org.apache.directory.server.configuration.ApacheDS] - Set the 
allowAnonymousAccess flag to false
INFO   | jvm 1    | 2009/02/23 11:01:59 | [11:01:59] INFO 
[org.apache.directory.server.configuration.ApacheDS] - Set the 
synchPeriodMillis to 15000
INFO   | jvm 1    | 2009/02/23 11:01:59 | [11:01:59] INFO 
[org.apache.directory.server.configuration.ApacheDS] - The LDIF 
directory file is C:\Program Files\Apache Directory 
Server\bin\..\instances\default\conf\orciRoot.ldif
INFO   | jvm 1    | 2009/02/23 11:01:59 | [11:01:59] INFO 
[org.apache.directory.server.core.DefaultDirectoryService] - ApacheDS 
shutdown hook has been registered with the runtime.
INFO   | jvm 1    | 2009/02/23 11:02:01 | [11:02:01] WARN 
[org.apache.directory.server.schema.registries.DefaultOidRegistry] - OID 
for name 'krb5PrincipalName' was not found within the OID registry
INFO   | jvm 1    | 2009/02/23 11:02:01 | [11:02:01] INFO 
[org.apache.directory.server.core.event.EventInterceptor] - Initializing ...
INFO   | jvm 1    | 2009/02/23 11:02:01 | [11:02:01] INFO 
[org.apache.directory.server.core.event.EventInterceptor] - 
Initialization complete.
INFO   | jvm 1    | 2009/02/23 11:02:01 | [11:02:01] INFO 
[org.apache.directory.server.configuration.ApacheDS] - LDIF load 
directory 'C:\\Program Files\\Apache Directory 
Server\\instances\\default\\conf\\orciRoot.ldif' is a file. Will attempt 
to load as LDIF.
INFO   | jvm 1    | 2009/02/23 11:02:01 | [11:02:01] INFO 
[org.apache.directory.server.configuration.ApacheDS] - Load of LDIF file 
'C:\\Program Files\\Apache Directory 
Server\\instances\\default\\conf\\orciRoot.ldif' skipped.  It has 
already been loaded on 20090223155308Z.
INFO   | jvm 1    | 2009/02/23 11:02:01 | [11:02:01] INFO 
[org.apache.directory.server.ldap.LdapService] - Added Extended Request 
Handler: 1.3.6.1.4.1.1466.20037
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.ldap.LdapService] - Added Extended Request 
Handler: 1.3.6.1.4.1.18060.0.1.3
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.ldap.LdapService] - Added Extended Request 
Handler: 1.3.6.1.4.1.18060.0.1.1
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.ldap.LdapService] - Successful bind of an 
LDAP Service (10389) is complete.
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.ldap.LdapService] - Ldap service started.
INFO   | jvm 1    | 2009/02/23 11:02:02 | Ldap service started.
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.ldap.LdapService] - Successful bind of an 
LDAP Service (10686) is complete.
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.ldap.LdapService] - Ldaps service started.
INFO   | jvm 1    | 2009/02/23 11:02:02 | Ldaps service started.
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.Service] - LDAP server: started in 4594 
milliseconds
INFO   | jvm 1    | 2009/02/23 11:02:02 | LDAP server started
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.Service] - Cannot find any reference to the 
NTP Server in the server.xml file : the server won't be started
INFO   | jvm 1    | 2009/02/23 11:02:02 | [11:02:02] INFO 
[org.apache.directory.server.Service] - Cannot find any reference to the 
Kerberos Server in the server.xml file : the server won't be started

Any thoughts?

David R Robison wrote:
> Thanks, that did the trick for the installer. However, after 
> installing, I get two new errors:
>
> 1) OID for name 'krb5PrincipalName' was not found within the OID registry
> Do I need to manually add this somewhere?
>
> 2) java.lang.ClassNotFoundException: 
> org.bouncycastle.jce.provider.BouncyCastleProvider
> Should I include this in the lib directory?
>
> Thanks, David
>
> Pierre-Arnaud Marcelot wrote:
>> Unfortunately, we have not extracted the makensis path to the user's
>> settings.xml file yet.
>> This is very bad... Moreover, a JIRA should be created for this.
>>
>> So, for now, it's "hardcoded" in the the pom.xml file of the project 
>> (which
>> is very very bad...).
>>
>> You might have to twek the location in the pom.xml to get it working 
>> on your
>> environment.
>>
>> Regards,
>> Pierre-Arnaud
>>
>> On Mon, Feb 23, 2009 at 3:28 PM, David R Robison <
>> drrobison@openroadsconsulting.com> wrote:
>>
>>  
>>> Thanks, can you send me an example of how to configure the
>>> ~/.m2/settings.xml file to point to my makensis install? David
>>>
>>>
>>> Pierre-Arnaud Marcelot wrote:
>>>
>>>    
>>>> Hi David,
>>>>
>>>> You'll need to install the NSIS compiler utility on your machine.
>>>>
>>>> You can find some information on these pages (they're not that 
>>>> complete,
>>>> nor
>>>> up-to-date though).
>>>>
>>>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Apache+DS+Installers+Documentation 
>>>>
>>>>
>>>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Installing+NSIS+-+All+platforms 
>>>>
>>>>
>>>> Hope this helps,
>>>> Pierre-Arnaud
>>>>
>>>>
>>>> On Mon, Feb 23, 2009 at 3:02 PM, David R Robison <
>>>> drrobison@openroadsconsulting.com> wrote:
>>>>
>>>>
>>>>
>>>>      
>>>>> Is there a procedure for building the Windows Install EXE from the 
>>>>> SVN
>>>>> sources? Thanks, David
>>>>>
>>>>> Emmanuel Lecharny wrote:
>>>>>
>>>>>
>>>>>
>>>>>        
>>>>>> Is there a release date for 1.5.5 that will include the fix? David
>>>>>>
>>>>>>
>>>>>>          
>>>>>>>             
>>>>>> Not yet. But you can build the server from trunk.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>           
>>>>> -- 
>>>>>
>>>>> David R Robison
>>>>> Open Roads Consulting, Inc.
>>>>> 103 Watson Road, Chesapeake, VA 23320
>>>>> phone: (757) 546-3401
>>>>> e-mail: drrobison@openroadsconsulting.com
>>>>> web: http://openroadsconsulting.com
>>>>> blog: http://therobe.blogspot.com
>>>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>>>
>>>>> This e-mail communication (including any attachments) may contain
>>>>> confidential and/or privileged material intended solely for the
>>>>> individual
>>>>> or entity to which it is addressed.  If you are not the intended
>>>>> recipient,
>>>>> you should immediately stop reading this message and delete it 
>>>>> from all
>>>>> computers that it resides on. Any unauthorized reading, distribution,
>>>>> copying or other use of this communication (or its attachments) is
>>>>> strictly
>>>>> prohibited.  If you have received this communication in error, please
>>>>> notify
>>>>> us immediately.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>         
>>>>
>>>>       
>>> -- 
>>>
>>> David R Robison
>>> Open Roads Consulting, Inc.
>>> 103 Watson Road, Chesapeake, VA 23320
>>> phone: (757) 546-3401
>>> e-mail: drrobison@openroadsconsulting.com
>>> web: http://openroadsconsulting.com
>>> blog: http://therobe.blogspot.com
>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>
>>> This e-mail communication (including any attachments) may contain
>>> confidential and/or privileged material intended solely for the 
>>> individual
>>> or entity to which it is addressed.  If you are not the intended 
>>> recipient,
>>> you should immediately stop reading this message and delete it from all
>>> computers that it resides on. Any unauthorized reading, distribution,
>>> copying or other use of this communication (or its attachments) is 
>>> strictly
>>> prohibited.  If you have received this communication in error, 
>>> please notify
>>> us immediately.
>>>
>>>
>>>
>>>
>>>
>>>     
>>
>>   
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Thanks, that did the trick for the installer. However, after installing, 
I get two new errors:

1) OID for name 'krb5PrincipalName' was not found within the OID registry
Do I need to manually add this somewhere?

2) java.lang.ClassNotFoundException: 
org.bouncycastle.jce.provider.BouncyCastleProvider
Should I include this in the lib directory?

Thanks, David

Pierre-Arnaud Marcelot wrote:
> Unfortunately, we have not extracted the makensis path to the user's
> settings.xml file yet.
> This is very bad... Moreover, a JIRA should be created for this.
>
> So, for now, it's "hardcoded" in the the pom.xml file of the project (which
> is very very bad...).
>
> You might have to twek the location in the pom.xml to get it working on your
> environment.
>
> Regards,
> Pierre-Arnaud
>
> On Mon, Feb 23, 2009 at 3:28 PM, David R Robison <
> drrobison@openroadsconsulting.com> wrote:
>
>   
>> Thanks, can you send me an example of how to configure the
>> ~/.m2/settings.xml file to point to my makensis install? David
>>
>>
>> Pierre-Arnaud Marcelot wrote:
>>
>>     
>>> Hi David,
>>>
>>> You'll need to install the NSIS compiler utility on your machine.
>>>
>>> You can find some information on these pages (they're not that complete,
>>> nor
>>> up-to-date though).
>>>
>>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Apache+DS+Installers+Documentation
>>>
>>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Installing+NSIS+-+All+platforms
>>>
>>> Hope this helps,
>>> Pierre-Arnaud
>>>
>>>
>>> On Mon, Feb 23, 2009 at 3:02 PM, David R Robison <
>>> drrobison@openroadsconsulting.com> wrote:
>>>
>>>
>>>
>>>       
>>>> Is there a procedure for building the Windows Install EXE from the SVN
>>>> sources? Thanks, David
>>>>
>>>> Emmanuel Lecharny wrote:
>>>>
>>>>
>>>>
>>>>         
>>>>> Is there a release date for 1.5.5 that will include the fix? David
>>>>>
>>>>>
>>>>>           
>>>>>>             
>>>>> Not yet. But you can build the server from trunk.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>           
>>>> --
>>>>
>>>> David R Robison
>>>> Open Roads Consulting, Inc.
>>>> 103 Watson Road, Chesapeake, VA 23320
>>>> phone: (757) 546-3401
>>>> e-mail: drrobison@openroadsconsulting.com
>>>> web: http://openroadsconsulting.com
>>>> blog: http://therobe.blogspot.com
>>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>>
>>>> This e-mail communication (including any attachments) may contain
>>>> confidential and/or privileged material intended solely for the
>>>> individual
>>>> or entity to which it is addressed.  If you are not the intended
>>>> recipient,
>>>> you should immediately stop reading this message and delete it from all
>>>> computers that it resides on. Any unauthorized reading, distribution,
>>>> copying or other use of this communication (or its attachments) is
>>>> strictly
>>>> prohibited.  If you have received this communication in error, please
>>>> notify
>>>> us immediately.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>         
>>>
>>>       
>> --
>>
>> David R Robison
>> Open Roads Consulting, Inc.
>> 103 Watson Road, Chesapeake, VA 23320
>> phone: (757) 546-3401
>> e-mail: drrobison@openroadsconsulting.com
>> web: http://openroadsconsulting.com
>> blog: http://therobe.blogspot.com
>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>
>> This e-mail communication (including any attachments) may contain
>> confidential and/or privileged material intended solely for the individual
>> or entity to which it is addressed.  If you are not the intended recipient,
>> you should immediately stop reading this message and delete it from all
>> computers that it resides on. Any unauthorized reading, distribution,
>> copying or other use of this communication (or its attachments) is strictly
>> prohibited.  If you have received this communication in error, please notify
>> us immediately.
>>
>>
>>
>>
>>
>>     
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Pierre-Arnaud Marcelot <pa...@marcelot.net>]

Unfortunately, we have not extracted the makensis path to the user's
settings.xml file yet.
This is very bad... Moreover, a JIRA should be created for this.

