Initializing ldap "applications"

[David Jencks <da...@yahoo.com>]

I'm wondering what the recommended method for initializing ldap  
applications is.  I've been working with my copy of triplesec and  
after the new improved integrity constraints in apacheds trunk it  
turns out that an "entry" ldif file no longer works: the  
dc=example,dc=com "root" needs modification via:

dn: dc=example,dc=com
changetype: modify
add: administrativeRole
administrativeRole: accessControlSpecificArea

before the aci entries can be installed.  This creates a problem  
trying to load stuff using the LdifFileLoader or the ldifDirectory  
feature of the StartupConfiguration.

Currently the LdifFileLoader skips all non-entry content in an .ldif  
file.  It's easy to modify it so it will process all legal  stuff in  
an ldif file (i.e. modifications) (I've done this locally) but on IRC  
elecharny didn't seem to think this was a good idea.

So, what can I do to set up the basic structure triplesec needs to  
work?  I need this both for tests and for actually installing a  
working system.  An "installer" based approach isn't going to be very  
useful since I anticipate a major use of triplesec being embedded in  
application servers.

thanks
david jencks

Re: Initializing ldap "applications"

[Chris Custine <cc...@apache.org>]

Hi David,
I am running into the exact same problem and I think we have had countless
questions about ldif loading similar to this on the mailing list in the past
couple of months.  It is clear that this will become a major issue so we
will definitely need to address this.  I will go ahead and create a Jira
issue for it and I will give it a generic subject to improve ldif loading in
general.

Chris

On 8/28/07, David Jencks <da...@yahoo.com> wrote:
>
> I'm wondering what the recommended method for initializing ldap
> applications is.  I've been working with my copy of triplesec and
> after the new improved integrity constraints in apacheds trunk it
> turns out that an "entry" ldif file no longer works: the
> dc=example,dc=com "root" needs modification via:
>
> dn: dc=example,dc=com
> changetype: modify
> add: administrativeRole
> administrativeRole: accessControlSpecificArea
>
> before the aci entries can be installed.  This creates a problem
> trying to load stuff using the LdifFileLoader or the ldifDirectory
> feature of the StartupConfiguration.
>
> Currently the LdifFileLoader skips all non-entry content in an .ldif
> file.  It's easy to modify it so it will process all legal  stuff in
> an ldif file (i.e. modifications) (I've done this locally) but on IRC
> elecharny didn't seem to think this was a good idea.
>
> So, what can I do to set up the basic structure triplesec needs to
> work?  I need this both for tests and for actually installing a
> working system.  An "installer" based approach isn't going to be very
> useful since I anticipate a major use of triplesec being embedded in
> application servers.
>
> thanks
> david jencks
>
>

Re: Initializing ldap "applications"

[Emmanuel Lecharny <el...@gmail.com>]

Hi David,

sorry for the late answer (release ...)

Could you fill a JIRA so that we don't forget to give you an
appropriate answer, or to start a thread of discussion which will
remain on top of a list of know problems?
I'm afraid that if you don't do that, such questions will get totally
lost in the dev ML :(

Emmanuel

On 8/29/07, David Jencks <da...@yahoo.com> wrote:
> I'm wondering what the recommended method for initializing ldap
> applications is.  I've been working with my copy of triplesec and
> after the new improved integrity constraints in apacheds trunk it
> turns out that an "entry" ldif file no longer works: the
> dc=example,dc=com "root" needs modification via:
>
> dn: dc=example,dc=com
> changetype: modify
> add: administrativeRole
> administrativeRole: accessControlSpecificArea
>
> before the aci entries can be installed.  This creates a problem
> trying to load stuff using the LdifFileLoader or the ldifDirectory
> feature of the StartupConfiguration.
>
> Currently the LdifFileLoader skips all non-entry content in an .ldif
> file.  It's easy to modify it so it will process all legal  stuff in
> an ldif file (i.e. modifications) (I've done this locally) but on IRC
> elecharny didn't seem to think this was a good idea.
>
> So, what can I do to set up the basic structure triplesec needs to
> work?  I need this both for tests and for actually installing a
> working system.  An "installer" based approach isn't going to be very
> useful since I anticipate a major use of triplesec being embedded in
> application servers.
>
> thanks
> david jencks
>
>


-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com