You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by el...@apache.org on 2014/10/21 01:06:18 UTC
[01/50] git commit: FC-131 - RC37 Release
Repository: directory-fortress-core
Updated Branches:
refs/heads/master [created] b59b45415
refs/remotes/origin/HEAD [created] b59b45415
refs/remotes/origin/apacheds [created] d94f3e219
refs/remotes/origin/fortress-dao [created] 0a27c54c6
refs/remotes/origin/master [created] b59b45415
Updated Tags: refs/tags/v1.0-RC27 [created] 514673089
refs/tags/v1.0-RC29 [created] 6d8714018
refs/tags/v1.0-RC30 [created] 52d6803b1
refs/tags/v1.0-RC31 [created] 5c46d9b62
refs/tags/v1.0-RC32 [created] df73bb975
refs/tags/v1.0-RC33 [created] a26091f99
refs/tags/v1.0-RC34 [created] 4fcb96279
refs/tags/v1.0-RC35 [created] 13d5ea688
refs/tags/v1.0-RC36 [created] 10b4308b5
refs/tags/v1.0-RC37 [created] 8843f0624
refs/tags/v1.0-RC38 [created] 7835e7ab2
refs/tags/v1.0-RC39 [created] dcd701c3a
FC-131 - RC37 Release
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/76116bf3
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/76116bf3
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/76116bf3
Branch: refs/heads/master
Commit: 76116bf38110d95ef043dbad8fad116e10918cae
Parents: 53b3a3b
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed May 28 13:14:29 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed May 28 13:14:29 2014 -0500
----------------------------------------------------------------------
build.properties | 16 +++++++++-------
ivy.xml | 23 +++++++++++++++--------
pom.xml | 6 +++---
3 files changed, 27 insertions(+), 18 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/76116bf3/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 7cabdc6..72cf883 100644
--- a/build.properties
+++ b/build.properties
@@ -27,7 +27,7 @@
########################################################################
# Use this Fortress Core version:
-version=1.0-RC36
+version=1.0-RC37
# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true
@@ -76,8 +76,10 @@ ldap.port=389
#ldap.port=10389
# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
-suffix.name=jts
-suffix.dc=us
+suffix.name=openldap
+suffix.dc=org
+#suffix.name=jts
+#suffix.dc=us
#suffix.name=example
#suffix.dc=com
@@ -202,8 +204,8 @@ dflt.checkpoint=checkpoint 64 5
# Option 2 - Debian 64-bit Silver:
platform=Debian-Silver-x86-64
-#slapd.install=dpkg -i symas-openldap-silver.64_2.4.38-2_amd64.deb
-#slapd.uninstall=dpkg -r symas-openldap-silver
+slapd.install=dpkg -i symas-openldap-silver.64_2.4.38-2_amd64.deb
+slapd.uninstall=dpkg -r symas-openldap-silver
install.image.dir=/home/smckinn/archives/debian64
slapd.module.dir=${openldap.root}/lib64/openldap
slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
@@ -280,8 +282,8 @@ tomcat-realm.conf=<Realm className="org.openldap.sentry.tomcat.Tc7AccessMgrProxy
tomcat.dir=../apache-tomcat
#These props are for 'Builder' target and have been moved here: "${user.home}/build.properties"
-openldap.install.artifact.dir=${basedir}
-#openldap.install.artifact.dir=${basedir}/symas-openldap
+#openldap.install.artifact.dir=${basedir}
+openldap.install.artifact.dir=${basedir}/symas-openldap
#tomcat.image.dir=/home/smckinn/archives/tomcat/apache-tomcat-7.0.27
#maven.image.dir=/home/smckinn/archives/java/apache-maven-3.0.4
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/76116bf3/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 96dc147..5c52b86 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -12,8 +12,12 @@
~ top-level directory of the distribution or, alternatively, at
~ <http://www.OpenLDAP.org/license.html>.
-->
-<ivy-module version="2.0">
- <info organisation="org.apache" module="openldap-fortress-core"/>
+<!--<ivy-module version="2.0">-->
+<ivy-module version="2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:noNamespaceSchemaLocation="http://ant.apache.org/ivy/schemas/ivy.xsd"
+ xmlns:e="http://ant.apache.org/ivy/extra">
+
+<info organisation="org.apache" module="openldap-fortress-core"/>
<dependencies>
<!-- Fortress core is dependent on these libs: -->
@@ -47,24 +51,27 @@
<dependency org="org.apache.jmeter" name="ApacheJMeter_java" rev="2.11" conf="default->master" />
<!-- Fortress core source IS dependent org.openldap accelerator: -->
- <dependency org="org.openldap" name="accelerator-impl" rev="1.0-RC36" conf="default->master">
+ <dependency org="org.openldap" name="accelerator-impl" rev="1.0-RC37" conf="default->master">
<artifact name="accelerator-impl" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="accelerator-api" rev="1.0-RC36" conf="default->master">
+ <dependency org="org.openldap" name="accelerator-api" rev="1.0-RC37" conf="default->master">
<artifact name="accelerator-api" type="jar"/>
</dependency>
<!-- Fortress core source is NOT dependent on Sentry, EnMasse or Commander artifacts rather they're required for its QUICKSTART demo apps: -->
- <dependency org="org.openldap" name="sentry" rev="1.0-RC36" conf="default->master">
- <artifact name="sentry" type="jar"/>
+<!--
+ <dependency org="org.openldap" name="sentry" rev="1.0-RC37" conf="default->master">
+ <artifact name="sentry" e:classifier="dist" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="enmasse" rev="1.0-RC36" conf="default->master">
+
+ <dependency org="org.openldap" name="enmasse" rev="1.0-RC37" conf="default->master">
<artifact name="enmasse" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="commander" rev="1.0-RC36" conf="default->master">
+ <dependency org="org.openldap" name="commander" rev="1.0-RC37" conf="default->master">
<artifact name="commander" type="jar"/>
</dependency>
+-->
</dependencies>
</ivy-module>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/76116bf3/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 816d9cc..6b72dbf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
<artifactId>fortress</artifactId>
<packaging>jar</packaging>
<name>Fortress Core</name>
- <version>1.0-RC36</version>
+ <version>1.0-RC37</version>
<description>Fortress is a standards-based Identity and Access Management SDK that implements ANSI RBAC INCITS 359.</description>
<url>http://www.openldap.org/fortress/</url>
@@ -60,13 +60,13 @@
<dependency>
<groupId>org.openldap</groupId>
<artifactId>accelerator-api</artifactId>
- <version>1.0-RC36</version>
+ <version>1.0-RC37</version>
</dependency>
<dependency>
<groupId>org.openldap</groupId>
<artifactId>accelerator-impl</artifactId>
- <version>1.0-RC36</version>
+ <version>1.0-RC37</version>
</dependency>
<dependency>
[38/50] git commit: cleanup up the README.html documents
Posted by el...@apache.org.
cleanup up the README.html documents
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/a5443d21
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/a5443d21
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/a5443d21
Branch: refs/heads/master
Commit: a5443d21c1ccb869034eecaf2610e3089ef75499
Parents: b272ab2
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Jul 30 12:51:49 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Jul 30 12:51:49 2014 -0500
----------------------------------------------------------------------
README-QUICKSTART-APACHEDS.html | 2 +-
README-QUICKSTART-WINDOWS.html | 4 ++--
README-QUICKSTART.html | 12 +++++-------
3 files changed, 8 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a5443d21/README-QUICKSTART-APACHEDS.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART-APACHEDS.html b/README-QUICKSTART-APACHEDS.html
index fa2f4bc..dd0d66c 100644
--- a/README-QUICKSTART-APACHEDS.html
+++ b/README-QUICKSTART-APACHEDS.html
@@ -396,7 +396,7 @@ Run the install-commander-demo target:
</li>
<li>
<h3>More Utilities</h3>
-Other execution targets you may find useful:
+Other execution targets:
<ol type="A">
<br>
<li>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a5443d21/README-QUICKSTART-WINDOWS.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART-WINDOWS.html b/README-QUICKSTART-WINDOWS.html
index 2bf8adb..41d0f1a 100644
--- a/README-QUICKSTART-WINDOWS.html
+++ b/README-QUICKSTART-WINDOWS.html
@@ -375,7 +375,7 @@ http.port=8080
</p></pre>
</li>
<img src="./images/Screenshot10-ant-test-init.png" /><br><br>
-Note: The EnMasse regression tests will run for around 20 minutes.<br><br>
+Note: The EnMasse regression tests will run for around 10 minutes.<br><br>
<li>Verify these tests ran with no ERRORS.