So, for now, it's "hardcoded" in the the pom.xml file of the project (which
is very very bad...).

You might have to twek the location in the pom.xml to get it working on your
environment.

Regards,
Pierre-Arnaud

On Mon, Feb 23, 2009 at 3:28 PM, David R Robison <
drrobison@openroadsconsulting.com> wrote:

> Thanks, can you send me an example of how to configure the
> ~/.m2/settings.xml file to point to my makensis install? David
>
>
> Pierre-Arnaud Marcelot wrote:
>
>> Hi David,
>>
>> You'll need to install the NSIS compiler utility on your machine.
>>
>> You can find some information on these pages (they're not that complete,
>> nor
>> up-to-date though).
>>
>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Apache+DS+Installers+Documentation
>>
>> http://cwiki.apache.org/confluence/display/DIRxSBOX/Installing+NSIS+-+All+platforms
>>
>> Hope this helps,
>> Pierre-Arnaud
>>
>>
>> On Mon, Feb 23, 2009 at 3:02 PM, David R Robison <
>> drrobison@openroadsconsulting.com> wrote:
>>
>>
>>
>>> Is there a procedure for building the Windows Install EXE from the SVN
>>> sources? Thanks, David
>>>
>>> Emmanuel Lecharny wrote:
>>>
>>>
>>>
>>>> Is there a release date for 1.5.5 that will include the fix? David
>>>>
>>>>
>>>>>
>>>>>
>>>> Not yet. But you can build the server from trunk.
>>>>
>>>>
>>>>
>>>>
>>>>
>>> --
>>>
>>> David R Robison
>>> Open Roads Consulting, Inc.
>>> 103 Watson Road, Chesapeake, VA 23320
>>> phone: (757) 546-3401
>>> e-mail: drrobison@openroadsconsulting.com
>>> web: http://openroadsconsulting.com
>>> blog: http://therobe.blogspot.com
>>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>>
>>> This e-mail communication (including any attachments) may contain
>>> confidential and/or privileged material intended solely for the
>>> individual
>>> or entity to which it is addressed.  If you are not the intended
>>> recipient,
>>> you should immediately stop reading this message and delete it from all
>>> computers that it resides on. Any unauthorized reading, distribution,
>>> copying or other use of this communication (or its attachments) is
>>> strictly
>>> prohibited.  If you have received this communication in error, please
>>> notify
>>> us immediately.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: (757) 546-3401
> e-mail: drrobison@openroadsconsulting.com
> web: http://openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book: http://www.xulonpress.com/book_detail.php?id=2579
>
> This e-mail communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed.  If you are not the intended recipient,
> you should immediately stop reading this message and delete it from all
> computers that it resides on. Any unauthorized reading, distribution,
> copying or other use of this communication (or its attachments) is strictly
> prohibited.  If you have received this communication in error, please notify
> us immediately.
>
>
>
>
>

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Thanks, can you send me an example of how to configure the 
~/.m2/settings.xml file to point to my makensis install? David

Pierre-Arnaud Marcelot wrote:
> Hi David,
>
> You'll need to install the NSIS compiler utility on your machine.
>
> You can find some information on these pages (they're not that complete, nor
> up-to-date though).
> http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Apache+DS+Installers+Documentation
> http://cwiki.apache.org/confluence/display/DIRxSBOX/Installing+NSIS+-+All+platforms
>
> Hope this helps,
> Pierre-Arnaud
>
>
> On Mon, Feb 23, 2009 at 3:02 PM, David R Robison <
> drrobison@openroadsconsulting.com> wrote:
>
>   
>> Is there a procedure for building the Windows Install EXE from the SVN
>> sources? Thanks, David
>>
>> Emmanuel Lecharny wrote:
>>
>>     
>>> Is there a release date for 1.5.5 that will include the fix? David
>>>       
>>>>         
>>> Not yet. But you can build the server from trunk.
>>>
>>>
>>>
>>>       
>> --
>>
>> David R Robison
>> Open Roads Consulting, Inc.
>> 103 Watson Road, Chesapeake, VA 23320
>> phone: (757) 546-3401
>> e-mail: drrobison@openroadsconsulting.com
>> web: http://openroadsconsulting.com
>> blog: http://therobe.blogspot.com
>> book: http://www.xulonpress.com/book_detail.php?id=2579
>>
>> This e-mail communication (including any attachments) may contain
>> confidential and/or privileged material intended solely for the individual
>> or entity to which it is addressed.  If you are not the intended recipient,
>> you should immediately stop reading this message and delete it from all
>> computers that it resides on. Any unauthorized reading, distribution,
>> copying or other use of this communication (or its attachments) is strictly
>> prohibited.  If you have received this communication in error, please notify
>> us immediately.
>>
>>
>>
>>
>>
>>     
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Pierre-Arnaud Marcelot <pa...@marcelot.net>]

Hi David,

You'll need to install the NSIS compiler utility on your machine.

You can find some information on these pages (they're not that complete, nor
up-to-date though).
http://cwiki.apache.org/confluence/display/DIRxSBOX/Draft+-+Apache+DS+Installers+Documentation
http://cwiki.apache.org/confluence/display/DIRxSBOX/Installing+NSIS+-+All+platforms

Hope this helps,
Pierre-Arnaud


On Mon, Feb 23, 2009 at 3:02 PM, David R Robison <
drrobison@openroadsconsulting.com> wrote:

> Is there a procedure for building the Windows Install EXE from the SVN
> sources? Thanks, David
>
> Emmanuel Lecharny wrote:
>
>> Is there a release date for 1.5.5 that will include the fix? David
>>>
>>>
>>
>> Not yet. But you can build the server from trunk.
>>
>>
>>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: (757) 546-3401
> e-mail: drrobison@openroadsconsulting.com
> web: http://openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book: http://www.xulonpress.com/book_detail.php?id=2579
>
> This e-mail communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed.  If you are not the intended recipient,
> you should immediately stop reading this message and delete it from all
> computers that it resides on. Any unauthorized reading, distribution,
> copying or other use of this communication (or its attachments) is strictly
> prohibited.  If you have received this communication in error, please notify
> us immediately.
>
>
>
>
>

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Is there a procedure for building the Windows Install EXE from the SVN 
sources? Thanks, David

Emmanuel Lecharny wrote:
>> Is there a release date for 1.5.5 that will include the fix? David
>>     
>
> Not yet. But you can build the server from trunk.
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Emmanuel Lecharny <el...@apache.org>]

> Is there a release date for 1.5.5 that will include the fix? David

Not yet. But you can build the server from trunk.

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

Is there a release date for 1.5.5 that will include the fix? David

Emmanuel Lecharny wrote:
> On Fri, Feb 20, 2009 at 5:13 PM, David R Robison
> <dr...@openroadsconsulting.com> wrote:
>   
>> I'm trying to setup ApacheDS 1.5.4 as a Kerberos server with little success.
>>     
>
> Not a surprise :/
>
> 1.5.4 is a bit (!) broken when it comes to protocols other than LDAP.
> It has been fixed in trunk.
>
> Sorry for the burden !
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  



 

Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[Emmanuel Lecharny <el...@apache.org>]

On Fri, Feb 20, 2009 at 5:13 PM, David R Robison
<dr...@openroadsconsulting.com> wrote:
> I'm trying to setup ApacheDS 1.5.4 as a Kerberos server with little success.

Not a surprise :/

1.5.4 is a bit (!) broken when it comes to protocols other than LDAP.
It has been fixed in trunk.

Sorry for the burden !

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

Yiannis Mavroukakis wrote:
> Ah that sounds interesting..do I grab it out of the ServerEntry object 
> and feed it into another?
Well, if you have a look at the ChangeLog interceptor, you will see how 
to transform each operation to an equivalent  LDIF entry.

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Ah that sounds interesting..do I grab it out of the ServerEntry object 
and feed it into another?

Alex Karasulu wrote:
> Or just send over an LDIF string.
>
> On Thu, Feb 19, 2009 at 2:12 PM, Emmanuel Lecharny <el...@apache.org>wrote:
>
>   
>> Hi,
>>
>> On Thu, Feb 19, 2009 at 7:55 PM, Yiannis Mavroukakis
>> <im...@gameaccount.com> wrote:
>>     
>>> Hello all :-)
>>>
>>> This is off the back of my previous questions about clustering..
>>>
>>> I've managed to setup a poor man's cluster on our Jboss servers cluster
>>> using message queues. I can get messages passed to the JBoss instance but
>>> I'm having a few issues..
>>> I initially tried to send the entire AddOperationContext obect but I got
>>> defeated when it refused to serialize :)
>>> I then though I'd break it down to its constituent parts, stuff them in a
>>> map and send them off..that worked partially and I am unsure as to which
>>> structures
>>> I can use in order to be able to recreate the entry on the participating
>>> ldap clusters
>>>
>>> This is what I do at the moment
>>>
>>> Map<String , byte[ ]> attributes = new HashMap( );
>>> ServerEntry entry = addContext.getEntry( );
>>>       if( ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null ) )
>>>       {
>>>           for( AttributeType attr : entry.getAttributeTypes( ) )
>>>           {
>>>               EntryAttribute entryAttr = entry.get( attr );
>>>               if ( entryAttr.get( ).isBinary( ) )
>>>               {
>>>                   attributes.put( attr.getName( ) , entryAttr.getBytes( )
>>>       
>> );
>>     
>>>               }
>>>               else
>>>               {
>>>                   attributes.put( attr.getName( ) ,
>>> StringTools.getBytesUtf8( entryAttr.getString( ) ) );
>>>               }
>>>
>>>           }
>>> [send to cluster after this]
>>>
>>> Am I missing something? Do I need to add more/less to the Map?
>>>       
>> This is a bit overkilling. You can grab the netry into the
>> AddOperationContex (getEntry() and clone it. Then, you can remove the
>> password from it, and serialize it, as it's a serialiable class.
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel L�charny
>> www.iktek.com
>>
>>     
>
>   

Re: [ApacheDS] Poor man's cluster interceptor

[Alex Karasulu <ak...@gmail.com>]

Or just send over an LDIF string.

