You are viewing a plain text version of this content. The canonical link for it is here.
Posted to api@directory.apache.org by Chris Pike <cl...@psu.edu> on 2017/10/05 19:18:48 UTC
Re: Ldap API Custom Controls
Emmanuel,
We got this working. Is there a git repo for the directory api, or do we have to use subversion to provide the code back?
Thanks,
~Chris Pike
----- Original Message -----
From: "Emmanuel Lecharny" <el...@apache.org>
To: "api" <ap...@directory.apache.org>
Sent: Monday, September 11, 2017 6:57:38 PM
Subject: Re: Ldap API Custom Controls
The control value (3003020101) is a PDU which has teh following meaning :
0x30 0x03 : SEQ length 3
0x02 0x01 0x01 : INTEGER length 1 value 1
So you have sent a correct Control, but the OID has changed :
1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
Windows 2012) and the OID you are using is a new one
(1.2.840.113556.1.4.2239).
I can only bet that the OID is not understood by the Windows machine you
are talking to.
On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <cr...@psu.edu> wrote:
> Thanks Shawn, I was going to ask that. But I got wireshark working.
> Below is the packet I'm assuming we want to see. In concept it looks
> correct, but i'm not sure what the controlValue is suppose to be on the
> wire.
>
> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
> interface 0
> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>
> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
> Ack: 46, Len: 229
> Lightweight Directory Access Protocol
> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
> Administration,dc=develop,dc=local"
> messageID: 7
> protocolOp: modifyRequest (6)
> modifyRequest
> object: cn=model_ouadmin,ou=PSU-OU-
> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
> Administration,dc=develop,dc=local
> modification: 1 item
> [Response In: 10]
> controls: 1 item
> Control
> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
> USA.113556.1.4.2239)
> criticality: True
> controlValue: 3003020101
>
> Thanks.
> Craig Benner
>
> ----- Original Message -----
> From: "Shawn McKinney" <sm...@apache.org>
> To: "api" <ap...@directory.apache.org>
> Sent: Friday, September 8, 2017 9:58:56 AM
> Subject: Re: Ldap API Custom Controls
>
> > On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <cr...@psu.edu> wrote:
> >
> > It will take some changes to get a wireshark capture, since Password's
> can only be managed over a secure connection. Hopefully tomorrow I can get
> you the wireshark capture
>
> Wonder if it would be easier to just enable the API logger containing the
> BER request/response traces? That’s typically how I debug. Saves the
> trouble of setting up wireshark.
>
> <category name="org.apache.directory.api" class="org.apache.log4j.Logger"
> additivity="false">
> <priority value="DEBUG" class="org.apache.log4j.Level"/>
> <appender-ref ref="file"/>
> </category>
>
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: Ldap API Custom Controls
Posted by Emmanuel Lécharny <el...@gmail.com>.
Hi Chris,
I have applied the PR, with a bit of cleanup/modifications :
- First, the class name should be AdPolicyHints, not
LdapServerPolicyHintsOid (the Oid is spurious, so is the LdapServer
prefix, and I added the 'Ad' prefix, as for all the AD controls).
- I have added javadoc to the code, and a standard header (@author tag)
- the control has been moved to the
o.a.d.api.ldap.extras.controls.ad_impl instead of
o.a.d.api.ldap.extras.controls.policyHints_impl (same thing for the
interface package o.a.d.api.ldap.extras.controls.ad.policyHints which
has been moved to o.a.d.api.ldap.extras.controls.ad). The rationnal is
that every AD controls goes under the o.a.d.api.ldap.extrascontrols.ad
package.
Otherwise, all is good.
Thanks for the PR and happy Xmas !
Le 04/12/2017 à 19:19, Chris Pike a écrit :
> Emmanuel,
>
> We have created a pull request
>
> https://github.com/apache/directory-ldap-api/pull/1
>
> Let us know if anything needs changed.