<br><pre><p style="font-family:monospace;color:blue;font-size:14px;">BUILD SUCCESSFUL
</p></pre>
@@ -399,7 +399,7 @@ The 'test-full' target may be re-run as often as necessary. After regressions t
<hr>
<li>
<h3>More Utilities</h3>
-Other execution targets you may find useful:
+Other execution targets:
<ol type="A">
<br>
<li>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a5443d21/README-QUICKSTART.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART.html b/README-QUICKSTART.html
index c651585..d53ab35 100755
--- a/README-QUICKSTART.html
+++ b/README-QUICKSTART.html
@@ -214,7 +214,7 @@ Note 1: WARNING messages in test output are good as these are negative tests in
<br><br>Note 3: These tests load tens of thousands of records into your newly installed directory.
The 'init-slapd' and 'test-full' targets may be re-run as often as necessary. After regressions testing has completed, you may run the 'init-slapd' target to remove all test data from the directory.
</li>
-
+ <hr>
<li>
<h3>Instructions to install Commander Web UI Demo (optional)</h3>
Run the install-commander-demo target:
@@ -222,7 +222,7 @@ Run the install-commander-demo target:
</p></pre>
</li>
-
+ <hr>
<li>
<h3>Instructions to automatically test Commander Web UI Demo (optional)</h3>
Run the commander-maven-test target to perform headless test of Commander Web:
@@ -231,7 +231,7 @@ Run the commander-maven-test target to perform headless test of Commander Web:
note: Firefox must be preinstalled to target system.
</li>
-
+ <hr>
<li>
<h3>Instructions to connect to Commander Web Admin</h3>
Open up browser and enter the following URL:
@@ -241,7 +241,7 @@ Open up browser and enter the following URL:
userId: test
password: test
<br><br>
-Click on links on top or bottons on side of page to navigate between pages
+Click on links on top or buttons on side of page to navigate between pages
</li>
<hr>
@@ -356,9 +356,7 @@ Good places to start learning about Fortress:
</ul>
</li>
</ol>
- <hr>
-
-
+
<hr>
<li>
<h3>Instructions to install EnMasse Policy Server Demo (optional)</h3>
[03/50] git commit: FC-132 - RC37 Cleanup
Posted by el...@apache.org.
FC-132 - RC37 Cleanup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/e2caa8aa
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/e2caa8aa
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/e2caa8aa
Branch: refs/heads/master
Commit: e2caa8aa9839a0f10767ea34c180519c7530285c
Parents: 218ba45
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed May 28 23:10:01 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed May 28 23:10:01 2014 -0500
----------------------------------------------------------------------
ivy.xml | 2 --
1 file changed, 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e2caa8aa/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 5c52b86..2bbccaf 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -60,7 +60,6 @@
</dependency>
<!-- Fortress core source is NOT dependent on Sentry, EnMasse or Commander artifacts rather they're required for its QUICKSTART demo apps: -->
-<!--
<dependency org="org.openldap" name="sentry" rev="1.0-RC37" conf="default->master">
<artifact name="sentry" e:classifier="dist" type="jar"/>
</dependency>
@@ -71,7 +70,6 @@
<dependency org="org.openldap" name="commander" rev="1.0-RC37" conf="default->master">
<artifact name="commander" type="jar"/>
</dependency>
--->
</dependencies>
</ivy-module>
[22/50] git commit: update README.txt procedures for using existing
OpenLDAP server.
Posted by el...@apache.org.
update README.txt procedures for using existing OpenLDAP server.
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/cb05c0bc
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/cb05c0bc
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/cb05c0bc
Branch: refs/heads/master
Commit: cb05c0bc18f0c4bad633d559efa79d97ac1fe6f1
Parents: 12392c9
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jul 3 08:16:53 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jul 3 08:16:53 2014 -0500
----------------------------------------------------------------------
README.txt | 84 ++++++++++++++------
build.properties | 12 +--
.../java/org/openldap/fortress/overview.html | 2 +-
3 files changed, 66 insertions(+), 32 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cb05c0bc/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 40a62d1..5d12a4a 100755
--- a/README.txt
+++ b/README.txt
@@ -15,7 +15,7 @@ ________________________________________________________________________________
###################################################################################
README for Fortress Identity and Access Management SDK
Version 1.0-RC37
-last updated: June 25, 2014
+last updated: July 3, 2014
This document provides instructions to download, compile, test and use the
Fortress IAM with OpenLDAP server. If you don't already have OpenLDAP installed,
@@ -227,37 +227,71 @@ a. Install OpenLDAP using your existing package management system.
+ etc.
-- No need to configure or load the OpenLDAP server. That is handled on step c below.
+b. Copy fortress schema to openldap schema folder:
+cp FORTRESS_HOME/ldap/schema/fortress.schema $OPENLDAP_HOME/etc/openldap/schema
-b. enable the correct installation particulars into FORTRESS_HOME/openldap-fortress-core/build.properties.
+c. Enable Fortress schema in slapd.conf:
- These parameters will need to vary according to how your OpenLDAP system was installed. For Debian OpenLDAP builds,
- use the following:
+include FORTRESS_HOME/etc/openldap/schema/fortress.schema
-## If using Debian/Ubuntu OpenLDAP, uncomment this section:
-db.dir=/var/lib/ldap
-db.hist.dir=${db.dir}/hist
-db.bak.dir=/var/lib/ldap-backup/db
-db.bak.hist.dir=/var/lib/ldap-backup/hist
-slapd.dir=/etc/ldap
-pid.dir=/var/run/slapd
-slapd.module.dir=/usr/lib/ldap
-slapd.start=slapd -f /etc/ldap/slapd.conf
- unless you know what you're doing, take the default:
-log.dbnosynch=dbnosync
-dflt.dbnosynch=dbnosync
-log.checkpoint=checkpoint 4056 60
-dflt.checkpoint=checkpoint 1024 60
+note: for steps b & c above substitute FORTRESS_HOME for root of your OpenLDAP installation.
-c. Run the install target:
+d. For password policy support, enable pwpolicy overlay in slapd.conf:
-if Debian sudo:
->sudo $ANT_HOME/bin/ant init-slapd
+moduleload ppolicy.la
-if not sudo you must run as user that has priv to modify folders in /var and /opt folders:
->su
->$ANT_HOME/bin/ant init-slapd
+e. For Fortress audit support, enable slapoaccesslog in slapd.conf
+
+moduleload accesslog.la
+
+f. Gather the following information about your OpenLDAP instance:
+
+i. suffix
+ii. host
+iii. port
+iv. ldap user account that has read/write priv for default DIT (root works)
+v. pw for above
+vi. ldap user account that has read/write priv for access log DIT (log root works)
+vii. pw for above
+
+
+g. Example OpenLDAP instance:
+
+i. dc=example, dc=com
+ii. myhostname
+iii. 389
+iv. "cn=Manager,dc=example,dc=com"
+v. secret
+vi. "cn=Manager,cn=log"
+vii. secret
+
+h. Modify the build.properties file with settings
+
+i.
+suffix.name=example
+suffix.dc=com
+
+ii. ldap.host=myhostname
+
+iii. ldap.port=389
+
+iv. root.dn=cn=Manager,${suffix}
+
+v. root.pw=secret
+note: the above may be hased using slappasswd
+
+vi. log.root.dn=cn=Manager,${log.suffix}
+
+vii. secret
+
+i. Create the Fortress DIT:
+
+from the FORTRESS_HOME root folder, enter the following:
+
+>$ANT_HOME/bin/ant load-slapd
+
+j. Proceed to SECTION 8 to regression test Fortress and OpenLDAP
___________________________________________________________________________________
###################################################################################
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cb05c0bc/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 438286e..967e463 100644
--- a/build.properties
+++ b/build.properties
@@ -316,11 +316,11 @@ db.bak.audit.dir=${db.root}/backup/rbacaudit
########################################################################
# Use Fortress defined LDAP Group objectclass:
-#group.objectclass=configGroup
-#group.protocol=configProtocol
-#group.properties=configParameter
+group.objectclass=configGroup
+group.protocol=configProtocol
+group.properties=configParameter
# Use Guacamole defined LDAP Group objectclass:
-group.objectclass=guacConfigGroup
-group.protocol=guacConfigProtocol
-group.properties=guacConfigParameter
\ No newline at end of file
+#group.objectclass=guacConfigGroup
+#group.protocol=guacConfigProtocol
+#group.properties=guacConfigParameter
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cb05c0bc/src/main/java/org/openldap/fortress/overview.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/overview.html b/src/main/java/org/openldap/fortress/overview.html
index 4536cad..703963e 100755
--- a/src/main/java/org/openldap/fortress/overview.html
+++ b/src/main/java/org/openldap/fortress/overview.html
@@ -39,7 +39,7 @@
<h2>What technologies are used?</h2>
<p>
Fortress SDK runs on any platform that supports Java technology and LDAP v3 protocols. Functionality that extends beyond
- LDAP v3 is provided via <a href="http://openldap.org/">OpenLDAP</a> specific features. In other words Fortress was optimized to run on OpenLDAP but will work on any directory.
+ LDAP v3 is provided via <a href="http://openldap.org/">OpenLDAP</a> specific features. In other words Fortress was optimized to run on OpenLDAP but works on any directory.