On Thu, Feb 19, 2009 at 2:12 PM, Emmanuel Lecharny <el...@apache.org>wrote:

> Hi,
>
> On Thu, Feb 19, 2009 at 7:55 PM, Yiannis Mavroukakis
> <im...@gameaccount.com> wrote:
> > Hello all :-)
> >
> > This is off the back of my previous questions about clustering..
> >
> > I've managed to setup a poor man's cluster on our Jboss servers cluster
> > using message queues. I can get messages passed to the JBoss instance but
> > I'm having a few issues..
> > I initially tried to send the entire AddOperationContext obect but I got
> > defeated when it refused to serialize :)
> > I then though I'd break it down to its constituent parts, stuff them in a
> > map and send them off..that worked partially and I am unsure as to which
> > structures
> > I can use in order to be able to recreate the entry on the participating
> > ldap clusters
> >
> > This is what I do at the moment
> >
> > Map<String , byte[ ]> attributes = new HashMap( );
> > ServerEntry entry = addContext.getEntry( );
> >       if( ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null ) )
> >       {
> >           for( AttributeType attr : entry.getAttributeTypes( ) )
> >           {
> >               EntryAttribute entryAttr = entry.get( attr );
> >               if ( entryAttr.get( ).isBinary( ) )
> >               {
> >                   attributes.put( attr.getName( ) , entryAttr.getBytes( )
> );
> >               }
> >               else
> >               {
> >                   attributes.put( attr.getName( ) ,
> > StringTools.getBytesUtf8( entryAttr.getString( ) ) );
> >               }
> >
> >           }
> > [send to cluster after this]
> >
> > Am I missing something? Do I need to add more/less to the Map?
>
>
> This is a bit overkilling. You can grab the netry into the
> AddOperationContex (getEntry() and clone it. Then, you can remove the
> password from it, and serialize it, as it's a serialiable class.
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hello again,

Little bit of background info before my question

2009-02-23 14:34:51,407 DEBUG 
[org.apache.directory.server.schema.registries.DefaultOidRegistry] 
looked up OID '1.3.6.1.4.1.1466.115.121.1.12' with id 'dn'
2009-02-23 14:34:51,407 DEBUG 
[org.apache.directory.server.schema.registries.DefaultOidRegistry] 
looked up OID '2.5.18.12' with id 'collectiveAttributeSubentries'
2009-02-23 14:34:51,407 DEBUG 
[org.apache.directory.server.schema.registries.DefaultAttributeTypeRegistry] 
lookup with id2.5.18.12' of attributeType: <2.5.18.12, 
collectiveAttributeSubentries>
2009-02-23 14:34:51,407 DEBUG 
[org.apache.directory.server.schema.registries.DefaultOidRegistry] 
looked up OID '2.5.4.0' with id 'objectClass'
2009-02-23 14:34:51,407 DEBUG 
[org.apache.directory.server.schema.registries.DefaultAttributeTypeRegistry] 
lookup with id2.5.4.0' of attributeType: <2.5.4.0, objectClass>

As i've mentioned in my previous posts, Jabber XCP seems to stick dn as 
an attribute in its search request. Now the question is, is it correct 
to implement

search( NextInterceptor next , SearchOperationContext opContext )

in order to remove DN?  I've tried to do something very very basic like

   public EntryFilteringCursor search( NextInterceptor next ,
            SearchOperationContext opContext ) throws Exception
    {
       EntryFilteringCursor cursor = next.search( opContext );

        Set<AttributeTypeOptions> returnAttributes = opContext
                .getReturningAttributes( );

        if( returnAttributes != null )
        {
            Set<AttributeTypeOptions> modifiedAttributes = new 
HashSet<AttributeTypeOptions>( );

            for( AttributeTypeOptions attributeTypeOptions : 
returnAttributes )
            {
                if( !attributeTypeOptions.hasOption( "1.1" ) )
                {
                    modifiedAttributes.add( attributeTypeOptions );
                }
            }
            opContext.setReturningAttributes( modifiedAttributes );
        }
        return cursor;
   }

But that doesn't seem to do the trick, as DS is still complaining about 
the existence of dn as an attribute in the search. Am I going along the 
right
path or is this all very very wrong ? :-)

Thank you!

Yiannis

Yiannis Mavroukakis wrote:
> I'll try it, although my understanding of how to do either one is poor 
> :-)
>
> Y.
>
> Emmanuel Lecharny wrote:
>> You can even write an interceptor which will remove the DN from the
>> returned attributes, and add it when the search is successfull (you
>> will have to add a Filter)
>>
>> I think it can be done in half an hour.
>>
>> Otherwise, I would rather implement RFC 5020, transform the DN to
>> entryDN in an interceptor, and back. That would be way better, but a
>> bit longer :)
>>
>> On Mon, Feb 23, 2009 at 12:21 PM, Yiannis Mavroukakis
>> <im...@gameaccount.com> wrote:
>>  
>>> I've looked around the config for Jabber XCP and it doesn't seem to 
>>> be a
>>> configurable attribute. Is it possible to use
>>> an interceptor, implement search( NextInterceptor next
>>> ,SearchOperationContext opContext ), and rewrite the attribute to be 
>>> 1.1
>>> instead of dn ?
>>>
>>> Thanks,
>>>
>>> Yiannis
>>>
>>> Emmanuel Lecharny wrote:
>>>    
>>>> More specifically, if you just want to get the DN of each entry
>>>> without any other attribute, just specify "1.1 " as requested
>>>> attributes.
>>>>
>>>> On Mon, Feb 23, 2009 at 11:16 AM, Emmanuel Lecharny
>>>> <el...@apache.org> wrote:
>>>>
>>>>      
>>>>> Hi,
>>>>>
>>>>> DN is not an attribute. You should not send a search request with it
>>>>> as a requested attribute. That's why you get this warning.
>>>>>
>>>>>
>>>>> -- 
>>>>> Regards,
>>>>> Cordialement,
>>>>> Emmanuel L�charny
>>>>> www.iktek.com
>>>>>
>>>>>
>>>>>         
>>>>
>>>>
>>>>       
>>
>>
>>
>>   

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

I'll try it, although my understanding of how to do either one is poor :-)

Y.

Emmanuel Lecharny wrote:
> You can even write an interceptor which will remove the DN from the
> returned attributes, and add it when the search is successfull (you
> will have to add a Filter)
>
> I think it can be done in half an hour.
>
> Otherwise, I would rather implement RFC 5020, transform the DN to
> entryDN in an interceptor, and back. That would be way better, but a
> bit longer :)
>
> On Mon, Feb 23, 2009 at 12:21 PM, Yiannis Mavroukakis
> <im...@gameaccount.com> wrote:
>   
>> I've looked around the config for Jabber XCP and it doesn't seem to be a
>> configurable attribute. Is it possible to use
>> an interceptor, implement search( NextInterceptor next
>> ,SearchOperationContext opContext ), and rewrite the attribute to be 1.1
>> instead of dn ?
>>
>> Thanks,
>>
>> Yiannis
>>
>> Emmanuel Lecharny wrote:
>>     
>>> More specifically, if you just want to get the DN of each entry
>>> without any other attribute, just specify "1.1 " as requested
>>> attributes.
>>>
>>> On Mon, Feb 23, 2009 at 11:16 AM, Emmanuel Lecharny
>>> <el...@apache.org> wrote:
>>>
>>>       
>>>> Hi,
>>>>
>>>> DN is not an attribute. You should not send a search request with it
>>>> as a requested attribute. That's why you get this warning.
>>>>
>>>>
>>>> --
>>>> Regards,
>>>> Cordialement,
>>>> Emmanuel L�charny
>>>> www.iktek.com
>>>>
>>>>
>>>>         
>>>
>>>
>>>       
>
>
>
>   

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

You can even write an interceptor which will remove the DN from the
returned attributes, and add it when the search is successfull (you
will have to add a Filter)

I think it can be done in half an hour.

Otherwise, I would rather implement RFC 5020, transform the DN to
entryDN in an interceptor, and back. That would be way better, but a
bit longer :)

On Mon, Feb 23, 2009 at 12:21 PM, Yiannis Mavroukakis
<im...@gameaccount.com> wrote:
> I've looked around the config for Jabber XCP and it doesn't seem to be a
> configurable attribute. Is it possible to use
> an interceptor, implement search( NextInterceptor next
> ,SearchOperationContext opContext ), and rewrite the attribute to be 1.1
> instead of dn ?
>
> Thanks,
>
> Yiannis
>
> Emmanuel Lecharny wrote:
>>
>> More specifically, if you just want to get the DN of each entry
>> without any other attribute, just specify "1.1 " as requested
>> attributes.
>>
>> On Mon, Feb 23, 2009 at 11:16 AM, Emmanuel Lecharny
>> <el...@apache.org> wrote:
>>
>>>
>>> Hi,
>>>
>>> DN is not an attribute. You should not send a search request with it
>>> as a requested attribute. That's why you get this warning.
>>>
>>>
>>> --
>>> Regards,
>>> Cordialement,
>>> Emmanuel L�charny
>>> www.iktek.com
>>>
>>>
>>
>>
>>
>>
>



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

I've looked around the config for Jabber XCP and it doesn't seem to be a 
configurable attribute. Is it possible to use
an interceptor, implement search( NextInterceptor next 
,SearchOperationContext opContext ), and rewrite the attribute to be 1.1 
instead of dn ?

Thanks,

Yiannis

Emmanuel Lecharny wrote:
> More specifically, if you just want to get the DN of each entry
> without any other attribute, just specify "1.1 " as requested
> attributes.
>
> On Mon, Feb 23, 2009 at 11:16 AM, Emmanuel Lecharny
> <el...@apache.org> wrote:
>   
>> Hi,
>>
>> DN is not an attribute. You should not send a search request with it
>> as a requested attribute. That's why you get this warning.
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel L�charny
>> www.iktek.com
>>
>>     
>
>
>
>   

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Ah I need to figure out how Jabber does this, it doesn't seem to be 
configurable..This used to work with OpenLDAP so it seems that OpenLDAP is
not standards compliant..(?)

Thank you,
Yiannis

Emmanuel Lecharny wrote:
> More specifically, if you just want to get the DN of each entry
> without any other attribute, just specify "1.1 " as requested
> attributes.
>
> On Mon, Feb 23, 2009 at 11:16 AM, Emmanuel Lecharny
> <el...@apache.org> wrote:
>   
>> Hi,
>>
>> DN is not an attribute. You should not send a search request with it
>> as a requested attribute. That's why you get this warning.
>>
>>
>> --
>> Regards,
>> Cordialement,
>> Emmanuel L�charny
>> www.iktek.com
>>
>>     
>
>
>
>   

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

More specifically, if you just want to get the DN of each entry
without any other attribute, just specify "1.1 " as requested
attributes.

On Mon, Feb 23, 2009 at 11:16 AM, Emmanuel Lecharny
<el...@apache.org> wrote:
> Hi,
>
> DN is not an attribute. You should not send a search request with it
> as a requested attribute. That's why you get this warning.
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

Hi,

DN is not an attribute. You should not send a search request with it
as a requested attribute. That's why you get this warning.


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

RFC 5020 is trying to fix this, adding a virtual entryDN attribute :
http://www.rfc-editor.org/rfc/rfc5020.txt

That's not a bad idea. However, I don't know whay using a DN in the
requetsed attributes should automatically lead to an error. Is there a
major problem forbiding a server to return a DN as if it were an
attribute, if specifically requested ?