>
> Thanks,
>
> ~Chris P.
>
>
> ----- Original Message -----
> From: "Emmanuel Lécharny" <el...@gmail.com>
> To: "Chris Pike" <cl...@psu.edu>, "api" <ap...@directory.apache.org>, "elecharny" <el...@apache.org>
> Sent: Tuesday, November 28, 2017 5:54:39 PM
> Subject: Re: Ldap API Custom Controls
>
> Hi Chris,
>
> do you need any more information to get the code pushed ?
>
>
> Many thanks !
>
>
>
> Le 05/10/2017 à 21:18, Chris Pike a écrit :
>> Emmanuel,
>>
>> We got this working. Is there a git repo for the directory api, or do we have to use subversion to provide the code back?
>>
>> Thanks,
>>
>> ~Chris Pike
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "Emmanuel Lecharny" <el...@apache.org>
>> To: "api" <ap...@directory.apache.org>
>> Sent: Monday, September 11, 2017 6:57:38 PM
>> Subject: Re: Ldap API Custom Controls
>>
>> The control value (3003020101) is a PDU which has teh following meaning :
>>
>> 0x30 0x03 : SEQ length 3
>> 0x02 0x01 0x01 : INTEGER length 1 value 1
>>
>> So you have sent a correct Control, but the OID has changed :
>> 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
>> Windows 2012) and the OID you are using is a new one
>> (1.2.840.113556.1.4.2239).
>>
>> I can only bet that the OID is not understood by the Windows machine you
>> are talking to.
>>
>>
>> On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <cr...@psu.edu> wrote:
>>
>>> Thanks Shawn, I was going to ask that. But I got wireshark working.
>>> Below is the packet I'm assuming we want to see. In concept it looks
>>> correct, but i'm not sure what the controlValue is suppose to be on the
>>> wire.
>>>
>>> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
>>> interface 0
>>> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
>>> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
>>> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>>>
>>> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
>>> Ack: 46, Len: 229
>>> Lightweight Directory Access Protocol
>>> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
>>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>>> Administration,dc=develop,dc=local"
>>> messageID: 7
>>> protocolOp: modifyRequest (6)
>>> modifyRequest
>>> object: cn=model_ouadmin,ou=PSU-OU-
>>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>>> Administration,dc=develop,dc=local
>>> modification: 1 item
>>> [Response In: 10]
>>> controls: 1 item
>>> Control
>>> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
>>> USA.113556.1.4.2239)
>>> criticality: True
>>> controlValue: 3003020101
>>>
>>> Thanks.
>>> Craig Benner
>>>
>>> ----- Original Message -----
>>> From: "Shawn McKinney" <sm...@apache.org>
>>> To: "api" <ap...@directory.apache.org>
>>> Sent: Friday, September 8, 2017 9:58:56 AM
>>> Subject: Re: Ldap API Custom Controls
>>>
>>>> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <cr...@psu.edu> wrote:
>>>>
>>>> It will take some changes to get a wireshark capture, since Password's
>>> can only be managed over a secure connection. Hopefully tomorrow I can get
>>> you the wireshark capture
>>>
>>> Wonder if it would be easier to just enable the API logger containing the
>>> BER request/response traces? That’s typically how I debug. Saves the
>>> trouble of setting up wireshark.
>>>
>>> <category name="org.apache.directory.api" class="org.apache.log4j.Logger"
>>> additivity="false">
>>> <priority value="DEBUG" class="org.apache.log4j.Level"/>
>>> <appender-ref ref="file"/>
>>> </category>
>>>
>>
>>
>
--
Emmanuel Lecharny
Symas.com
directory.apache.org
Re: Ldap API Custom Controls
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 04/12/2017 à 19:19, Chris Pike a écrit :
> Emmanuel,
>
> We have created a pull request
>
> https://github.com/apache/directory-ldap-api/pull/1
>
> Let us know if anything needs changed.
