You are viewing a plain text version of this content. The canonical link for it is here.
Posted to api@directory.apache.org by Jim Constantine <ja...@hotwire.com> on 2013/11/27 03:12:07 UTC
binding and active directory
Hi,
I'm using apache.directory.api with Active Directory. My directory does not
allow anonymous binding, so I'm binding with domain credentials in the form:
domain\userid and password. The only way I could get bind to succeed was
to use this form:
// of course AD is different here
BindRequest br = new BindRequestImpl();
br.setSimple(true);
br.setName(bindUser);
br.setCredentials(bindPw);
BindResponse bir = connection.bind(br);
The bind is successful, but I'm getting a warning log message.
[main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl - Enable to convert the name to a DN.
org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: ERR_04202 A value is missing on some RDN
at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
at org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
…
First off the message has a typo: Enable should be Unable
Secondly the bind succeeds. So what I want to know is, should I be performing the bind differently to
avoid the warning?
Thanks.
Re: binding and active directory
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 11/28/13 3:42 AM, Jim Constantine a écrit :
> Thanks Kiran,
>
> I would love to get rid of the warning rather than mask it.
> Any tips on how to discover what the valid DN would be for our AD.
> I can connect to AD with Apache Directory Studio, which is a great
> tool btw.
I do think we should transform this warning into a INFO trace. Either
the bind is successful, and we are fine, or it's a failure, and we have
some trace saying so anyway, so there is no need to warn the user for no
reason.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: binding and active directory
Posted by Jim Constantine <ja...@hotwire.com>.
Thanks Kiran,
I would love to get rid of the warning rather than mask it.
Any tips on how to discover what the valid DN would be for our AD.
I can connect to AD with Apache Directory Studio, which is a great
tool btw.
--Jim
On Nov 26, 2013, at 7:15 PM, Kiran Ayyagari <ka...@apache.org> wrote:
> On Wed, Nov 27, 2013 at 7:42 AM, Jim Constantine
> <ja...@hotwire.com>wrote:
>
>>
>> Hi,
>> I'm using apache.directory.api with Active Directory. My directory does
>> not
>> allow anonymous binding, so I'm binding with domain credentials in the
>> form:
>> domain\userid and password. The only way I could get bind to succeed was
>> to use this form:
>>
>> // of course AD is different here
>> BindRequest br = new BindRequestImpl();
>> br.setSimple(true);
>> br.setName(bindUser);
>> br.setCredentials(bindPw);
>>
>> BindResponse bir = connection.bind(br);
>>
>> The bind is successful, but I'm getting a warning log message.
>>
>> [main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl -
>> Enable to convert the name to a DN.
>> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
>> ERR_04202 A value is missing on some RDN
>> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
>> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
>> at
>> org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
>> …
>>
>> First off the message has a typo: Enable should be Unable
>>
> fixed it
>
>> Secondly the bind succeeds. So what I want to know is, should I be
>> performing the bind differently to
>> avoid the warning?
>>
>> by using a DN, but cause it is AD you may or may not know the DN first hand
> the other solution is to add the below line in your log4j.properties file
> log4j.logger.org.apache.directory.api.ldap.model.message.BindRequestImpl=FATAL
>
> Thanks.
>
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
Re: binding and active directory
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Nov 27, 2013 at 7:42 AM, Jim Constantine
<ja...@hotwire.com>wrote:
>
> Hi,
> I'm using apache.directory.api with Active Directory. My directory does
> not
> allow anonymous binding, so I'm binding with domain credentials in the
> form:
> domain\userid and password. The only way I could get bind to succeed was
> to use this form:
>
> // of course AD is different here
> BindRequest br = new BindRequestImpl();
> br.setSimple(true);
> br.setName(bindUser);
> br.setCredentials(bindPw);
>
> BindResponse bir = connection.bind(br);
>
> The bind is successful, but I'm getting a warning log message.
>
> [main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl -
> Enable to convert the name to a DN.
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN
> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
> at
> org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
> …
>
> First off the message has a typo: Enable should be Unable
>
fixed it
> Secondly the bind succeeds. So what I want to know is, should I be
> performing the bind differently to
> avoid the warning?
>
> by using a DN, but cause it is AD you may or may not know the DN first hand
the other solution is to add the below line in your log4j.properties file
log4j.logger.org.apache.directory.api.ldap.model.message.BindRequestImpl=FATAL
Thanks.
--
Kiran Ayyagari
http://keydap.com
Re: binding and active directory
Posted by Kiran Ayyagari <ka...@apache.org>.
On Wed, Nov 27, 2013 at 7:42 AM, Jim Constantine
<ja...@hotwire.com>wrote:
>
> Hi,
> I'm using apache.directory.api with Active Directory. My directory does
> not
> allow anonymous binding, so I'm binding with domain credentials in the
> form:
> domain\userid and password. The only way I could get bind to succeed was
> to use this form:
>
> // of course AD is different here
> BindRequest br = new BindRequestImpl();
> br.setSimple(true);
> br.setName(bindUser);
> br.setCredentials(bindPw);
>
> BindResponse bir = connection.bind(br);
>
> The bind is successful, but I'm getting a warning log message.
>
> [main] WARN org.apache.directory.api.ldap.model.message.BindRequestImpl -
> Enable to convert the name to a DN.
> org.apache.directory.api.ldap.model.exception.LdapInvalidDnException:
> ERR_04202 A value is missing on some RDN
> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:279)
> at org.apache.directory.api.ldap.model.name.Dn.<init>(Dn.java:211)
> at
> org.apache.directory.api.ldap.model.message.BindRequestImpl.setName(BindRequestImpl.java:213)
> …
>
> First off the message has a typo: Enable should be Unable
>
fixed it
> Secondly the bind succeeds. So what I want to know is, should I be
> performing the bind differently to
> avoid the warning?
>
> by using a DN, but cause it is AD you may or may not know the DN first hand
the other solution is to add the below line in your log4j.properties file
log4j.logger.org.apache.directory.api.ldap.model.message.BindRequestImpl=FATAL
Thanks.
--
Kiran Ayyagari
http://keydap.com