On Mon, Feb 23, 2009 at 11:23 AM, ayyagarikiran <ay...@gmail.com> wrote:
> I believe the jabber server's LDAP setting is treating the 'dn' as a
> attribute name (e.x the attribute used for fetching the uid or group value
> ).
>
> btw, are you using openfire?
>
> Kiran Ayyagari
>
> Yiannis Mavroukakis wrote:
>>
>> Hello Emmanuel,
>>
>> I ended up using Ldiff Entry and it works like a charm! Now the issue is
>> with a jabber server I have connecting to ApacheDS. I am getting a lot of
>> this in the logs
>>
>> 10:04:12,027 WARN  [SearchingOperationContext] Requested attribute dn does
>> not exist in the schema, it will be ignored
>>
>> In response to this request from the Jabber server
>>
>> 2009-02-23 10:04:12,074 DEBUG
>> [org.apache.directory.shared.ldap.codec.TwixDecoder] Decoded LdapMessage :
>> LdapMessage
>>   message Id : 13
>>   Search Request
>>       Base Object : ''
>>       Scope : base object
>>       Deref Aliases : never Deref Aliases
>>       Size Limit : no limit
>>       Time Limit : no limit
>>       Types Only : true
>>       Filter : '(objectclass=*)'
>>       Attributes : dn
>>
>> I googled around for this but could not find a satisfactory answer, anyone
>> have any ideas?
>>
>> Thank you,
>> Yiannis
>>
>> Emmanuel Lecharny wrote:
>>>
>>> On Fri, Feb 20, 2009 at 5:04 PM, Yiannis Mavroukakis
>>> <im...@gameaccount.com> wrote:
>>>
>>>>
>>>> Hello Emmanuel,
>>>>
>>>> I tried the procedure you described (getEntry() ) but read/writeExternal
>>>> are
>>>> both setup to throw exceptions, and the messaging layer
>>>> I am using is using those methods to marshall and unmarshall the
>>>> objects. I
>>>> did see that DefaultServerEntry has serialize/deserialize methods
>>>> but because it's final, I cannot subclass it, and call these methods
>>>> from
>>>> within my subclass' read/writeExternal....
>>>>
>>>
>>> You have the ServerEntrySerializer class, which is way better as it
>>> serializes/deserializes the Entry the best possible way, using an
>>> internal serialization, instead of the default Java serialization.
>>>
>>> Give it a try.
>>>
>>> ( you can check the ServerEntrySerializerTest for an exemple on how to
>>> use it).
>>>
>>
>



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: PostgreSQL as backend

[Alex Karasulu <ak...@gmail.com>]

On Tue, Dec 1, 2009 at 8:30 AM, David R Robison <
drrobison@openroadsconsulting.com> wrote:

> Does Apache Directory Server support Virtual Directories?


Not yet but it can easily be altered in the code to do so.


> How would I expose my data through LDAP?


You can have a partition implemented to show your data in your db as a
branch in your DIT if you go with ApacheDS.  Just write the partition to
expose some hierarchy for your data after querying it and caching the db
data.

I can go into details if you like but we'd have to offline this conversation
since it's a bit more specific to your situation rather than mainstream to
this list.

Alex


> Thanks for the info. David
>
>
> Alex Karasulu wrote:
>
>> On Mon, Nov 30, 2009 at 10:56 PM, David R Robison <
>> drrobison@openroadsconsulting.com> wrote:
>>
>>
>>
>>> No, what are virtual directories? David
>>>
>>>
>>>
>>>
>> http://en.wikipedia.org/wiki/Virtual_directory
>>
>> Sounds to me like you want to take data that you already have in a
>> database
>> and present it as LDAP to complete your directory.  You may have put it
>> there for proximity/performance sake but still need to have it presented
>> via
>> LDAP.  A VD can help you do that.
>>
>> HTH,
>>
>>
>>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: (757) 546-3401
> e-mail: drrobison@openroadsconsulting.com
> web: http://openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book:
> http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
>
> This e-mail communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed.  If you are not the intended recipient,
> you should immediately stop reading this message and delete it from all
> computers that it resides on. Any unauthorized reading, distribution,
> copying or other use of this communication (or its attachments) is strictly
> prohibited.  If you have received this communication in error, please notify
> us immediately.
>



-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org

Re: PostgreSQL as backend

[David R Robison <dr...@openroadsconsulting.com>]

Does Apache Directory Server support Virtual Directories? How would I 
expose my data through LDAP? Thanks for the info. David

Alex Karasulu wrote:
> On Mon, Nov 30, 2009 at 10:56 PM, David R Robison <
> drrobison@openroadsconsulting.com> wrote:
>
>   
>> No, what are virtual directories? David
>>
>>
>>     
> http://en.wikipedia.org/wiki/Virtual_directory
>
> Sounds to me like you want to take data that you already have in a database
> and present it as LDAP to complete your directory.  You may have put it
> there for proximity/performance sake but still need to have it presented via
> LDAP.  A VD can help you do that.
>
> HTH,
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  

Re: PostgreSQL as backend

[Alex Karasulu <ak...@gmail.com>]

On Mon, Nov 30, 2009 at 10:56 PM, David R Robison <
drrobison@openroadsconsulting.com> wrote:

> No, what are virtual directories? David
>
>
http://en.wikipedia.org/wiki/Virtual_directory

Sounds to me like you want to take data that you already have in a database
and present it as LDAP to complete your directory.  You may have put it
there for proximity/performance sake but still need to have it presented via
LDAP.  A VD can help you do that.

HTH,

-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org

Re: PostgreSQL as backend

[David R Robison <dr...@openroadsconsulting.com>]

No, what are virtual directories? David

Alex Karasulu wrote:
> You ever look into virtual directories?
>
> Alex
>
> On Mon, Nov 30, 2009 at 9:41 PM, David R Robison <
> drrobison@openroadsconsulting.com> wrote:
>
>   
>> Thanks. Speaking of performance, we have records in our PostgreSQL database
>> that references contacts in our LDAP. We want to do LFAP lookups as part of
>> our database SQL calls. To do this we use a Perl lookup function but for
>> large queries it is quite slow. If the records were already in a PostgreSQL
>> database then we should be able to make better benefit of internal indexes
>> and keys. Thanks again. David
>>
>> Emmanuel Lecharny wrote:
>>
>>     
>>> Hi,
>>>
>>> On Mon, Nov 30, 2009 at 11:06 PM, David R Robison
>>> <dr...@openroadsconsulting.com> wrote:
>>>
>>>
>>>       
>>>> Is it possible (or are there plans) to use PostgreSQL as a backend
>>>> database
>>>> for Apache Directory Server? Thanks, David
>>>>
>>>>
>>>>         
>>> Most certainly. We have an oracle backend being written by Andrea (see
>>> the dev. ML on archives), it should be possible with some little
>>> effort to port the code to Postgresql. We just need someone who has
>>> time to do that.
>>>
>>> Note that I'm afraid the performance will be quite low...
>>>
>>>
>>>
>>>       
>> --
>>
>> David R Robison
>> Open Roads Consulting, Inc.
>> 103 Watson Road, Chesapeake, VA 23320
>> phone: (757) 546-3401
>> e-mail: drrobison@openroadsconsulting.com
>> web: http://openroadsconsulting.com
>> blog: http://therobe.blogspot.com
>> book:
>> http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
>>
>> This e-mail communication (including any attachments) may contain
>> confidential and/or privileged material intended solely for the individual
>> or entity to which it is addressed.  If you are not the intended recipient,
>> you should immediately stop reading this message and delete it from all
>> computers that it resides on. Any unauthorized reading, distribution,
>> copying or other use of this communication (or its attachments) is strictly
>> prohibited.  If you have received this communication in error, please notify
>> us immediately.
>>
>>     
>
>
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  

Re: PostgreSQL as backend

[Alex Karasulu <ak...@gmail.com>]

You ever look into virtual directories?

Alex

On Mon, Nov 30, 2009 at 9:41 PM, David R Robison <
drrobison@openroadsconsulting.com> wrote:

> Thanks. Speaking of performance, we have records in our PostgreSQL database
> that references contacts in our LDAP. We want to do LFAP lookups as part of
> our database SQL calls. To do this we use a Perl lookup function but for
> large queries it is quite slow. If the records were already in a PostgreSQL
> database then we should be able to make better benefit of internal indexes
> and keys. Thanks again. David
>
> Emmanuel Lecharny wrote:
>
>> Hi,
>>
>> On Mon, Nov 30, 2009 at 11:06 PM, David R Robison
>> <dr...@openroadsconsulting.com> wrote:
>>
>>
>>> Is it possible (or are there plans) to use PostgreSQL as a backend
>>> database
>>> for Apache Directory Server? Thanks, David
>>>
>>>
>>
>> Most certainly. We have an oracle backend being written by Andrea (see
>> the dev. ML on archives), it should be possible with some little
>> effort to port the code to Postgresql. We just need someone who has
>> time to do that.
>>
>> Note that I'm afraid the performance will be quite low...
>>
>>
>>
>
> --
>
> David R Robison
> Open Roads Consulting, Inc.
> 103 Watson Road, Chesapeake, VA 23320
> phone: (757) 546-3401
> e-mail: drrobison@openroadsconsulting.com
> web: http://openroadsconsulting.com
> blog: http://therobe.blogspot.com
> book:
> http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526
>
> This e-mail communication (including any attachments) may contain
> confidential and/or privileged material intended solely for the individual
> or entity to which it is addressed.  If you are not the intended recipient,
> you should immediately stop reading this message and delete it from all
> computers that it resides on. Any unauthorized reading, distribution,
> copying or other use of this communication (or its attachments) is strictly
> prohibited.  If you have received this communication in error, please notify
> us immediately.
>



-- 
Alex Karasulu
My Blog :: http://www.jroller.com/akarasulu/
Apache Directory Server :: http://directory.apache.org
Apache MINA :: http://mina.apache.org

Re: PostgreSQL as backend

[David R Robison <dr...@openroadsconsulting.com>]

Thanks. Speaking of performance, we have records in our PostgreSQL 
database that references contacts in our LDAP. We want to do LFAP 
lookups as part of our database SQL calls. To do this we use a Perl 
lookup function but for large queries it is quite slow. If the records 
were already in a PostgreSQL database then we should be able to make 
better benefit of internal indexes and keys. Thanks again. David

Emmanuel Lecharny wrote:
> Hi,
>
> On Mon, Nov 30, 2009 at 11:06 PM, David R Robison
> <dr...@openroadsconsulting.com> wrote:
>   
>> Is it possible (or are there plans) to use PostgreSQL as a backend database
>> for Apache Directory Server? Thanks, David
>>     
>
> Most certainly. We have an oracle backend being written by Andrea (see
> the dev. ML on archives), it should be possible with some little
> effort to port the code to Postgresql. We just need someone who has
> time to do that.
>
> Note that I'm afraid the performance will be quite low...
>
>   

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526

This e-mail communication (including any attachments) may contain confidential and/or privileged material intended solely for the individual or entity to which it is addressed.  If you are not the intended recipient, you should immediately stop reading this message and delete it from all computers that it resides on. Any unauthorized reading, distribution, copying or other use of this communication (or its attachments) is strictly prohibited.  If you have received this communication in error, please notify us immediately.  

Re: PostgreSQL as backend

[Emmanuel Lecharny <el...@apache.org>]

Hi,

On Mon, Nov 30, 2009 at 11:06 PM, David R Robison
<dr...@openroadsconsulting.com> wrote:
> Is it possible (or are there plans) to use PostgreSQL as a backend database
> for Apache Directory Server? Thanks, David

Most certainly. We have an oracle backend being written by Andrea (see
the dev. ML on archives), it should be possible with some little
effort to port the code to Postgresql. We just need someone who has
time to do that.

Note that I'm afraid the performance will be quite low...