</p>
<hr>
<h2>What are the conditions of use?</h2>
[31/50] git commit: just a few more changes to README
Posted by el...@apache.org.
just a few more changes to README
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/a9c8b686
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/a9c8b686
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/a9c8b686
Branch: refs/heads/master
Commit: a9c8b6867db45ab951a23444c70415b65eb3c906
Parents: aad78e2
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Jul 6 10:51:14 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Jul 6 10:51:14 2014 -0500
----------------------------------------------------------------------
README.txt | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/a9c8b686/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 9517197..9d1858d 100755
--- a/README.txt
+++ b/README.txt
@@ -137,7 +137,7 @@ ________________________________________________________________________________
a. Go to http://iamfortress.org/download
-b. Pull down the Fortress Builder package to match your target platform.
+b. Pull down the Fortress Builder package to match target platform.
c. Follow the steps I, II & III contained within README-QUICKSTART.html, or README-QUICKSTART-WINDOWS.html documents.
@@ -375,11 +375,11 @@ ________________________________________________________________________________
a. Go to Symas.com downloads section.
-b. Register, pull down Silver or Gold packages for target server.
+b. Register, pull down Silver or Gold packages to match target platform.
-c. copy installation binaries to FORTRESS_HOME/openldap-fortress-core/ldap/setup folder.
+c. copy installation binaries to FORTRESS_HOME/ldap/setup folder.
-d. enable the correct installation particulars into FORTRESS_HOME/openldap-fortress-core/build.properties.
+d. enable the correct installation particulars into FORTRESS_HOME/build.properties.
- If using sudo you are required to enter your sudo pw:
@@ -410,7 +410,7 @@ slapd.uninstall=rpm -e symas-openldap-gold
e. Run the install target:
-From $FORTRESS_HOME/openldap-fortress-core folder, enter the following command from a system prompt:
+From $FORTRESS_HOME root folder, enter the following command from a system prompt:
if Debian sudo:
>sudo $ANT_HOME/bin/ant init-slapd
@@ -494,7 +494,7 @@ Testing Notes:
- The 2nd and subsequent times 'test-samples' runs, it will tear down the data loaded during the prior run.
___________________________________________________________________________________
###################################################################################
-# SECTION 11. Instructions to run the openldap-fortress-core command console
+# SECTION 11. Instructions to run the openldap-fortress-core command console using 'console' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
[23/50] git commit: minor change to README
Posted by el...@apache.org.
minor change to README
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/fe0da5fd
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/fe0da5fd
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/fe0da5fd
Branch: refs/heads/master
Commit: fe0da5fdb23b9441ac306e71e64fd6c6151a8e30
Parents: cb05c0b
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jul 3 08:25:27 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jul 3 08:25:27 2014 -0500
----------------------------------------------------------------------
README.txt | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/fe0da5fd/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 5d12a4a..71c5503 100755
--- a/README.txt
+++ b/README.txt
@@ -355,8 +355,9 @@ a. from FORTRESS_HOME enter the following command:
Notes:
- These tests load tens of thousands of ldap records into your newly installed directory.
- - The 'init-slapd' and 'test-full' targets may be re-run as often as necessary.
- - After regressions testing has completed, you may run the 'init-slapd' target to remove all test data from the directory.
+ - The 'init-slapd' and/or 'test-full' targets may be re-run as often as necessary.
+ - After regressions testing has completed. you may run the 'init-slapd' target to remove all test data from the directory.
+ - if you followed steps in, SECTION 6 (existing OpenLDAP server), do NOT run the init-slapd target
- WARNING log messages in test output are good as these are negative tests in action:
- If these test completes without junit or ant ERRORS, Fortress is certified to run on your target ldap server machine.
___________________________________________________________________________________
[27/50] git commit: FC-141 - RC38 Release
Posted by el...@apache.org.
FC-141 - RC38 Release
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/8b569fc5
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/8b569fc5
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/8b569fc5
Branch: refs/heads/master
Commit: 8b569fc5089fe4d836ac6ad8d4de76aced9f8ef9
Parents: cae517f
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Jul 5 13:20:08 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Jul 5 13:20:08 2014 -0500
----------------------------------------------------------------------
README.txt | 71 +++++++++++++++++++++++++++++++--------------------
build.properties | 10 ++++----
build.xml | 2 +-
ivy.xml | 24 +++++++++--------
pom.xml | 6 ++---
5 files changed, 65 insertions(+), 48 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/8b569fc5/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index b47aef8..a02de53 100755
--- a/README.txt
+++ b/README.txt
@@ -15,7 +15,7 @@ ________________________________________________________________________________
###################################################################################
README for Fortress Identity and Access Management SDK
Version 1.0-RC37
-last updated: July 3, 2014
+last updated: July 4, 2014
This document provides instructions to download, compile, test and use the
Fortress IAM with OpenLDAP server. If you don't already have OpenLDAP installed,
@@ -25,20 +25,22 @@ ________________________________________________________________________________
# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
###################################################################################
1. Internet access to retrieve source code from OpenLDAP GIT and binary dependencies from online Maven repo.
-
-Fortress uses Apache Ant for installation and management of its operations. Ordinarily the target environment
-would have access to the Internet to pull down its dependencies from Maven but may run without outside connection iff:
-
-a. The binary dependencies are already present in FORTRESS_HOME/lib folder. For list of dependencies goto ivy.xml file.
-b. Local mode has been enabled on target machine. This can be done by adding the following entry to your build.properties file:
+Fortress installation procedures use Apache Ant & Ivy. Ivy pulls external dependencies from Maven repositories.
+These ant targets need external access to the Internet to pull down dependencies but may run without external connection IFF:
+a. The necessary binary jars are already present and loaded into FORTRESS_HOME/lib folder. For list of dependency jars check out the ivy.xml file.
+b. Local mode has been enabled in target runtime env. This can be done by adding the following to build.properties file:
local.mode=true
+More prereqs:
+
2. Java SDK Version 7 or beyond installed to target environment
+
3. Apache Ant 1.8 or beyond installed to target environment
+
4. OpenLDAP installed to target system. (options follow in section 1).
-Note: Fortress SDK is LDAPv3 compliant and works with other directory servers, especially ApacheDS:
+Note: Fortress is LDAPv3 compliant and works with other directory servers, especially ApacheDS:
README-QUICKSTART-APACHEDS.html.
5. GIT installed to target environment. (Fortress developers only)
@@ -91,7 +93,7 @@ This will pull down source code from GIT and load into
the directory from which it ran, hereafter called 'FORTRESS_HOME'.
___________________________________________________________________________________
###################################################################################
-# SECTION 3. Instructions to build openldap-fortress-core software distribution packages
+# SECTION 3. Instructions to build openldap-fortress-core software distribution packages using 'dist' target.
###################################################################################
NOTE: The Fortress build.xml may run without connection to Internet iff:
@@ -126,7 +128,7 @@ c. Follow the steps I, II & III contained within README-QUICKSTART.html, or READ
d. Proceed to SECTION 8 in this document for integration testing Fortress & OpenLDAP on your target platform.
___________________________________________________________________________________
###################################################################################
-# SECTION 5. Instructions to configure openldap-fortress-core SDK for target system
+# SECTION 5. Instructions to configure openldap-fortress-core SDK for target system using build.properties file.
###################################################################################
- This must be done when OpenLDAP is not installed with the Fortress QUICKSTART package.
@@ -214,7 +216,7 @@ slapd.install=rpm -Uvv symas-openldap-gold.i386-2.4.25.110424.rpm
___________________________________________________________________________________
###################################################################################
-# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation.
+# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation using 'load-slapd' target.
###################################################################################
a. Install OpenLDAP using your existing package management system.
@@ -352,7 +354,7 @@ m. Skip to SECTION 8 to regression test Fortress and OpenLDAP
___________________________________________________________________________________
###################################################################################
-# SECTION 7. Instructions for Symas installation of OpenLDAP
+# SECTION 7. Instructions for Symas installation of OpenLDAP - using 'init-slapd' target
###################################################################################
a. Go to Symas.com downloads section.
@@ -403,23 +405,31 @@ if not sudo you must run as user that has priv to modify folders in /var and /op
_______________________________________________________________________________
###############################################################################
-# SECTION 8. Instructions to test openldap-fortress-core using regression tests
+# SECTION 8. Instructions to fully regression test openldap-fortress-core using 'test-full' target
###############################################################################
a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant test-full
-Notes:
- - These tests load tens of thousands of ldap records into your newly installed directory.
- - The 'init-slapd' and/or 'test-full' targets may be re-run as often as necessary.
- - After regressions testing has completed. you may run the 'init-slapd' target to remove all test data from the directory.
- - if you followed steps in, SECTION 6 (existing OpenLDAP server), do NOT run the init-slapd target
- - WARNING log messages in test output are good as these are negative tests in action:
- - If these test completes without junit or ant ERRORS, Fortress is certified to run on your target ldap server machine.