Thanks !
I'll have a look today.
--
Emmanuel Lecharny
Symas.com
directory.apache.org
Re: Ldap API Custom Controls
Posted by Chris Pike <cl...@psu.edu>.
Emmanuel,
We have created a pull request
https://github.com/apache/directory-ldap-api/pull/1
Let us know if anything needs changed.
Thanks,
~Chris P.
----- Original Message -----
From: "Emmanuel Lécharny" <el...@gmail.com>
To: "Chris Pike" <cl...@psu.edu>, "api" <ap...@directory.apache.org>, "elecharny" <el...@apache.org>
Sent: Tuesday, November 28, 2017 5:54:39 PM
Subject: Re: Ldap API Custom Controls
Hi Chris,
do you need any more information to get the code pushed ?
Many thanks !
Le 05/10/2017 à 21:18, Chris Pike a écrit :
> Emmanuel,
>
> We got this working. Is there a git repo for the directory api, or do we have to use subversion to provide the code back?
>
> Thanks,
>
> ~Chris Pike
>
>
>
>
> ----- Original Message -----
> From: "Emmanuel Lecharny" <el...@apache.org>
> To: "api" <ap...@directory.apache.org>
> Sent: Monday, September 11, 2017 6:57:38 PM
> Subject: Re: Ldap API Custom Controls
>
> The control value (3003020101) is a PDU which has teh following meaning :
>
> 0x30 0x03 : SEQ length 3
> 0x02 0x01 0x01 : INTEGER length 1 value 1
>
> So you have sent a correct Control, but the OID has changed :
> 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
> Windows 2012) and the OID you are using is a new one
> (1.2.840.113556.1.4.2239).
>
> I can only bet that the OID is not understood by the Windows machine you
> are talking to.
>
>
> On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <cr...@psu.edu> wrote:
>
>> Thanks Shawn, I was going to ask that. But I got wireshark working.
>> Below is the packet I'm assuming we want to see. In concept it looks
>> correct, but i'm not sure what the controlValue is suppose to be on the
>> wire.
>>
>> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
>> interface 0
>> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
>> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
>> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>>
>> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
>> Ack: 46, Len: 229
>> Lightweight Directory Access Protocol
>> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local"
>> messageID: 7
>> protocolOp: modifyRequest (6)
>> modifyRequest
>> object: cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local
>> modification: 1 item
>> [Response In: 10]
>> controls: 1 item
>> Control
>> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
>> USA.113556.1.4.2239)
>> criticality: True
>> controlValue: 3003020101
>>
>> Thanks.
>> Craig Benner
>>
>> ----- Original Message -----
>> From: "Shawn McKinney" <sm...@apache.org>
>> To: "api" <ap...@directory.apache.org>
>> Sent: Friday, September 8, 2017 9:58:56 AM
>> Subject: Re: Ldap API Custom Controls
>>
>>> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <cr...@psu.edu> wrote:
>>>
>>> It will take some changes to get a wireshark capture, since Password's
>> can only be managed over a secure connection. Hopefully tomorrow I can get
>> you the wireshark capture
>>
>> Wonder if it would be easier to just enable the API logger containing the
>> BER request/response traces? That’s typically how I debug. Saves the
>> trouble of setting up wireshark.
>>
>> <category name="org.apache.directory.api" class="org.apache.log4j.Logger"
>> additivity="false">
>> <priority value="DEBUG" class="org.apache.log4j.Level"/>
>> <appender-ref ref="file"/>
>> </category>
>>
>
>
--
Emmanuel Lecharny
Symas.com
directory.apache.org
Re: Ldap API Custom Controls
Posted by Emmanuel Lécharny <el...@gmail.com>.
Hi Chris,
do you need any more information to get the code pushed ?
Many thanks !
Le 05/10/2017 à 21:18, Chris Pike a écrit :
> Emmanuel,
>
> We got this working. Is there a git repo for the directory api, or do we have to use subversion to provide the code back?