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hey Kiran,

Using Jabber XCP 5.2

Y.

ayyagarikiran wrote:
> I believe the jabber server's LDAP setting is treating the 'dn' as a 
> attribute name (e.x the attribute used for fetching the uid or group 
> value ).
>
> btw, are you using openfire?
>
> Kiran Ayyagari
>
> Yiannis Mavroukakis wrote:
>> Hello Emmanuel,
>>
>> I ended up using Ldiff Entry and it works like a charm! Now the issue 
>> is with a jabber server I have connecting to ApacheDS. I am getting a 
>> lot of this in the logs
>>
>> 10:04:12,027 WARN  [SearchingOperationContext] Requested attribute dn 
>> does not exist in the schema, it will be ignored
>>
>> In response to this request from the Jabber server
>>
>> 2009-02-23 10:04:12,074 DEBUG 
>> [org.apache.directory.shared.ldap.codec.TwixDecoder] Decoded 
>> LdapMessage : LdapMessage
>>    message Id : 13
>>    Search Request
>>        Base Object : ''
>>        Scope : base object
>>        Deref Aliases : never Deref Aliases
>>        Size Limit : no limit
>>        Time Limit : no limit
>>        Types Only : true
>>        Filter : '(objectclass=*)'
>>        Attributes : dn
>>
>> I googled around for this but could not find a satisfactory answer, 
>> anyone have any ideas?
>>
>> Thank you,
>> Yiannis
>>
>> Emmanuel Lecharny wrote:
>>> On Fri, Feb 20, 2009 at 5:04 PM, Yiannis Mavroukakis
>>> <im...@gameaccount.com> wrote:
>>>  
>>>> Hello Emmanuel,
>>>>
>>>> I tried the procedure you described (getEntry() ) but 
>>>> read/writeExternal are
>>>> both setup to throw exceptions, and the messaging layer
>>>> I am using is using those methods to marshall and unmarshall the 
>>>> objects. I
>>>> did see that DefaultServerEntry has serialize/deserialize methods
>>>> but because it's final, I cannot subclass it, and call these 
>>>> methods from
>>>> within my subclass' read/writeExternal....
>>>>     
>>>
>>> You have the ServerEntrySerializer class, which is way better as it
>>> serializes/deserializes the Entry the best possible way, using an
>>> internal serialization, instead of the default Java serialization.
>>>
>>> Give it a try.
>>>
>>> ( you can check the ServerEntrySerializerTest for an exemple on how 
>>> to use it).
>>>   
>>

Re: [ApacheDS] Poor man's cluster interceptor

[ayyagarikiran <ay...@gmail.com>]

I believe the jabber server's LDAP setting is treating the 'dn' as a attribute name (e.x the attribute used for fetching 
the uid or group value ).

btw, are you using openfire?

Kiran Ayyagari

Yiannis Mavroukakis wrote:
> Hello Emmanuel,
> 
> I ended up using Ldiff Entry and it works like a charm! Now the issue is 
> with a jabber server I have connecting to ApacheDS. I am getting a lot 
> of this in the logs
> 
> 10:04:12,027 WARN  [SearchingOperationContext] Requested attribute dn 
> does not exist in the schema, it will be ignored
> 
> In response to this request from the Jabber server
> 
> 2009-02-23 10:04:12,074 DEBUG 
> [org.apache.directory.shared.ldap.codec.TwixDecoder] Decoded LdapMessage 
> : LdapMessage
>    message Id : 13
>    Search Request
>        Base Object : ''
>        Scope : base object
>        Deref Aliases : never Deref Aliases
>        Size Limit : no limit
>        Time Limit : no limit
>        Types Only : true
>        Filter : '(objectclass=*)'
>        Attributes : dn
> 
> I googled around for this but could not find a satisfactory answer, 
> anyone have any ideas?
> 
> Thank you,
> Yiannis
> 
> Emmanuel Lecharny wrote:
>> On Fri, Feb 20, 2009 at 5:04 PM, Yiannis Mavroukakis
>> <im...@gameaccount.com> wrote:
>>  
>>> Hello Emmanuel,
>>>
>>> I tried the procedure you described (getEntry() ) but 
>>> read/writeExternal are
>>> both setup to throw exceptions, and the messaging layer
>>> I am using is using those methods to marshall and unmarshall the 
>>> objects. I
>>> did see that DefaultServerEntry has serialize/deserialize methods
>>> but because it's final, I cannot subclass it, and call these methods 
>>> from
>>> within my subclass' read/writeExternal....
>>>     
>>
>> You have the ServerEntrySerializer class, which is way better as it
>> serializes/deserializes the Entry the best possible way, using an
>> internal serialization, instead of the default Java serialization.
>>
>> Give it a try.
>>
>> ( you can check the ServerEntrySerializerTest for an exemple on how to 
>> use it).
>>   
> 

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hello Emmanuel,

I ended up using Ldiff Entry and it works like a charm! Now the issue is 
with a jabber server I have connecting to ApacheDS. I am getting a lot 
of this in the logs

10:04:12,027 WARN  [SearchingOperationContext] Requested attribute dn 
does not exist in the schema, it will be ignored

In response to this request from the Jabber server

2009-02-23 10:04:12,074 DEBUG 
[org.apache.directory.shared.ldap.codec.TwixDecoder] Decoded LdapMessage 
: LdapMessage
    message Id : 13
    Search Request
        Base Object : ''
        Scope : base object
        Deref Aliases : never Deref Aliases
        Size Limit : no limit
        Time Limit : no limit
        Types Only : true
        Filter : '(objectclass=*)'
        Attributes : dn

I googled around for this but could not find a satisfactory answer, 
anyone have any ideas?

Thank you,
Yiannis

Emmanuel Lecharny wrote:
> On Fri, Feb 20, 2009 at 5:04 PM, Yiannis Mavroukakis
> <im...@gameaccount.com> wrote:
>   
>> Hello Emmanuel,
>>
>> I tried the procedure you described (getEntry() ) but read/writeExternal are
>> both setup to throw exceptions, and the messaging layer
>> I am using is using those methods to marshall and unmarshall the objects. I
>> did see that DefaultServerEntry has serialize/deserialize methods
>> but because it's final, I cannot subclass it, and call these methods from
>> within my subclass' read/writeExternal....
>>     
>
> You have the ServerEntrySerializer class, which is way better as it
> serializes/deserializes the Entry the best possible way, using an
> internal serialization, instead of the default Java serialization.
>
> Give it a try.
>
> ( you can check the ServerEntrySerializerTest for an exemple on how to use it).
>   

PostgreSQL as backend

[David R Robison <dr...@openroadsconsulting.com>]

Is it possible (or are there plans) to use PostgreSQL as a backend 
database for Apache Directory Server? Thanks, David

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/bookstore/bookdetail.php?PB_ISBN=9781597816526

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

On Fri, Feb 20, 2009 at 5:04 PM, Yiannis Mavroukakis
<im...@gameaccount.com> wrote:
> Hello Emmanuel,
>
> I tried the procedure you described (getEntry() ) but read/writeExternal are
> both setup to throw exceptions, and the messaging layer
> I am using is using those methods to marshall and unmarshall the objects. I
> did see that DefaultServerEntry has serialize/deserialize methods
> but because it's final, I cannot subclass it, and call these methods from
> within my subclass' read/writeExternal....

You have the ServerEntrySerializer class, which is way better as it
serializes/deserializes the Entry the best possible way, using an
internal serialization, instead of the default Java serialization.

Give it a try.

( you can check the ServerEntrySerializerTest for an exemple on how to use it).
-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Problems setting up ApacheDS 1.5.4 as a Kerberos Server

[David R Robison <dr...@openroadsconsulting.com>]

I'm trying to setup ApacheDS 1.5.4 as a Kerberos server with little success.

In the server.xml file, I have uncommented the following lines and 
changed the ip port to 88:
  <kdcServer ipPort="88">
    <directoryService>#directoryService</directoryService>
    <datagramAcceptor>#datagramAcceptor</datagramAcceptor>
    <socketAcceptor>#socketAcceptor</socketAcceptor>
  </kdcServer>

I then added the following entries into the ldap:
dn: uid=krbtgt,ou=users,dc=orci,dc=com
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: krb5Principal
objectclass: krb5KDCEntry
objectclass: top
cn: KDC Service
sn: Service
uid: krbtgt
userpassword: randomKey
krb5KeyVersionNumber: 1
krb5PrincipalName: krbtgt/ORCI.COM@ORCI.COM

When I start the ApacheDS server, I then run a "netstat -ano" to look 
for port 88, but it is no where to be found. I also do not see any error 
messages displayed in the ApacheDS log file. Am I missing something?
Thanks, David

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579



 

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hello Emmanuel,

I tried the procedure you described (getEntry() ) but read/writeExternal 
are both setup to throw exceptions, and the messaging layer
I am using is using those methods to marshall and unmarshall the 
objects. I did see that DefaultServerEntry has serialize/deserialize methods
but because it's final, I cannot subclass it, and call these methods 
from within my subclass' read/writeExternal....

Thank you,

Yiannis.


Emmanuel Lecharny wrote:
> Yiannis Mavroukakis wrote:
>> Hmm I like this option too :-) , Merci Emmanuel, thank you Alex, I'll 
>> try out both and see which one fits me better!
>
> Do not hesitate to give us some feedback, as we will have to store 
> changes as LDIF into a journal for a disaster recovery system.
>

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

Yiannis Mavroukakis wrote:
> Hmm I like this option too :-) , Merci Emmanuel, thank you Alex, I'll 
> try out both and see which one fits me better!

Do not hesitate to give us some feedback, as we will have to store 
changes as LDIF into a journal for a disaster recovery system.

-- 
--
cordialement, regards,
Emmanuel Lécharny
www.iktek.com
directory.apache.org

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hmm I like this option too :-) , Merci Emmanuel, thank you Alex, I'll 
try out both and see which one fits me better!

Y.