+Testing Notes:
+
+ - If these tests complete without Junit or ant ERRORS, Fortress is certified to run on the target ldap server.
+
+ - These tests will load thousands of records into the target ldap server.
+
+ - The 'test-full' target may be run as many times as necessary and should be run at least twice to test the teardown APIs.
+
+ - The 2nd and subsequent times 'test-full' runs, it will tear down the data loaded during the prior run.
+
+ - After the 'test-full' target runs, you may run the 'init-slapd' target to clear out the the test data loaded.
+ - Unless you followed steps from SECTION 6 (existing OpenLDAP server), in which case do NOT run the 'init-slapd' target.
+
+ - WARNING log messages are good as these are negative tests in action:
+
___________________________________________________________________________________
###################################################################################
-# SECTION 9. Instructions to run the openldap-fortress-core command line interpreter (CLI) utility
+# SECTION 9. Instructions to run the openldap-fortress-core command line interpreter (CLI) utility using 'cli' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
@@ -432,17 +442,11 @@ $FORTRESS_HOME/openldap-fortress-core/dist/docs/api/com/jts/fortress/cli/package
___________________________________________________________________________________
###################################################################################
-# SECTION 10. Learn how to use openldap-fortress-core APIs with samples
+# SECTION 10. Learn how to use openldap-fortress-core APIs with samples using 'test-samples' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
-(if first time sample tests run)
-
->$ANT_HOME/bin/ant test-samples-init
-
-b. Or if subsequent runs:
-
>$ANT_HOME/bin/ant test-samples
c. view and change the samples here:
@@ -461,6 +465,17 @@ f. view the fortress-core SDK java doc here:
$FORTRESS_HOME/openldap-fortress-core/dist/docs/api/index.html
+Testing Notes:
+
+ - Test cases are simple and useful for learning how to code using Fortress APIs.
+
+ - Tests should complete without Junit or ant ERRORS.
+
+ - These tests will load some records into the target ldap server.
+
+ - The 'test-samples' target may be run as many times as necessary and should be run at least twice to test the teardown APIs.
+
+ - The 2nd and subsequent times 'test-samples' runs, it will tear down the data loaded during the prior run.
___________________________________________________________________________________
###################################################################################
# SECTION 11. Instructions to run the openldap-fortress-core command console
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/8b569fc5/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 967e463..3d6d916 100644
--- a/build.properties
+++ b/build.properties
@@ -27,7 +27,7 @@
########################################################################
# Use this Fortress Core version:
-version=1.0-RC37
+version=1.0-RC38
# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true
@@ -196,7 +196,7 @@ dflt.checkpoint=checkpoint 64 5
# Option 1 - Debian i386 Silver:
#platform=Debian-Silver-i386
-#slapd.install=dpkg -i symas-openldap-silver.32_2.4.38-2_i386.deb
+#slapd.install=dpkg -i symas-openldap-silver.32_2.4.39-1_i386.deb
#slapd.uninstall=dpkg -r symas-openldap-silver
#install.image.dir=/home/smckinn/archives/debian32
#slapd.module.dir=${openldap.root}/lib/openldap
@@ -204,7 +204,7 @@ dflt.checkpoint=checkpoint 64 5
# Option 2 - Debian 64-bit Silver:
platform=Debian-Silver-x86-64
-#slapd.install=dpkg -i symas-openldap-silver.64_2.4.38-2_amd64.deb
+#slapd.install=dpkg -i symas-openldap-silver.64_2.4.39-1_amd64.deb
#slapd.uninstall=dpkg -r symas-openldap-silver
install.image.dir=/home/smckinn/archives/debian64
slapd.module.dir=${openldap.root}/lib64/openldap
@@ -217,7 +217,7 @@ slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f
# Option 4 - Redhat i386 Silver:
#platform=Redhat-Silver-i386
-#slapd.install=rpm -Uvv symas-openldap-silver.i386-2.4.38-2.rpm
+#slapd.install=rpm -Uvv symas-openldap-silver.i386-2.4.39-1.rpm
#slapd.uninstall=rpm -e symas-openldap-silver
#install.image.dir=/home/smckinn/archives/redhat32
#slapd.module.dir=${openldap.root}/lib/openldap
@@ -230,7 +230,7 @@ slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f
# Option 6 - Redhat 64-bit Silver:
#platform=Redhat-Silver-x86-64
-#slapd.install=rpm -Uvv symas-openldap-silver.x86_64-2.4.38-1.rpm
+#slapd.install=rpm -Uvv symas-openldap-silver.x86_64-2.4.39-1.rpm
#slapd.uninstall=rpm -e symas-openldap-silver
#install.image.dir=/home/smckinn/archives/redhat64
#slapd.module.dir=${openldap.root}/lib64/openldap
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/8b569fc5/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index d840de2..c3dac56 100644
--- a/build.xml
+++ b/build.xml
@@ -106,7 +106,7 @@
<!-- ########### Sentry manage & config properties ########################### -->
<property name="sentry" value="sentry"/>
<property name="sentry.dir" value="${basedir}/${sentry}-${version}"/>
- <property name="sentry.zip" value="${lib.dir}/${sentry}-${version}.jar"/>
+ <property name="sentry.zip" value="${lib.dir}/${sentry}-${version}-dist.jar"/>
<!-- ########### EnMasse manage & config properties ########################### -->
<property name="enmasse" value="enmasse"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/8b569fc5/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 2bbccaf..8effb51 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -51,25 +51,27 @@
<dependency org="org.apache.jmeter" name="ApacheJMeter_java" rev="2.11" conf="default->master" />
<!-- Fortress core source IS dependent org.openldap accelerator: -->
- <dependency org="org.openldap" name="accelerator-impl" rev="1.0-RC37" conf="default->master">
+ <dependency org="org.openldap" name="accelerator-impl" rev="1.0-RC38" conf="default->master">
<artifact name="accelerator-impl" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="accelerator-api" rev="1.0-RC37" conf="default->master">
+ <dependency org="org.openldap" name="accelerator-api" rev="1.0-RC38" conf="default->master">
<artifact name="accelerator-api" type="jar"/>
</dependency>
<!-- Fortress core source is NOT dependent on Sentry, EnMasse or Commander artifacts rather they're required for its QUICKSTART demo apps: -->
- <dependency org="org.openldap" name="sentry" rev="1.0-RC37" conf="default->master">
- <artifact name="sentry" e:classifier="dist" type="jar"/>
- </dependency>
+<!--<!–-->
+ <!--<dependency org="org.openldap" name="sentry" rev="1.0-RC38" conf="default->master">-->
+ <!--<artifact name="sentry" e:classifier="dist" type="jar"/>-->
+ <!--</dependency>-->
- <dependency org="org.openldap" name="enmasse" rev="1.0-RC37" conf="default->master">
- <artifact name="enmasse" type="jar"/>
- </dependency>
- <dependency org="org.openldap" name="commander" rev="1.0-RC37" conf="default->master">
- <artifact name="commander" type="jar"/>
- </dependency>
+ <!--<dependency org="org.openldap" name="enmasse" rev="1.0-RC38" conf="default->master">-->
+ <!--<artifact name="enmasse" type="jar"/>-->
+ <!--</dependency>-->
+ <!--<dependency org="org.openldap" name="commander" rev="1.0-RC38" conf="default->master">-->
+ <!--<artifact name="commander" type="jar"/>-->
+ <!--</dependency>-->
+<!--–>-->
</dependencies>
</ivy-module>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/8b569fc5/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index 6b72dbf..b1e1651 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
<artifactId>fortress</artifactId>
<packaging>jar</packaging>
<name>Fortress Core</name>
- <version>1.0-RC37</version>
+ <version>1.0-RC38</version>
<description>Fortress is a standards-based Identity and Access Management SDK that implements ANSI RBAC INCITS 359.</description>
<url>http://www.openldap.org/fortress/</url>
@@ -60,13 +60,13 @@
<dependency>
<groupId>org.openldap</groupId>
<artifactId>accelerator-api</artifactId>
- <version>1.0-RC37</version>
+ <version>${version}</version>
</dependency>
<dependency>
<groupId>org.openldap</groupId>
<artifactId>accelerator-impl</artifactId>
- <version>1.0-RC37</version>
+ <version>${version}</version>
</dependency>
<dependency>
[19/50] git commit: FC-137 - Add description to Permission entity
Posted by el...@apache.org.
