You are viewing a plain text version of this content. The canonical link for it is here.

Posted to api@directory.apache.org by Jim Constantine <ja...@hotwire.com> on 2013/11/27 03:12:07 UTC

binding and active directory

Hi,
I'm using apache.directory.api with Active Directory.  My directory does not
allow anonymous binding, so I'm binding with domain credentials in the form:
domain\userid and password.   The only way I could get bind to succeed was
to use this form:

            // of course AD is different here
            BindRequest br = new BindRequestImpl();
            br.setSimple(true);
            br.setName(bindUser);
            br.setCredentials(bindPw);

            BindResponse bir = connection.bind(br);

The bind is successful, but I'm getting a warning log message.

[main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl - Enable to convert the name to a DN.
org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: ERR_04202 A value is missing on some RDN
	at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
	at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
	at org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
        …

First off the message has a typo:  Enable should be Unable
Secondly the bind succeeds.  So what I want to know is, should I be performing the bind differently to
avoid the warning?  

Thanks.

Re: binding and active directory

Posted by Emmanuel Lécharny <el...@gmail.com>.

Le 11/28/13 3:42 AM, Jim Constantine a écrit :
> Thanks Kiran,
>
> I would love to get rid of the warning rather than mask it.
> Any tips on how to discover what the valid DN would be for our AD.
> I can connect to AD with Apache Directory Studio, which is a great
> tool btw. 

I do think we should transform this warning into a INFO trace. Either
the bind is successful, and we are fine,  or it's a failure, and we have
some trace saying so anyway, so there is no need to warn the user for no
reason.



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: binding and active directory

Posted by Jim Constantine <ja...@hotwire.com>.

Thanks Kiran,

I would love to get rid of the warning rather than mask it.
Any tips on how to discover what the valid DN would be for our AD.
I can connect to AD with Apache Directory Studio, which is a great
tool btw. 

--Jim

On Nov 26, 2013, at 7:15 PM, Kiran Ayyagari <ka...@apache.org> wrote:

> On Wed, Nov 27, 2013 at 7:42 AM, Jim Constantine
> <ja...@hotwire.com>wrote:
> 
>> 
>> Hi,
>> I'm using apache.directory.api with Active Directory.  My directory does
>> not
>> allow anonymous binding, so I'm binding with domain credentials in the
>> form:
>> domain\userid and password.   The only way I could get bind to succeed was
>> to use this form:
>> 
>>            // of course AD is different here
>>            BindRequest br = new BindRequestImpl();
>>            br.setSimple(true);
>>            br.setName(bindUser);
>>            br.setCredentials(bindPw);
>> 
>>            BindResponse bir = connection.bind(br);
>> 
>> The bind is successful, but I'm getting a warning log message.
>> 
>> [main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl -
>> Enable to convert the name to a DN.
>> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
>> ERR_04202 A value is missing on some RDN
>>        at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
>>        at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
>>        at
>> org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
>>        …
>> 
>> First off the message has a typo:  Enable should be Unable
>> 
> fixed it
> 
>> Secondly the bind succeeds.  So what I want to know is, should I be
>> performing the bind differently to
>> avoid the warning?
>> 
>> by using a DN, but cause it is AD you may or may not know the DN first hand
> the other solution is to add the below line in your log4j.properties file
> log4j.logger.org.apache.directory.api.ldap.model.message.BindRequestImpl=FATAL
> 
> Thanks.
> 
> 
> 
> 
> -- 
> Kiran Ayyagari
> http://keydap.com

Re: binding and active directory

Posted by Kiran Ayyagari <ka...@apache.org>.

On Wed, Nov 27, 2013 at 7:42 AM, Jim Constantine
<ja...@hotwire.com>wrote:

>
> Hi,
> I'm using apache.directory.api with Active Directory.  My directory does
> not
> allow anonymous binding, so I'm binding with domain credentials in the
> form:
> domain\userid and password.   The only way I could get bind to succeed was
> to use this form:
>
>             // of course AD is different here
>             BindRequest br = new BindRequestImpl();
>             br.setSimple(true);
>             br.setName(bindUser);
>             br.setCredentials(bindPw);
>
>             BindResponse bir = connection.bind(br);
>
> The bind is successful, but I'm getting a warning log message.
>
> [main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl -
> Enable to convert the name to a DN.
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN
>         at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
>         at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
>         at
> org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
>         …
>
> First off the message has a typo:  Enable should be Unable
>
fixed it

> Secondly the bind succeeds.  So what I want to know is, should I be
> performing the bind differently to
> avoid the warning?
>
> by using a DN, but cause it is AD you may or may not know the DN first hand
the other solution is to add the below line in your log4j.properties file
log4j.logger.org.apache.directory.api.ldap.model.message.BindRequestImpl=FATAL

Thanks.




-- 
Kiran Ayyagari
http://keydap.com

Re: binding and active directory

Posted by Kiran Ayyagari <ka...@apache.org>.

On Wed, Nov 27, 2013 at 7:42 AM, Jim Constantine
<ja...@hotwire.com>wrote:

>
> Hi,
> I'm using apache.directory.api with Active Directory.  My directory does
> not
> allow anonymous binding, so I'm binding with domain credentials in the
> form:
> domain\userid and password.   The only way I could get bind to succeed was
> to use this form:
>
>             // of course AD is different here
>             BindRequest br = new BindRequestImpl();
>             br.setSimple(true);
>             br.setName(bindUser);
>             br.setCredentials(bindPw);
>
>             BindResponse bir = connection.bind(br);
>
> The bind is successful, but I'm getting a warning log message.
>
> [main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl -
> Enable to convert the name to a DN.
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN
>         at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
>         at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
>         at
> org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
>         …
>
> First off the message has a typo:  Enable should be Unable
>
fixed it

> Secondly the bind succeeds.  So what I want to know is, should I be
> performing the bind differently to
> avoid the warning?
>
> by using a DN, but cause it is AD you may or may not know the DN first hand
the other solution is to add the below line in your log4j.properties file
log4j.logger.org.apache.directory.api.ldap.model.message.BindRequestImpl=FATAL

Thanks.




-- 
Kiran Ayyagari
http://keydap.com