Emmanuel Lecharny wrote:
> Hi,
>
> On Thu, Feb 19, 2009 at 7:55 PM, Yiannis Mavroukakis
> <im...@gameaccount.com> wrote:
>   
>> Hello all :-)
>>
>> This is off the back of my previous questions about clustering..
>>
>> I've managed to setup a poor man's cluster on our Jboss servers cluster
>> using message queues. I can get messages passed to the JBoss instance but
>> I'm having a few issues..
>> I initially tried to send the entire AddOperationContext obect but I got
>> defeated when it refused to serialize :)
>> I then though I'd break it down to its constituent parts, stuff them in a
>> map and send them off..that worked partially and I am unsure as to which
>> structures
>> I can use in order to be able to recreate the entry on the participating
>> ldap clusters
>>
>> This is what I do at the moment
>>
>> Map<String , byte[ ]> attributes = new HashMap( );
>> ServerEntry entry = addContext.getEntry( );
>>       if( ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null ) )
>>       {
>>           for( AttributeType attr : entry.getAttributeTypes( ) )
>>           {
>>               EntryAttribute entryAttr = entry.get( attr );
>>               if ( entryAttr.get( ).isBinary( ) )
>>               {
>>                   attributes.put( attr.getName( ) , entryAttr.getBytes( ) );
>>               }
>>               else
>>               {
>>                   attributes.put( attr.getName( ) ,
>> StringTools.getBytesUtf8( entryAttr.getString( ) ) );
>>               }
>>
>>           }
>> [send to cluster after this]
>>
>> Am I missing something? Do I need to add more/less to the Map?
>>     
>
>
> This is a bit overkilling. You can grab the netry into the
> AddOperationContex (getEntry() and clone it. Then, you can remove the
> password from it, and serialize it, as it's a serialiable class.
>
>   

Re: [ApacheDS] Poor man's cluster interceptor

[Emmanuel Lecharny <el...@apache.org>]

Hi,

On Thu, Feb 19, 2009 at 7:55 PM, Yiannis Mavroukakis
<im...@gameaccount.com> wrote:
> Hello all :-)
>
> This is off the back of my previous questions about clustering..
>
> I've managed to setup a poor man's cluster on our Jboss servers cluster
> using message queues. I can get messages passed to the JBoss instance but
> I'm having a few issues..
> I initially tried to send the entire AddOperationContext obect but I got
> defeated when it refused to serialize :)
> I then though I'd break it down to its constituent parts, stuff them in a
> map and send them off..that worked partially and I am unsure as to which
> structures
> I can use in order to be able to recreate the entry on the participating
> ldap clusters
>
> This is what I do at the moment
>
> Map<String , byte[ ]> attributes = new HashMap( );
> ServerEntry entry = addContext.getEntry( );
>       if( ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null ) )
>       {
>           for( AttributeType attr : entry.getAttributeTypes( ) )
>           {
>               EntryAttribute entryAttr = entry.get( attr );
>               if ( entryAttr.get( ).isBinary( ) )
>               {
>                   attributes.put( attr.getName( ) , entryAttr.getBytes( ) );
>               }
>               else
>               {
>                   attributes.put( attr.getName( ) ,
> StringTools.getBytesUtf8( entryAttr.getString( ) ) );
>               }
>
>           }
> [send to cluster after this]
>
> Am I missing something? Do I need to add more/less to the Map?


This is a bit overkilling. You can grab the netry into the
AddOperationContex (getEntry() and clone it. Then, you can remove the
password from it, and serialize it, as it's a serialiable class.

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Poor man's cluster interceptor

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hello all :-)

This is off the back of my previous questions about clustering..

I've managed to setup a poor man's cluster on our Jboss servers cluster 
using message queues. I can get messages passed to the JBoss instance but
I'm having a few issues..
I initially tried to send the entire AddOperationContext obect but I got 
defeated when it refused to serialize :)
I then though I'd break it down to its constituent parts, stuff them in 
a map and send them off..that worked partially and I am unsure as to 
which structures
I can use in order to be able to recreate the entry on the participating 
ldap clusters

This is what I do at the moment

 Map<String , byte[ ]> attributes = new HashMap( );
ServerEntry entry = addContext.getEntry( );
        if( ( entry.get( SchemaConstants.USER_PASSWORD_AT ) != null ) )
        {
            for( AttributeType attr : entry.getAttributeTypes( ) )
            {
                EntryAttribute entryAttr = entry.get( attr );
                if ( entryAttr.get( ).isBinary( ) )
                {
                    attributes.put( attr.getName( ) , 
entryAttr.getBytes( ) );
                }
                else
                {
                    attributes.put( attr.getName( ) , 
StringTools.getBytesUtf8( entryAttr.getString( ) ) );
                }

            }
[send to cluster after this]

Am I missing something? Do I need to add more/less to the Map?

Thank you!
Yiannis Mavroukakis wrote:
> That should be ok for our purposes for the time being, as the JBoss 
> servers will only query their localhost and not any other
> server in the cluster (this is done only for redundancy).
>
> Y.
>
> Emmanuel Lecharny wrote:
>>> Hehe not *entirely* manually, I meant that I have to replicate
>>> add/delete/modify through the DS instances in the cluster via
>>> message queues...
>>>     
>>
>> This is exactly what the replication does. But replication is not only
>> about sending changes to other servers, it's also to manage conflict
>> if you are managing multi-master replication. this is where it's start
>> to be complex ...
>>
>>   

Re: [ApacheDS] Mitosis

[Yiannis Mavroukakis <im...@gameaccount.com>]

That should be ok for our purposes for the time being, as the JBoss 
servers will only query their localhost and not any other
server in the cluster (this is done only for redundancy).

Y.

Emmanuel Lecharny wrote:
>> Hehe not *entirely* manually, I meant that I have to replicate
>> add/delete/modify through the DS instances in the cluster via
>> message queues...
>>     
>
> This is exactly what the replication does. But replication is not only
> about sending changes to other servers, it's also to manage conflict
> if you are managing multi-master replication. this is where it's start
> to be complex ...
>
>   

Re: [ApacheDS] Mitosis

[Emmanuel Lecharny <el...@apache.org>]

> Hehe not *entirely* manually, I meant that I have to replicate
> add/delete/modify through the DS instances in the cluster via
> message queues...

This is exactly what the replication does. But replication is not only
about sending changes to other servers, it's also to manage conflict
if you are managing multi-master replication. this is where it's start
to be complex ...

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Mitosis

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hehe not *entirely* manually, I meant that I have to replicate 
add/delete/modify through the DS instances in the cluster via
message queues...It won't be pretty but it should work..The idea is that 
we will have LDAP redundancy as apacheDS will be embedded
into our 7 JBoss app servers which are clustered.

Y.

Emmanuel Lecharny wrote:
>> That's actually a huge shame (I'm using the 1.5.5 snapshots). It's going to
>> be very difficult for me to justify ApacheDS in our project,
>> as it will be embedded in a server cluster, so replication is fairly
>> critical, and it looks like we will have to do manually...(eeeeek)
>>     
>
> Don't even think about doing it manually ! It's way to complex. We are
> currently implementing RFC 4533 in order to get replication working.
> It will work the same way OpenLDAP syncrepl does, and we also hope
> that ADS will be able to replicate with OpenLDAP. Currently we have
> the controls implemented, the server to server communication is being
> implemented atm, and we will have to do the conflict resolution then.
>
> I don't know exactly how long it will take, but the target is to have
> it done asap.Nothing is more urgent than this feature for us !
>
>   

Re: [ApacheDS] Mitosis

[Emmanuel Lecharny <el...@apache.org>]

> That's actually a huge shame (I'm using the 1.5.5 snapshots). It's going to
> be very difficult for me to justify ApacheDS in our project,
> as it will be embedded in a server cluster, so replication is fairly
> critical, and it looks like we will have to do manually...(eeeeek)

Don't even think about doing it manually ! It's way to complex. We are
currently implementing RFC 4533 in order to get replication working.
It will work the same way OpenLDAP syncrepl does, and we also hope
that ADS will be able to replicate with OpenLDAP. Currently we have
the controls implemented, the server to server communication is being
implemented atm, and we will have to do the conflict resolution then.

I don't know exactly how long it will take, but the target is to have
it done asap.Nothing is more urgent than this feature for us !

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Mitosis

[Yiannis Mavroukakis <im...@gameaccount.com>]

That's actually a huge shame (I'm using the 1.5.5 snapshots). It's going 
to be very difficult for me to justify ApacheDS in our project,
as it will be embedded in a server cluster, so replication is fairly 
critical, and it looks like we will have to do manually...(eeeeek)

Y.

Emmanuel Lecharny wrote:
> On Thu, Feb 12, 2009 at 12:55 PM, Yiannis Mavroukakis
> <im...@gameaccount.com> wrote:
>   
>> Ah shame! Then I suppose my question is, is it functional although not
>> production ready ?:-) I'm willing to take the risk :-)
>>     
>
> Not even working in 1.5.4 ... Really a shame. It was working on 1.5.1,
> but we slowly but surely broke it while doing a lot of small
> modifications. It was not intended, but at some point in the process,
> we disabled the Mitosis tests because they were temporarely broken,
> but forgot to enable tehm back, so after a few months and a couple of
> release, we just thought that Mitosis tests were OK, when they were
> simply disabled.
>
> And now, we are trying to fix the whole bunch, and it takes time, as
> in the mean time we switched to MINA 2.0 and such other big
> modifications...
>
> Really, shame shame shame !
>
>   

Re: [ApacheDS] Mitosis

[Emmanuel Lecharny <el...@apache.org>]

On Thu, Feb 12, 2009 at 12:55 PM, Yiannis Mavroukakis
<im...@gameaccount.com> wrote:
> Ah shame! Then I suppose my question is, is it functional although not
> production ready ?:-) I'm willing to take the risk :-)

Not even working in 1.5.4 ... Really a shame. It was working on 1.5.1,
but we slowly but surely broke it while doing a lot of small
modifications. It was not intended, but at some point in the process,
we disabled the Mitosis tests because they were temporarely broken,
but forgot to enable tehm back, so after a few months and a couple of
release, we just thought that Mitosis tests were OK, when they were
simply disabled.

And now, we are trying to fix the whole bunch, and it takes time, as
in the mean time we switched to MINA 2.0 and such other big
modifications...

Really, shame shame shame !

>
-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Mitosis

[Yiannis Mavroukakis <im...@gameaccount.com>]

Ah shame! Then I suppose my question is, is it functional although not 
production ready ?:-) I'm willing to take the risk :-)

Emmanuel Lecharny wrote:
>> Thanks everyone that worked like a charm..got a quick one about Mitosis, I
>> will need replication facilities, is it considered production ready?
>>     
>
> Nope :/ We are currently working on it actively, as we badly need it
> to work asap. Keep tunned !
>
>   

Re: [ApacheDS] Mitosis

[Emmanuel Lecharny <el...@apache.org>]

> Thanks everyone that worked like a charm..got a quick one about Mitosis, I
> will need replication facilities, is it considered production ready?

Nope :/ We are currently working on it actively, as we badly need it
to work asap. Keep tunned !

-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Mitosis

[Yiannis Mavroukakis <im...@gameaccount.com>]

Thanks everyone that worked like a charm..got a quick one about Mitosis, 
I will need replication facilities, is it considered production ready?

Alex Karasulu wrote:
> On Wed, Feb 11, 2009 at 11:31 AM, Yiannis Mavroukakis <
> imavroukakis@gameaccount.com> wrote:
>
>   
>> Alex,
>>
>> I am such a fool :-)
>>     
>
>
> Oh no - just a simple oversight.
>
>
>   
>> Your email came in just as I was about to post that I had the schema
>> disabled in the pom..<knocks head>
>> It went a lot further now, but it's complaining that the 'c' attribute is
>> not declared..isn't this a core schema attribute??
>>
>> Attribute c not declared in objectClasses of entry
>> cn=imavroukakis,ou=Player,dc=gameaccount,dc=com]; remaining name
>> 'cn=imavroukakis'
>>
>>     
>

Re: [ApacheDS] Problems adding an entry using a custom schema

[Alex Karasulu <ak...@gmail.com>]

On Wed, Feb 11, 2009 at 11:31 AM, Yiannis Mavroukakis <
imavroukakis@gameaccount.com> wrote:

> Alex,
>
> I am such a fool :-)


Oh no - just a simple oversight.


> Your email came in just as I was about to post that I had the schema
> disabled in the pom..<knocks head>
> It went a lot further now, but it's complaining that the 'c' attribute is
> not declared..isn't this a core schema attribute??
>
> Attribute c not declared in objectClasses of entry
> cn=imavroukakis,ou=Player,dc=gameaccount,dc=com]; remaining name
> 'cn=imavroukakis'
>

As Stefan may have clarified you must add the country attribute to your
objectClass for this entry. Note the error message above stating exactly
this case. Just add the attribute to your definition.