>
> Thanks,
>
> ~Chris Pike
>
>
>
>
> ----- Original Message -----
> From: "Emmanuel Lecharny" <el...@apache.org>
> To: "api" <ap...@directory.apache.org>
> Sent: Monday, September 11, 2017 6:57:38 PM
> Subject: Re: Ldap API Custom Controls
>
> The control value (3003020101) is a PDU which has teh following meaning :
>
> 0x30 0x03 : SEQ length 3
> 0x02 0x01 0x01 : INTEGER length 1 value 1
>
> So you have sent a correct Control, but the OID has changed :
> 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
> Windows 2012) and the OID you are using is a new one
> (1.2.840.113556.1.4.2239).
>
> I can only bet that the OID is not understood by the Windows machine you
> are talking to.
>
>
> On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <cr...@psu.edu> wrote:
>
>> Thanks Shawn, I was going to ask that. But I got wireshark working.
>> Below is the packet I'm assuming we want to see. In concept it looks
>> correct, but i'm not sure what the controlValue is suppose to be on the
>> wire.
>>
>> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
>> interface 0
>> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
>> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
>> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>>
>> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
>> Ack: 46, Len: 229
>> Lightweight Directory Access Protocol
>> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local"
>> messageID: 7
>> protocolOp: modifyRequest (6)
>> modifyRequest
>> object: cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local
>> modification: 1 item
>> [Response In: 10]
>> controls: 1 item
>> Control
>> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
>> USA.113556.1.4.2239)
>> criticality: True
>> controlValue: 3003020101
>>
>> Thanks.
>> Craig Benner
>>
>> ----- Original Message -----
>> From: "Shawn McKinney" <sm...@apache.org>
>> To: "api" <ap...@directory.apache.org>
>> Sent: Friday, September 8, 2017 9:58:56 AM
>> Subject: Re: Ldap API Custom Controls
>>
>>> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <cr...@psu.edu> wrote:
>>>
>>> It will take some changes to get a wireshark capture, since Password's
>> can only be managed over a secure connection. Hopefully tomorrow I can get
>> you the wireshark capture
>>
>> Wonder if it would be easier to just enable the API logger containing the
>> BER request/response traces? That’s typically how I debug. Saves the
>> trouble of setting up wireshark.
>>
>> <category name="org.apache.directory.api" class="org.apache.log4j.Logger"
>> additivity="false">
>> <priority value="DEBUG" class="org.apache.log4j.Level"/>
>> <appender-ref ref="file"/>
>> </category>
>>
>
>
--
Emmanuel Lecharny
Symas.com
directory.apache.org
Re: Ldap API Custom Controls
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
On 10/05/2017 10:08 PM, Emmanuel Lécharny wrote:
>
>
> Le 05/10/2017 à 21:18, Chris Pike a écrit :
>> Emmanuel,
>>
>> We got this working. Is there a git repo for the directory api, or do we have to use subversion to provide the code back?
>
> The API is in GIT now !
>
> https://gitbox.apache.org/repos/asf?p=directory-ldap-api.git;a=summary
>
> You can also use Github :
>
> https://github.com/apache/directory-shared
Well, that's the old svn mirrored github repo.
I think the new gitbox mirrored one is
https://github.com/apache/directory-ldap-api
Once the other repos are migrated to git we need to request cleanup of
the github repos...
Re: Ldap API Custom Controls
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 05/10/2017 à 21:18, Chris Pike a écrit :
> Emmanuel,
>
> We got this working. Is there a git repo for the directory api, or do we have to use subversion to provide the code back?
The API is in GIT now !
https://gitbox.apache.org/repos/asf?p=directory-ldap-api.git;a=summary
You can also use Github :
https://github.com/apache/directory-shared
PR are welcomed !
Thanks !
--
Emmanuel Lecharny
Symas.com
directory.apache.org