FC-137 - Add description to Permission entity
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/e65416cf
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/e65416cf
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/e65416cf
Branch: refs/heads/master
Commit: e65416cf9daf3d1b42d7431bd565eeccecde0500
Parents: 4974c32
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 30 13:57:59 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 30 13:57:59 2014 -0500
----------------------------------------------------------------------
build.properties | 2 +-
.../java/org/openldap/fortress/rbac/PermP.java | 4 ++++
.../org/openldap/fortress/rbac/Permission.java | 21 ++++++++++++++++++++
.../fortress/rbac/dao/apache/PermDAO.java | 13 ++++++++++++
.../fortress/rbac/dao/unboundid/PermDAO.java | 12 +++++++++++
.../openldap/fortress/rbac/PermTestData.java | 1 +
6 files changed, 52 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e65416cf/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 0f4d3d1..438286e 100644
--- a/build.properties
+++ b/build.properties
@@ -160,7 +160,7 @@ openldap.root=/opt/symas
slapd.dir=${openldap.root}/etc/openldap
# to start debug mode:
#slapd.start=${openldap.root}/lib/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap -d -1
-pid.dir=/var/symas
+pid.dir=/var/openldap
db.dir=${db.root}/dflt
db.hist.dir=${db.root}/hist
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e65416cf/src/main/java/org/openldap/fortress/rbac/PermP.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/PermP.java b/src/main/java/org/openldap/fortress/rbac/PermP.java
index 780d6d9..4108516 100755
--- a/src/main/java/org/openldap/fortress/rbac/PermP.java
+++ b/src/main/java/org/openldap/fortress/rbac/PermP.java
@@ -565,6 +565,10 @@ public final class PermP
{
VUtil.description( pOp.getType() );
}
+ if ( VUtil.isNotNullOrEmpty( pOp.getDescription() ) )
+ {
+ VUtil.description( pOp.getDescription() );
+ }
// Validate Role Grants:
if ( VUtil.isNotNullOrEmpty( pOp.getRoles() ) )
{
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e65416cf/src/main/java/org/openldap/fortress/rbac/Permission.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/Permission.java b/src/main/java/org/openldap/fortress/rbac/Permission.java
index 5bd7269..8898d5f 100755
--- a/src/main/java/org/openldap/fortress/rbac/Permission.java
+++ b/src/main/java/org/openldap/fortress/rbac/Permission.java
@@ -207,6 +207,7 @@ import org.openldap.fortress.rbac.dao.UserDAO;
"objName",
"opName",
"objId",
+ "description",
"abstractName",
"internalId",
"type",
@@ -227,6 +228,7 @@ public class Permission extends FortEntity
private String abstractName;
private String type;
private String dn;
+ private String description;
@XmlElement(nillable = true)
private Props props = new Props();
//private Properties props;
@@ -578,6 +580,25 @@ public class Permission extends FortEntity
}
/**
+ * Return the description field on this entity. The description is often used as a human readable label for the permission.
+ * @return String containing the description.
+ */
+ public String getDescription()
+ {
+ return description;
+ }
+
+ /**
+ * Set the optional description field on this entity. The description is used as a human readable label for the permission.
+ *
+ * @param description String contains the description.
+ */
+ public void setDescription( String description )
+ {
+ this.description = description;
+ }
+
+ /**
* Gets the value of the Props property. This method is used by Fortress and En Masse and should not be called by external programs.
*
* @return
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e65416cf/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
index 3fa6704..a2a1261 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
@@ -380,6 +380,12 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
// create the internal id:
entry.add( GlobalIds.FT_IID, entity.getInternalId() );
+ // description is optional:
+ if ( VUtil.isNotNullOrEmpty( entity.getDescription() ) )
+ {
+ entry.add( GlobalIds.DESC, entity.getDescription() );
+ }
+
// the abstract name is the human readable identifier:
entry.add( PERM_NAME, entity.getAbstractName() );
@@ -453,6 +459,12 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
ModificationOperation.REPLACE_ATTRIBUTE, PERM_NAME, entity.getAbstractName() ) );
}
+ if ( VUtil.isNotNullOrEmpty( entity.getDescription() ) )
+ {
+ mods.add( new DefaultModification(
+ ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.DESC, entity.getDescription() ) );
+ }
+
if ( VUtil.isNotNullOrEmpty( entity.getType() ) )
{
@@ -997,6 +1009,7 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
entity.setRoles( getAttributeSet( le, ROLES ) );
entity.setUsers( getAttributeSet( le, USERS ) );
entity.setType( getAttribute( le, TYPE ) );
+ entity.setDescription( getAttribute( le, GlobalIds.DESC ) );
entity.addProperties( AttrHelper.getProperties( getAttributes( le, GlobalIds.PROPS ) ) );
entity.setAdmin( isAdmin );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e65416cf/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
index 10f47a5..0fbff79 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
@@ -367,6 +367,11 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
{
attrs.add( createAttribute( POBJ_ID, entity.getObjId() ) );
}
+ // description is optional:
+ if ( VUtil.isNotNullOrEmpty( entity.getDescription() ) )
+ {
+ attrs.add( createAttribute( GlobalIds.DESC, entity.getDescription() ) );
+ }
// type is optional:
if ( VUtil.isNotNullOrEmpty( entity.getType() ) )
{
@@ -418,6 +423,12 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
try
{
LDAPModificationSet mods = new LDAPModificationSet();
+ if ( VUtil.isNotNullOrEmpty( entity.getDescription() ) )
+ {
+ LDAPAttribute desc = new LDAPAttribute( GlobalIds.DESC,
+ entity.getDescription() );
+ mods.add( LDAPModification.REPLACE, desc );
+ }
if ( VUtil.isNotNullOrEmpty( entity.getAbstractName() ) )
{
// the abstract name is the human readable identifier:
@@ -947,6 +958,7 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
entity.setObjName( getAttribute( le, GlobalIds.POBJ_NAME ) );
entity.setObjId( getAttribute( le, POBJ_ID ) );
entity.setOpName( getAttribute( le, GlobalIds.POP_NAME ) );
+ entity.setDescription( getAttribute( le, GlobalIds.DESC ) );
entity.setInternalId( getAttribute( le, GlobalIds.FT_IID ) );
entity.setRoles( getAttributeSet( le, ROLES ) );
entity.setUsers( getAttributeSet( le, USERS ) );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e65416cf/src/test/java/org/openldap/fortress/rbac/PermTestData.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/PermTestData.java b/src/test/java/org/openldap/fortress/rbac/PermTestData.java
index 82684ae..ae5ae83 100755
--- a/src/test/java/org/openldap/fortress/rbac/PermTestData.java
+++ b/src/test/java/org/openldap/fortress/rbac/PermTestData.java
@@ -2776,6 +2776,7 @@ public class PermTestData extends TestCase
pOp.setObjName( objName );
pOp.setObjId( getObjId( op ) );
pOp.setOpName( getName( op ) );
+ pOp.setDescription( getDescription( op ) );
//pOp.setAbstractName(pOp.getObjName() + "." + pOp.getOpName());
pOp.setType( getType( op ) );
pOp.setAdmin( isOpAdmin( op ) );
[39/50] git commit: FC-143 - Add SSL to Unbound connection pool
Posted by el...@apache.org.
FC-143 - Add SSL to Unbound connection pool
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/35ef63db
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/35ef63db
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/35ef63db
Branch: refs/heads/master
Commit: 35ef63dba9b865ed382abcb035a10d5761c7e5a5
Parents: a5443d2
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Aug 2 22:54:48 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Aug 2 22:54:48 2014 -0500
----------------------------------------------------------------------
README.txt | 12 ++++++------
build.properties | 7 +++++++
build.xml | 10 ++++++++++
config/bootstrap/fortress.properties.src | 7 +++++++
config/fortress.properties.src | 7 +++++++
5 files changed, 37 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/35ef63db/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 0b77636..cfb02c8 100755
--- a/README.txt
+++ b/README.txt
@@ -21,17 +21,17 @@ ________________________________________________________________________________
###################################################################################
# Document Overview
# Tips for first-time users of Fortress
-# SECTION 0. Prerequisites for Fortress SDK installation and use with LDAP server
+# SECTION 0. Prerequisites for Fortress SDK installation and usage
# SECTION 1. Options for installing OpenLDAP to target server environment
# SECTION 2. Instructions for Fortress Quickstart builder installation of OpenLDAP
# SECTION 3. Instructions to pull Fortress source code from OpenLDAP GIT
# SECTION 4. Instructions to build software distribution packages using 'dist' target.
# SECTION 5. Instructions to configure SDK for target system using build.properties file.
-# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation using 'load-slapd' target.
+# SECTION 6. Instructions for pre-existing or native OpenLDAP installation using 'load-slapd' target.
# SECTION 7. Instructions for Symas installation of OpenLDAP - using 'init-slapd' target
# SECTION 8. Instructions to integration test using 'test-full' target
# SECTION 9. Instructions to run the command line interpreter (CLI) utility using 'cli' target
-# SECTION 10. Instructions to use Fortress A/P/R/BAC APIs with samples using 'test-samples' target
+# SECTION 10. Instructions to use Fortress A/P/R/BAC APIs with 'test-samples' target
# SECTION 11. Instructions to run the command console using 'console' target
# SECTION 12. Instructions to encrypt LDAP passwords used in config files.
# SECTION 13. Instructions to load data into the default database using 'admin' target.
@@ -78,7 +78,7 @@ ________________________________________________________________________________
http://www.openldap.org/lists/mm/listinfo/openldap-fortress
___________________________________________________________________________________
###################################################################################
-# SECTION 0. Prerequisites for Fortress SDK installation and use with LDAP server
+# SECTION 0. Prerequisites for Fortress SDK installation and usage
###################################################################################
1. Internet access to retrieve source code from OpenLDAP GIT and binary dependencies from online Maven repo.
Fortress installation procedures use Apache Ant & Ivy. Ivy pulls external dependencies from Maven repositories over the Internet.