Cheers,
Alex


>
> Alex Karasulu wrote:
>
>> Is your gameaccount schema enabled?  Just check if there's a m-disabled
>> attribute set to TRUE.  You can just remove that attribute or set it to
>> false.
>>
>> Alex
>>
>> On Wed, Feb 11, 2009 at 10:44 AM, Yiannis Mavroukakis <
>> imavroukakis@gameaccount.com> wrote:
>>
>>
>>
>>> Hi everyone!
>>>
>>> I've managed to embed ApacheDS into our JBoss app server, it lanuches
>>> fine
>>> and waits for connections. The problem I have now is that when I try to
>>> add
>>> a user to
>>> our context it blows up. Before it does that though, I have the following
>>> lines in our log:
>>>
>>> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayertokenid'
>>> cannot be stored
>>> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayerid' cannot
>>> be stored
>>> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gabasecurrency'
>>> cannot be stored
>>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerref'
>>> cannot
>>> be stored
>>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gacomment' cannot
>>> be
>>> stored
>>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gasessionwebkey'
>>> cannot be stored
>>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerwebkey'
>>> cannot be stored
>>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gaplayerguid'
>>> cannot
>>> be stored
>>>
>>> And the main exception is:
>>>
>>> javax.naming.NamingException: [LDAP: error code 54 - LOOP_DETECT: failed
>>> for     Add Request :
>>> ClientEntry
>>>  dn: cn=imavroukakis,ou=Player,dc=gameaccount,dc=com
>>>  objectClass: top
>>>  objectClass: gaPlayer
>>>  postalCode: E12345
>>>  mail: i.mavroukakis@btinternet.com
>>>  sn: orvaMsikaku
>>>  ou: Player
>>>  c: GR
>>>  givenname: aoIsinn
>>>  o: gameaccount
>>>  gaPlayerTokenId: AB9C2965-8A84-40B5-B14B-0E0E991A001E
>>>  l: London
>>>  gaPlayerId: 482101
>>>  userPassword: ''
>>>  postalAddress: 43 Somewhare Point, 1 Some Place
>>>  gaBaseCurrency: GBP
>>>  cn: imavroukakis
>>>  gaPartnerRef: 192489DA
>>>  st: N/A
>>>  gaComment: partner 192489DA playerId 482101
>>>  gaSessionWebKey: gameAccount
>>>  gaPartnerWebKey: gameAccount
>>>  gaPlayerGuid: 6352FC09-1EDC-4043-AD29-F0CD74055587
>>> : objectClass w/ OID 1.3.6.1.4.1.99999.1.2.1 not registered!]; remaining
>>> name 'cn=imavroukakis'
>>>  at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3022)
>>>  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
>>>  at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
>>>  at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:774)
>>>  at
>>>
>>> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
>>>  at
>>>
>>> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
>>>  at com.ga.ldap.Ldap.updatePlayer(Ldap.java:299)
>>>  at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>  at
>>>
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>  at
>>>
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>  at java.lang.reflect.Method.invoke(Method.java:597)
>>>  at
>>>
>>> org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
>>>  at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
>>>  at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
>>>  at
>>>
>>> org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
>>>  at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
>>>  at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
>>>  at $Proxy166.updatePlayer(Unknown Source)
>>>  at com.ga.ldap.LdapUpdater.processMessage(LdapUpdater.java:71)
>>>  at com.ga.ldap.LdapUpdater.consumeMessage(LdapUpdater.java:58)
>>>  at
>>>
>>> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.consumeMessage$0(ThreadPoolConsumerImpl.java:37)
>>>  at
>>>
>>> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.access$000(ThreadPoolConsumerImpl.java:24)
>>>  at
>>>
>>> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl$0r.run(ThreadPoolConsumerImpl.java:39)
>>>  at
>>>
>>> uk.org.retep.util.thread.ExecutorFactory$RunnableWrapper.run(ExecutorFactory.java:203)
>>>  at
>>>
>>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
>>>  at
>>>
>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
>>>  at java.lang.Thread.run(Thread.java:619)
>>>
>>> However if i browse to the ldap schema is that 1.3.6.1.4.1.99999.1.2.1 is
>>> there..
>>>
>>> dn:
>>> m-oid=1.3.6.1.4.1.99999.1.2.1,ou=objectClasses,cn=gameaccount,ou=schema
>>> objectClass: metaObjectClass
>>> objectClass: metaTop
>>> objectClass: top
>>> m-oid: 1.3.6.1.4.1.99999.1.2.1
>>> m-description: LDAP representation of a player
>>> m-must: cn
>>> m-must: gaBaseCurrency
>>> m-must: gaPartnerRef
>>> m-must: gaPartnerWebKey
>>> m-must: gaPlayerGuid
>>> m-must: gaPlayerId
>>> m-must: gaPlayerTokenId
>>> m-must: gaSessionWebKey
>>> m-name: gaPlayer
>>> m-obsolete: FALSE
>>> m-supObjectClass: inetOrgPerson
>>> m-typeObjectClass: STRUCTURAL
>>>
>>> Thank you very much for your continued help :-)
>>>
>>> Yiannis
>>>
>>>
>>>
>>
>>
>>
>

Re: [ApacheDS] Adding a security principal in an embedded context

[Yiannis Mavroukakis <im...@gameaccount.com>]

You rock thanks :)

Emmanuel Lecharny wrote:
> Hi,
>
> On Mon, Feb 9, 2009 at 3:40 PM, Yiannis Mavroukakis
> <im...@gameaccount.com> wrote:
>   
>> Hello again :-)
>>
>> There might be a blindingly obvious answer to my question, but I'm having a
>> major senior moment and I can't see it myself..In an embedded configuration,
>> how does
>> one go about adding a user as the security principal? Is it a matter of
>> creating a cn with the details on startup or is there something a little
>> more involved here?
>>     
>
> The way it works is that you just have to define a user with a
> userPassword attribute set. Then the Bind operation will use this user
> DN to lookup into the entry, check that the passwords are equals, and
> grant you access to the data.
>
>   
>> Thanks,
>>
>> Yiannis.
>>
>>     
>
>
>
>   

Re: [ApacheDS] Adding a security principal in an embedded context

[Emmanuel Lecharny <el...@apache.org>]

Hi,

On Mon, Feb 9, 2009 at 3:40 PM, Yiannis Mavroukakis
<im...@gameaccount.com> wrote:
>
> Hello again :-)
>
> There might be a blindingly obvious answer to my question, but I'm having a
> major senior moment and I can't see it myself..In an embedded configuration,
> how does
> one go about adding a user as the security principal? Is it a matter of
> creating a cn with the details on startup or is there something a little
> more involved here?

The way it works is that you just have to define a user with a
userPassword attribute set. Then the Bind operation will use this user
DN to lookup into the entry, check that the passwords are equals, and
grant you access to the data.

>
> Thanks,
>
> Yiannis.
>



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: [ApacheDS] Problems adding an entry using a custom schema

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hey Stefan,

Ah that concept escaped me..at the moment this looks like

# gaPlayer
objectclass ( 1.3.6.1.4.1.99999.1.2.1
        NAME 'gaPlayer'
        DESC 'LDAP representation of a player'
        SUP inetOrgPerson
        STRUCTURAL
        MUST ( cn $ gaPlayerGuid $ gaPartnerRef $ gaPartnerWebKey $ 
gaSessionWebKey $ gaPlayerTokenId $ gaPlayerId $ gaComment $ 
gaBaseCurrency )
        )

one point I didn't mention is that this schema is coming straight from 
openldap..so you're suggesting I change Structural to Auxiliary? However 
I am using other bits and pieces from other
schemas, like "mail" and "sn" and those don't seem to blow up..

Thanks,

Yiannis.

Stefan Seelmann wrote:
> Right, the 'c' attribute is declared in the core schema. However you 
> need to add it (and also the other existing attributes) to your 
> gaPlayer objectClass, either as m-must or m-may.
>
> However I would recommend another approach: Define your gaPlayer 
> objectClass as 'auxiliary' with your gaXYZ attributes. Then use an 
> existing object class (e.g inetOrgPerson) as structural object class 
> and gaPlayer as additional object class for your users:
>
> dn: cn=imavroukakis,ou=Player,dc=gameaccount,dc=com
> objectClass: top
> objectClass: inetOrgPerson
> objectClass: gaPlayer
> ...
>
> Kind Regards,
> Stefan
>
>

Re: [ApacheDS] Problems adding an entry using a custom schema

[Stefan Seelmann <se...@apache.org>]

Right, the 'c' attribute is declared in the core schema. However you  
need to add it (and also the other existing attributes) to your  
gaPlayer objectClass, either as m-must or m-may.

However I would recommend another approach: Define your gaPlayer  
objectClass as 'auxiliary' with your gaXYZ attributes. Then use an  
existing object class (e.g inetOrgPerson) as structural object class  
and gaPlayer as additional object class for your users:

dn: cn=imavroukakis,ou=Player,dc=gameaccount,dc=com
objectClass: top
objectClass: inetOrgPerson
objectClass: gaPlayer
...

Kind Regards,
Stefan

Re: [ApacheDS] Problems adding an entry using a custom schema

[Yiannis Mavroukakis <im...@gameaccount.com>]

Alex,

I am such a fool :-) Your email came in just as I was about to post that 
I had the schema disabled in the pom..<knocks head>
It went a lot further now, but it's complaining that the 'c' attribute 
is not declared..isn't this a core schema attribute??

 Attribute c not declared in objectClasses of entry 
cn=imavroukakis,ou=Player,dc=gameaccount,dc=com]; remaining name 
'cn=imavroukakis'

Thanks!

Y.

Alex Karasulu wrote:
> Is your gameaccount schema enabled?  Just check if there's a m-disabled
> attribute set to TRUE.  You can just remove that attribute or set it to
> false.
>
> Alex
>
> On Wed, Feb 11, 2009 at 10:44 AM, Yiannis Mavroukakis <
> imavroukakis@gameaccount.com> wrote:
>
>   
>> Hi everyone!
>>
>> I've managed to embed ApacheDS into our JBoss app server, it lanuches fine
>> and waits for connections. The problem I have now is that when I try to add
>> a user to
>> our context it blows up. Before it does that though, I have the following
>> lines in our log:
>>
>> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayertokenid'
>> cannot be stored
>> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayerid' cannot
>> be stored
>> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gabasecurrency'
>> cannot be stored
>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerref' cannot
>> be stored
>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gacomment' cannot be
>> stored
>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gasessionwebkey'
>> cannot be stored
>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerwebkey'
>> cannot be stored
>> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gaplayerguid' cannot
>> be stored
>>
>> And the main exception is:
>>
>> javax.naming.NamingException: [LDAP: error code 54 - LOOP_DETECT: failed
>> for     Add Request :
>> ClientEntry
>>   dn: cn=imavroukakis,ou=Player,dc=gameaccount,dc=com
>>   objectClass: top
>>   objectClass: gaPlayer
>>   postalCode: E12345
>>   mail: i.mavroukakis@btinternet.com
>>   sn: orvaMsikaku
>>   ou: Player
>>   c: GR
>>   givenname: aoIsinn
>>   o: gameaccount
>>   gaPlayerTokenId: AB9C2965-8A84-40B5-B14B-0E0E991A001E
>>   l: London
>>   gaPlayerId: 482101
>>   userPassword: ''
>>   postalAddress: 43 Somewhare Point, 1 Some Place
>>   gaBaseCurrency: GBP
>>   cn: imavroukakis
>>   gaPartnerRef: 192489DA
>>   st: N/A
>>   gaComment: partner 192489DA playerId 482101
>>   gaSessionWebKey: gameAccount
>>   gaPartnerWebKey: gameAccount
>>   gaPlayerGuid: 6352FC09-1EDC-4043-AD29-F0CD74055587
>> : objectClass w/ OID 1.3.6.1.4.1.99999.1.2.1 not registered!]; remaining
>> name 'cn=imavroukakis'
>>   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3022)
>>   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
>>   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
>>   at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:774)
>>   at
>> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
>>   at
>> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
>>   at com.ga.ldap.Ldap.updatePlayer(Ldap.java:299)
>>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>   at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>   at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>   at java.lang.reflect.Method.invoke(Method.java:597)
>>   at
>> org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
>>   at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
>>   at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
>>   at
>> org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
>>   at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
>>   at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
>>   at $Proxy166.updatePlayer(Unknown Source)
>>   at com.ga.ldap.LdapUpdater.processMessage(LdapUpdater.java:71)
>>   at com.ga.ldap.LdapUpdater.consumeMessage(LdapUpdater.java:58)
>>   at
>> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.consumeMessage$0(ThreadPoolConsumerImpl.java:37)
>>   at
>> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.access$000(ThreadPoolConsumerImpl.java:24)
>>   at
>> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl$0r.run(ThreadPoolConsumerImpl.java:39)
>>   at
>> uk.org.retep.util.thread.ExecutorFactory$RunnableWrapper.run(ExecutorFactory.java:203)
>>   at
>> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
>>   at
>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
>>   at java.lang.Thread.run(Thread.java:619)
>>
>> However if i browse to the ldap schema is that 1.3.6.1.4.1.99999.1.2.1 is
>> there..
>>
>> dn: m-oid=1.3.6.1.4.1.99999.1.2.1,ou=objectClasses,cn=gameaccount,ou=schema
>> objectClass: metaObjectClass
>> objectClass: metaTop
>> objectClass: top
>> m-oid: 1.3.6.1.4.1.99999.1.2.1
>> m-description: LDAP representation of a player
>> m-must: cn
>> m-must: gaBaseCurrency
>> m-must: gaPartnerRef
>> m-must: gaPartnerWebKey
>> m-must: gaPlayerGuid
>> m-must: gaPlayerId
>> m-must: gaPlayerTokenId
>> m-must: gaSessionWebKey
>> m-name: gaPlayer
>> m-obsolete: FALSE
>> m-supObjectClass: inetOrgPerson
>> m-typeObjectClass: STRUCTURAL
>>
>> Thank you very much for your continued help :-)
>>
>> Yiannis
>>
>>     
>
>   

Re: [ApacheDS] Problems adding an entry using a custom schema

[Alex Karasulu <ak...@gmail.com>]

Is your gameaccount schema enabled?  Just check if there's a m-disabled
attribute set to TRUE.  You can just remove that attribute or set it to
false.

Alex

On Wed, Feb 11, 2009 at 10:44 AM, Yiannis Mavroukakis <
imavroukakis@gameaccount.com> wrote:

> Hi everyone!
>
> I've managed to embed ApacheDS into our JBoss app server, it lanuches fine
> and waits for connections. The problem I have now is that when I try to add
> a user to
> our context it blows up. Before it does that though, I have the following
> lines in our log:
>
> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayertokenid'
> cannot be stored
> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayerid' cannot
> be stored
> 15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gabasecurrency'
> cannot be stored
> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerref' cannot
> be stored
> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gacomment' cannot be
> stored
> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gasessionwebkey'
> cannot be stored
> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerwebkey'
> cannot be stored
> 15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gaplayerguid' cannot
> be stored
>
> And the main exception is:
>
> javax.naming.NamingException: [LDAP: error code 54 - LOOP_DETECT: failed
> for     Add Request :
> ClientEntry
>   dn: cn=imavroukakis,ou=Player,dc=gameaccount,dc=com
>   objectClass: top
>   objectClass: gaPlayer
>   postalCode: E12345
>   mail: i.mavroukakis@btinternet.com
>   sn: orvaMsikaku
>   ou: Player
>   c: GR
>   givenname: aoIsinn
>   o: gameaccount
>   gaPlayerTokenId: AB9C2965-8A84-40B5-B14B-0E0E991A001E
>   l: London
>   gaPlayerId: 482101
>   userPassword: ''
>   postalAddress: 43 Somewhare Point, 1 Some Place
>   gaBaseCurrency: GBP
>   cn: imavroukakis
>   gaPartnerRef: 192489DA
>   st: N/A
>   gaComment: partner 192489DA playerId 482101
>   gaSessionWebKey: gameAccount
>   gaPartnerWebKey: gameAccount
>   gaPlayerGuid: 6352FC09-1EDC-4043-AD29-F0CD74055587
> : objectClass w/ OID 1.3.6.1.4.1.99999.1.2.1 not registered!]; remaining
> name 'cn=imavroukakis'
>   at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3022)
>   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
>   at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
>   at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:774)
>   at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
>   at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
>   at com.ga.ldap.Ldap.updatePlayer(Ldap.java:299)
>   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>   at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>   at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>   at java.lang.reflect.Method.invoke(Method.java:597)
>   at
> org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
>   at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
>   at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
>   at
> org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
>   at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
>   at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
>   at $Proxy166.updatePlayer(Unknown Source)
>   at com.ga.ldap.LdapUpdater.processMessage(LdapUpdater.java:71)
>   at com.ga.ldap.LdapUpdater.consumeMessage(LdapUpdater.java:58)
>   at
> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.consumeMessage$0(ThreadPoolConsumerImpl.java:37)
>   at
> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.access$000(ThreadPoolConsumerImpl.java:24)
>   at
> com.ga.messaging.core.consumer.ThreadPoolConsumerImpl$0r.run(ThreadPoolConsumerImpl.java:39)
>   at
> uk.org.retep.util.thread.ExecutorFactory$RunnableWrapper.run(ExecutorFactory.java:203)
>   at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
>   at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
>   at java.lang.Thread.run(Thread.java:619)
>
> However if i browse to the ldap schema is that 1.3.6.1.4.1.99999.1.2.1 is
> there..
>
> dn: m-oid=1.3.6.1.4.1.99999.1.2.1,ou=objectClasses,cn=gameaccount,ou=schema
> objectClass: metaObjectClass
> objectClass: metaTop
> objectClass: top
> m-oid: 1.3.6.1.4.1.99999.1.2.1
> m-description: LDAP representation of a player
> m-must: cn
> m-must: gaBaseCurrency
> m-must: gaPartnerRef
> m-must: gaPartnerWebKey
> m-must: gaPlayerGuid
> m-must: gaPlayerId
> m-must: gaPlayerTokenId
> m-must: gaSessionWebKey
> m-name: gaPlayer
> m-obsolete: FALSE
> m-supObjectClass: inetOrgPerson
> m-typeObjectClass: STRUCTURAL
>
> Thank you very much for your continued help :-)
>
> Yiannis
>

Re: [ApacheDS] Problems adding an entry using a custom schema

[Yiannis Mavroukakis <im...@gameaccount.com>]

Hi everyone!

I've managed to embed ApacheDS into our JBoss app server, it lanuches 
fine and waits for connections. The problem I have now is that when I 
try to add a user to
our context it blows up. Before it does that though, I have the 
following lines in our log:

15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayertokenid' 
cannot be stored
15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gaplayerid' 
cannot be stored
15:36:16,919 WARN  [DefaultServerEntry] The attribute 'gabasecurrency' 
cannot be stored
15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerref' 
cannot be stored
15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gacomment' cannot 
be stored
15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gasessionwebkey' 
cannot be stored
15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gapartnerwebkey' 
cannot be stored
15:36:16,935 WARN  [DefaultServerEntry] The attribute 'gaplayerguid' 
cannot be stored

And the main exception is:

javax.naming.NamingException: [LDAP: error code 54 - LOOP_DETECT: failed 
for     Add Request :
ClientEntry
    dn: cn=imavroukakis,ou=Player,dc=gameaccount,dc=com
    objectClass: top
    objectClass: gaPlayer
    postalCode: E12345
    mail: i.mavroukakis@btinternet.com
    sn: orvaMsikaku
    ou: Player
    c: GR
    givenname: aoIsinn
    o: gameaccount
    gaPlayerTokenId: AB9C2965-8A84-40B5-B14B-0E0E991A001E
    l: London
    gaPlayerId: 482101
    userPassword: ''
    postalAddress: 43 Somewhare Point, 1 Some Place
    gaBaseCurrency: GBP
    cn: imavroukakis
    gaPartnerRef: 192489DA
    st: N/A
    gaComment: partner 192489DA playerId 482101
    gaSessionWebKey: gameAccount
    gaPartnerWebKey: gameAccount
    gaPlayerGuid: 6352FC09-1EDC-4043-AD29-F0CD74055587
: objectClass w/ OID 1.3.6.1.4.1.99999.1.2.1 not registered!]; remaining 
name 'cn=imavroukakis'
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3022)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2951)
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2758)
    at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:774)
    at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:319)
    at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:248)
    at com.ga.ldap.Ldap.updatePlayer(Ldap.java:299)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at 
org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
    at 
org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
    at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
    at $Proxy166.updatePlayer(Unknown Source)
    at com.ga.ldap.LdapUpdater.processMessage(LdapUpdater.java:71)
    at com.ga.ldap.LdapUpdater.consumeMessage(LdapUpdater.java:58)
    at 
com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.consumeMessage$0(ThreadPoolConsumerImpl.java:37)
    at 
com.ga.messaging.core.consumer.ThreadPoolConsumerImpl.access$000(ThreadPoolConsumerImpl.java:24)
    at 
com.ga.messaging.core.consumer.ThreadPoolConsumerImpl$0r.run(ThreadPoolConsumerImpl.java:39)
    at 
uk.org.retep.util.thread.ExecutorFactory$RunnableWrapper.run(ExecutorFactory.java:203)
    at 
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
    at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
    at java.lang.Thread.run(Thread.java:619)

However if i browse to the ldap schema is that 1.3.6.1.4.1.99999.1.2.1 
is there..

dn: m-oid=1.3.6.1.4.1.99999.1.2.1,ou=objectClasses,cn=gameaccount,ou=schema
objectClass: metaObjectClass
objectClass: metaTop
objectClass: top
m-oid: 1.3.6.1.4.1.99999.1.2.1
m-description: LDAP representation of a player
m-must: cn
m-must: gaBaseCurrency
m-must: gaPartnerRef
m-must: gaPartnerWebKey
m-must: gaPlayerGuid
m-must: gaPlayerId
m-must: gaPlayerTokenId
m-must: gaSessionWebKey
m-name: gaPlayer
m-obsolete: FALSE
m-supObjectClass: inetOrgPerson
m-typeObjectClass: STRUCTURAL

Thank you very much for your continued help :-)

Yiannis