@@ -273,7 +273,7 @@ user.min.conn=1
user.max.conn=10
___________________________________________________________________________________
###################################################################################
-# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation using 'load-slapd' target.
+# SECTION 6. Instructions for pre-existing or native OpenLDAP installation using 'load-slapd' target.
###################################################################################
a. Install OpenLDAP using preferred method.
@@ -513,7 +513,7 @@ b. follow instructions in the command line interpreter reference manual containe
$FORTRESS_HOME/dist/docs/api/com/jts/fortress/cli/package-summary.html
___________________________________________________________________________________
###################################################################################
-# SECTION 10. Instructions to use Fortress A/P/R/BAC APIs with samples using 'test-samples' target
+# SECTION 10. Instructions to use Fortress A/P/R/BAC APIs with 'test-samples' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/35ef63db/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 3d6d916..e8d2777 100644
--- a/build.properties
+++ b/build.properties
@@ -75,6 +75,13 @@ ldap.port=389
#ldap.host=192.168.1.102
#ldap.port=10389
+# These are for setting up SSL with OpenLDAP Server:
+#enable.ldap.ssl=true
+#enable.ldap.ssl.debug=true
+#trust.store=fully / qualified / file / name / to / truststore
+#trust.store.password=changeit
+#trust.store.set.prop=true
+
# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
suffix.name=openldap
suffix.dc=org
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/35ef63db/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 2fb371e..05bb538 100644
--- a/build.xml
+++ b/build.xml
@@ -793,6 +793,11 @@
<replace file="${dst.bootstrap.conf}" token="@GROUP_OBJECT_CLASS@" value="${group.objectclass}"/>
<replace file="${dst.bootstrap.conf}" token="@GROUP_PROTOCOL@" value="${group.protocol}"/>
<replace file="${dst.bootstrap.conf}" token="@GROUP_PROPERTIES@" value="${group.properties}"/>
+ <replace file="${dst.bootstrap.conf}" token="@ENABLE_LDAP_SSL@" value="${enable.ldap.ssl}"/>
+ <replace file="${dst.bootstrap.conf}" token="@ENABLE_LDAP_SSL_DEBUG@" value="${enable.ldap.ssl.debug}"/>
+ <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE@" value="${trust.store}"/>
+ <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE_PW@" value="${trust.store.password}"/>
+ <replace file="${dst.bootstrap.conf}" token="@TRUST_STORE_SET_PROPW@" value="${trust.store.set.prop}"/>
<copy file="${src.remote.conf}" tofile="${dst.remote.conf}"/>
<replace file="${dst.remote.conf}" token="@SUFFIX@" value="${suffix}"/>
@@ -809,6 +814,11 @@
<replace file="${dst.remote.conf}" token="@REST_HTTP_HOST@" value="${http.host}"/>
<replace file="${dst.remote.conf}" token="@REST_HTTP_PORT@" value="${http.port}"/>
<replace file="${dst.remote.conf}" token="@LDAP_CLIENT_TYPE@" value="${ldap.client.type}"/>
+ <replace file="${dst.remote.conf}" token="@ENABLE_LDAP_SSL@" value="${enable.ldap.ssl}"/>
+ <replace file="${dst.remote.conf}" token="@ENABLE_LDAP_SSL_DEBUG@" value="${enable.ldap.ssl.debug}"/>
+ <replace file="${dst.remote.conf}" token="@TRUST_STORE@" value="${trust.store}"/>
+ <replace file="${dst.remote.conf}" token="@TRUST_STORE_PW@" value="${trust.store.password}"/>
+ <replace file="${dst.remote.conf}" token="@TRUST_STORE_SET_PROPW@" value="${trust.store.set.prop}"/>
<echo message="############### Modify fortress load scripts per user settings ###############"/>
<delete file="${dst.load.bootstrap.script}"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/35ef63db/config/bootstrap/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/bootstrap/fortress.properties.src b/config/bootstrap/fortress.properties.src
index f5ea519..3698533 100755
--- a/config/bootstrap/fortress.properties.src
+++ b/config/bootstrap/fortress.properties.src
@@ -17,6 +17,13 @@
host=@LDAP_HOST@
port=@LDAP_PORT@
+# Used for SSL Connection to LDAP Server:
+enable.ldap.ssl=@ENABLE_LDAP_SSL@
+enable.ldap.ssl.debug=@ENABLE_LDAP_SSL_DEBUG@
+trust.store=@TRUST_STORE@
+trust.store.password=@TRUST_STORE_PW@
+trust.store.set.prop=@TRUST_STORE_SET_PROPW@
+
# These credentials are used for read/write access to all nodes under suffix:
admin.user=@ROOT_DN@
# LDAP admin root pass is encrypted using 'encrypt' target in build.xml:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/35ef63db/config/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/fortress.properties.src b/config/fortress.properties.src
index ac39a62..30a4593 100755
--- a/config/fortress.properties.src
+++ b/config/fortress.properties.src
@@ -19,6 +19,13 @@
host=@LDAP_HOST@
port=@LDAP_PORT@
+# Used for SSL Connection to LDAP Server:
+enable.ldap.ssl=@ENABLE_LDAP_SSL@
+enable.ldap.ssl.debug=@ENABLE_LDAP_SSL_DEBUG@
+trust.store=@TRUST_STORE@
+trust.store.password=@TRUST_STORE_PW@
+trust.store.set.prop=@TRUST_STORE_SET_PROPW@
+
# These credentials are used for read/write access to all nodes under suffix:
admin.user=@ROOT_DN@
# LDAP admin root pass is encrypted using 'encrypt' target in build.xml:
[43/50] git commit: FC-145 - Add SSL to REST client
Posted by el...@apache.org.
FC-145 - Add SSL to REST client
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6d6d1953
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6d6d1953
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6d6d1953
Branch: refs/heads/master
Commit: 6d6d19539209a1f9c080545c3b0176d76538c3fb
Parents: 103d2ac
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Aug 9 14:53:50 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Aug 9 14:53:50 2014 -0500
----------------------------------------------------------------------
build.properties | 6 ++--
.../openldap/fortress/ldap/ConnectionPool.java | 16 +++++------
.../org/openldap/fortress/rest/RestUtils.java | 29 +++++++++++++++++++-
3 files changed, 39 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6d6d1953/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 8095a1e..f9bb753 100644
--- a/build.properties
+++ b/build.properties
@@ -51,6 +51,7 @@ http.user=demouser4
http.pw=password
http.host=localhost
http.port=8080
+http.protocol=http
########################################################################
# 3. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
@@ -73,9 +74,9 @@ ldap.uris=ldap://${ldap.host}:${ldap.port}
#ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}
#enable.ldap.ssl=true
#enable.ldap.ssl.debug=true
-#key.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mykeystore
+#key.store=/home/myuser/fortress/builder/src/test/resources/certs/mykeystore
#key.store.password=changeit
-#trust.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mytruststore
+#trust.store=/home/myuser/fortress/builder/src/test/resources/certs/mytruststore
#trust.store.password=changeit
#trust.store.set.prop=true
@@ -199,6 +200,7 @@ dflt.checkpoint=checkpoint 64 5
###########################################################################################
slapd.start=${openldap.root}/etc/solserver start
+slapd.stop=${openldap.root}/etc/solserver stop
## If using Symas OpenLDAP, uncomment single option from #1 - 8 below:
# Each of the options are used for a particular Symas-OpenLDAP platform.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6d6d1953/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java b/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
index b092ead..df9c0de 100755
--- a/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
+++ b/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
@@ -50,6 +50,7 @@ import java.util.Date;
import com.unboundid.ldap.sdk.migrate.ldapjdk.JavaToLDAPSocketFactory;
import com.unboundid.util.ssl.SSLUtil;
import com.unboundid.util.ssl.TrustStoreTrustManager;
+import org.openldap.fortress.GlobalIds;
import org.openldap.fortress.cfg.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -475,8 +476,6 @@ class ConnectionPool
}
/**
- * *** FORTRESS MOD ****
- *
* Used to manage trust store properties. If enabled, create SSL connection.
*
*/
@@ -486,15 +485,15 @@ class ConnectionPool
private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
private static final boolean IS_SSL = (
Config.getProperty( ENABLE_LDAP_SSL ) != null &&
- Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
- TRUST_STORE != null &&
- TRUST_STORE_PW != null );
+ Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
+ TRUST_STORE != null &&
+ TRUST_STORE_PW != null );
private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
private static final boolean IS_SET_TRUST_STORE_PROP = (
IS_SSL &&
- Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
- Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
+ Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
+ Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG ) != null ) && ( Config
.getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
@@ -523,7 +522,7 @@ class ConnectionPool
private LDAPConnection createConnection() throws LDAPException
{
LDAPConnection newConn = null;
- if(IS_SSL)
+ if( IS_SSL)
{
// Generate SSL Connection using Unbound compatibility lib utils:
// http://stackoverflow.com/questions/22672477/unboundid-ldap-jdk-migration
@@ -555,7 +554,6 @@ class ConnectionPool
return newConn;
}
-
private int find( LDAPConnection con )
{
// Find the matching Connection in the pool
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6d6d1953/src/main/java/org/openldap/fortress/rest/RestUtils.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rest/RestUtils.java b/src/main/java/org/openldap/fortress/rest/RestUtils.java
index 9a2de20..5e4e1cb 100644
--- a/src/main/java/org/openldap/fortress/rest/RestUtils.java
+++ b/src/main/java/org/openldap/fortress/rest/RestUtils.java
@@ -39,6 +39,7 @@ import org.apache.commons.httpclient.methods.RequestEntity;
import org.apache.commons.httpclient.methods.StringRequestEntity;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.helpers.IOUtils;
+import org.openldap.fortress.GlobalIds;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -65,15 +66,41 @@ public class RestUtils
.getProperty( HTTP_PW_PARAM ) ) : Config.getProperty( HTTP_PW_PARAM ) );
private final static String HTTP_HOST = Config.getProperty( "http.host" );
private final static String HTTP_PORT = Config.getProperty( "http.port" );
+ private final static String HTTP_PROTOCOL = Config.getProperty( "http.protocol", "http" );
private static final String VERSION = System.getProperty( "version" );
private static final String SERVICE = "enmasse-" + VERSION;
- private static final String URI = "http://" + HTTP_HOST + ":" + HTTP_PORT + "/" + SERVICE + "/";
+ // TODO: add SSL capability here:
+ private static final String URI = HTTP_PROTOCOL + "://" + HTTP_HOST + ":" + HTTP_PORT + "/" + SERVICE + "/";
private static final int HTTP_OK = 200;
private static final int HTTP_401_UNAUTHORIZED = 401;
private static final int HTTP_403_FORBIDDEN = 403;
private static final int HTTP_404_NOT_FOUND = 404;
private static CachedJaxbContext cachedJaxbContext = new CachedJaxbContext();
+ /**
+ * Used to manage trust store properties. If enabled, create SSL connection.
+ *
+ */
+ private static final String TRUST_STORE = Config.getProperty( "trust.store" );
+ private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
+ private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
+ private static final boolean IS_SET_TRUST_STORE_PROP = (
+ Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
+ Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
+
+ static
+ {
+ if(IS_SET_TRUST_STORE_PROP)
+ {
+ LOG.info( "Set JSSE truststore properties:");
+ LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
+ }
+ }
+
+
+
/**
* Marshall the request into an XML String.
[33/50] git commit: more README refinements
Posted by el...@apache.org.
more README refinements
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/18b3a263
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/18b3a263
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/18b3a263
Branch: refs/heads/master
Commit: 18b3a263741c84aaf08eadc5c80e82d24576bc3d
Parents: 9f71d33
Author: Shawn McKinney <sh...@jts.us>
Authored: Tue Jul 15 10:13:20 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Tue Jul 15 10:13:20 2014 -0500
----------------------------------------------------------------------
README.txt | 77 ++++++++++++++++++++++++++++-----------------------------
1 file changed, 38 insertions(+), 39 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/18b3a263/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 1dbbeb3..ee8a4c0 100755
--- a/README.txt
+++ b/README.txt
@@ -13,12 +13,15 @@
# <http://www.OpenLDAP.org/license.html>.
___________________________________________________________________________________
###################################################################################
-README for Fortress Identity and Access Management SDK
-Version 1.0-RC38
-last updated: July 14, 2014
+# README for Fortress Identity and Access Management SDK
+# Version 1.0-RC38
+# last updated: July 15, 2014
+###################################################################################
+# Introduction
+###################################################################################
-Follow instructions to download, compile, load and test Fortress software with LDAP system.
-If you don't already have LDAP server installed, instructions follow below.
+This document contains instructions to download, compile, load and test Fortress software with LDAP system.
+If you don't already have an LDAP server installed, options to do so follow in subsequent sections.
APIs within this software package adhere to the following security standards:
1 - IETF Password Policy Draft
@@ -30,19 +33,22 @@ APIs within this software package adhere to the following security standards:
The combination of 1 2 & 3 above will be designated as 'A/P/R/BAC' in document as follows.
___________________________________________________________________________________
###################################################################################
-# Tips for first-time users
+# Tips for first-time users of Fortress
###################################################################################
+
+ - Follow the instructions in SECTION 2 (INSTALL Option 1).
+
- Definitions: When you read:
+ FORTRESS_HOME, refer to the package root of the openldap-fortress-core project download.
+ OPENLDAP_HOME, refer to the root of OpenLDAP binary installation folder, e.g. /opt/etc/openldap
+ ANT_HOME, refer to the package root of the target machine's ant distribution package.
- - This software package uses an Apache Ant script (FORTRESS_HOME/build.xml) to compile, install, and configure fortress into an LDAP server using
+ - This software package uses an Apache Ant script (FORTRESS_HOME/build.xml) to compile, install, and configure Fortress into an LDAP server using
operational steps called 'targets'.
- - The Ant targets may be used to manage A/P/R/BAC policy data contained within an existing LDAP server.
+ - The targets may be used to manage A/P/R/BAC policy data contained within an existing LDAP server.
- - This document describes the most important Ant targets to start using fortress. For a complete list of targets, enter (from FORTRESS_HOME):
+ - This document describes the most important targets to start using fortress. For a complete list, enter (from FORTRESS_HOME):
$ANT_HOME/bin/ant -p
- Or view the ant script itself (FORTRESS_HOME/build.xml).
@@ -54,7 +60,7 @@ ________________________________________________________________________________
# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
###################################################################################
1. Internet access to retrieve source code from OpenLDAP GIT and binary dependencies from online Maven repo.
-Fortress installation procedures use Apache Ant & Ivy. Ivy pulls external dependencies from Maven repositories.
+Fortress installation procedures use Apache Ant & Ivy. Ivy pulls external dependencies from Maven repositories over the Internet.
These ant targets need external access to the Internet to pull down dependencies but may run without external connection IFF:
a. The necessary binary jars are already present and loaded into FORTRESS_HOME/lib folder. For list of dependency jars check out the ivy.xml file.
b. Local mode has been enabled in target runtime env. This can be done by adding the following to build.properties file:
@@ -78,28 +84,38 @@ ________________________________________________________________________________
# SECTION 1: Options for installing OpenLDAP to target server environment
###################################################################################
-This document includes three options for installing OpenLDAP server:
+This document includes three options for use of Fortress and LDAP server:
-------------------------------------------------------------------------------
-- INSTALL OPTION 1 - Fortress QUICKSTART installation packages for OpenLDAP server
+- INSTALL OPTION 1 - Fortress QUICKSTART installation packages (that include Symas OpenLDAP server) - recommended for first-time users
-------------------------------------------------------------------------------
- Required Sections to follow:
- 2, 3, 4
+ 2, 8
-------------------------------------------------------------------------------
- INSTALL OPTION 2 - TARGET operating system's OpenLDAP server
-------------------------------------------------------------------------------
- Required Sections to follow:
- 2, 3, 5, 6
+ 3, 4, 5, 6, 8
-------------------------------------------------------------------------------
- INSTALL OPTION 3 - SYMAS Gold and Silver installation packages for OpenLDAP server
-------------------------------------------------------------------------------
- Required Sections to follow:
- 2, 3, 5, 7
+ 3, 4, 5, 7, 8
___________________________________________________________________________________
###################################################################################
-# SECTION 2. Instructions to pull Fortress source code from OpenLDAP GIT
+# SECTION 2. Instructions for FORTRESS QUICKSTART builder installation of OpenLDAP
+###################################################################################
+
+a. Go to http://iamfortress.org/download
+
+b. Pull down the Fortress Builder package to match target platform.
+
+c. Follow the steps I, II & III contained within README-QUICKSTART.html, or README-QUICKSTART-WINDOWS.html documents.
+___________________________________________________________________________________
+###################################################################################
+# SECTION 3. Instructions to pull Fortress source code from OpenLDAP GIT
###################################################################################
# If Fortress User
@@ -121,7 +137,7 @@ Committers: Open a terminal session within preferred folder name/location and en
Pulls source code from GIT and loads into the current directory, hereafter called 'FORTRESS_HOME'.
___________________________________________________________________________________
###################################################################################
-# SECTION 3. Instructions to build openldap-fortress-core software distribution packages using 'dist' target.
+# SECTION 4. Instructions to build openldap-fortress-core software distribution packages using 'dist' target.
###################################################################################
NOTE: The Fortress build.xml may run without connection to Internet iff:
@@ -147,8 +163,9 @@ dist notes:
- Apache Ivy jar will download automatically to the configured $ANT_HOME/lib folder.
-- fortress dependencies will be downloaded from maven global
- Internet repository using Apache Ivy into $FORTRESS_HOME/lib.
+- Dependencies will be downloaded from maven global Internet repository using Apache Ivy into $FORTRESS_HOME/lib.
+
+- Xml file (FORTRESS_HOME/ivy.xml) contains the list of dependencies.
- Fortress source modules will be compiled along with production of java archive (jar)
files, javadoc and sample distributions.
@@ -156,18 +173,6 @@ dist notes:
- Project artifacts are loaded into $FORTRESS_HOME/dist location.
___________________________________________________________________________________
###################################################################################
-# SECTION 4. Instructions for FORTRESS QUICKSTART builder installation of OpenLDAP
-###################################################################################
-
-a. Go to http://iamfortress.org/download
-
-b. Pull down the Fortress Builder package to match target platform.
-
-c. Follow the steps I, II & III contained within README-QUICKSTART.html, or README-QUICKSTART-WINDOWS.html documents.
-
-d. Proceed to SECTION 8 in this document for integration testing Fortress & OpenLDAP on your target platform.
-___________________________________________________________________________________
-###################################################################################
# SECTION 5. Instructions to configure openldap-fortress-core SDK for target system using build.properties file.
###################################################################################
@@ -245,14 +250,6 @@ user.min.conn=1
# You may need to experiment to determine optimal setting for max. It should be much less than concurrent number of user's.
user.max.conn=10
-
-h. (optional) if uninstalling old Symas OpenLDAP, set the slapd.uninstall correct Symas OpenLDAP package name.
-for example, if Redhat i386:
-slapd.uninstall=rpm -e symas-openldap-gold
-
-i. (option if using Symas OpenLDAP binaries) Point slapdInstall.sh to use correct Symas OpenLDAP installation binaries.
-for example for Redhat i386:
-slapd.install=rpm -Uvv symas-openldap-gold.i386-2.4.25.110424.rpm
___________________________________________________________________________________
###################################################################################
# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation using 'load-slapd' target.
@@ -398,6 +395,7 @@ load-slapd notes:
2 - DelegatedAdminManagerLoad.xml - Delegated administration policy - required for EnMasse and Commander web application demonstrations.
3 - FortressDemoUsers.xml - demo/sample data - not required.
- for production usage 2 & 3 above may be cleared out using any ldap client tool.
+
___________________________________________________________________________________
###################################################################################
# SECTION 7. Instructions for Symas installation of OpenLDAP - using 'init-slapd' target
@@ -440,6 +438,7 @@ slapd.uninstall=rpm -e symas-openldap-gold
e. Run the install target:
+
From $FORTRESS_HOME root folder, enter the following command from a system prompt:
if Debian sudo:
[36/50] git commit: minor corrections to README.txt
Posted by el...@apache.org.
minor corrections to README.txt
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/de8f90d7
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/de8f90d7
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/de8f90d7
Branch: refs/heads/master
Commit: de8f90d73216f96b6bc0fdf68863964d74125681
Parents: e6fa6eb
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Jul 19 12:48:14 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Jul 19 12:48:14 2014 -0500
----------------------------------------------------------------------
README.txt | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/de8f90d7/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 622834c..48691c2 100755
--- a/README.txt
+++ b/README.txt
@@ -21,9 +21,8 @@ ________________________________________________________________________________
###################################################################################
# Document Overview
# Tips for first-time users of Fortress
-# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
-# SECTION 1: Options for installing OpenLDAP to target server environment
-# SECTION 1: Options for installing OpenLDAP to target server environment
+# SECTION 0. Prerequisites for Fortress SDK installation and use with LDAP server
+# SECTION 1. Options for installing OpenLDAP to target server environment
# SECTION 2. Instructions for Fortress Quickstart builder installation of OpenLDAP
# SECTION 3. Instructions to pull Fortress source code from OpenLDAP GIT
# SECTION 4. Instructions to build software distribution packages using 'dist' target.
@@ -79,7 +78,7 @@ ________________________________________________________________________________
http://www.openldap.org/lists/mm/listinfo/openldap-fortress
___________________________________________________________________________________
###################################################################################
-# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
+# SECTION 0. Prerequisites for Fortress SDK installation and use with LDAP server
###################################################################################
1. Internet access to retrieve source code from OpenLDAP GIT and binary dependencies from online Maven repo.
Fortress installation procedures use Apache Ant & Ivy. Ivy pulls external dependencies from Maven repositories over the Internet.
@@ -103,7 +102,7 @@ Prereq notes:
- Tested with ApacheDS: FORTRESS_HOME/README-QUICKSTART-APACHEDS.html.
___________________________________________________________________________________
###################################################################################
-# SECTION 1: Options for installing OpenLDAP to target server environment
+# SECTION 1. Options for installing OpenLDAP to target server environment
###################################################################################
This document includes three options for use of Fortress and LDAP server:
[15/50] git commit: FC-138 - Remove public default constructors from
DAOs
Posted by el...@apache.org.
FC-138 - Remove public default constructors from DAOs
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/7f33959a
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/7f33959a
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/7f33959a
Branch: refs/heads/master
Commit: 7f33959a88c52bc615ed9f9c9d63c00cc3f1ce62
Parents: 01ef807
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Jun 29 13:01:47 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Jun 29 13:01:47 2014 -0500
----------------------------------------------------------------------
.../rbac/dao/apache/AcceleratorDAO.java | 72 ++++++++++++++++----
.../fortress/rbac/dao/apache/AdminRoleDAO.java | 5 --
.../fortress/rbac/dao/apache/AuditDAO.java | 8 ---
.../fortress/rbac/dao/apache/OrgUnitDAO.java | 8 ---
.../fortress/rbac/dao/apache/PermDAO.java | 8 ---
.../fortress/rbac/dao/apache/PolicyDAO.java | 8 ---
.../fortress/rbac/dao/apache/RoleDAO.java | 8 ---
.../fortress/rbac/dao/apache/SdDAO.java | 8 ---
.../fortress/rbac/dao/apache/UserDAO.java | 8 ---
.../rbac/dao/unboundid/AdminRoleDAO.java | 5 --
.../fortress/rbac/dao/unboundid/AuditDAO.java | 8 ---
.../fortress/rbac/dao/unboundid/OrgUnitDAO.java | 8 ---
.../fortress/rbac/dao/unboundid/PermDAO.java | 8 ---
.../fortress/rbac/dao/unboundid/PolicyDAO.java | 8 ---
.../fortress/rbac/dao/unboundid/RoleDAO.java | 8 ---
.../fortress/rbac/dao/unboundid/SdDAO.java | 8 ---
.../fortress/rbac/dao/unboundid/UserDAO.java | 8 ---
17 files changed, 60 insertions(+), 134 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index 9a0346d..187ed1e 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -52,23 +52,33 @@ import java.util.ArrayList;
import java.util.List;
+/**
+ * Data access class for invoking RBAC Accelerator server-side operations. This class utilizes the openldap accelerator component for LDAPv3 extended operations.
+ * This class follows the pattern of {@link org.openldap.fortress.AccessMgr} except policy decisions are session state are made/stored on server-side and not client-side.
+ * Its methods are not intended to be invoked by outside clients that should instead use {@link org.openldap.fortress.rbac.AccelMgrImpl}.
+ *
+ * This class is thread safe.
+ *
+ * @author Shawn McKinney
+ */
public final class AcceleratorDAO extends ApacheDsDataProvider implements org.openldap.fortress.rbac.dao.AcceleratorDAO
{
private static final Logger LOG = LoggerFactory.getLogger( AcceleratorDAO.class.getName() );
- /**
- * Package private constructor
- */
- public AcceleratorDAO()
- {
- }
-
/**
+ * Authenticate user and return sessionId inside {@link Session#sessionId}.
+ * This function follows the pattern from: {@link AccessMgr#createSession(org.openldap.fortress.rbac.User, boolean)}
+ * Success will result in rbac session state, i.e. {@link org.openldap.fortress.rbac.Session}, to be stored on server-side.
+ * Result may be stored inside RBAC server-side audit record and retrieved with {@link org.openldap.fortress.AuditMgr#searchBinds(org.openldap.fortress.rbac.UserAudit)}
+ * It uses the {@link RbacCreateSessionRequest} and {@link RbacCreateSessionResponse} accelerator APIs.
+ *
+ * todo: this method does not yet, but will soon, return password policy decisions.
+ *
* @param user
- * @return
+ * @return session contains a valid sessionId captured from accelerator createSession method.
*
- * @throws org.openldap.fortress.SecurityException
+ * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CREATE_SESSION_ERR}.
*
*/
@Override
@@ -131,11 +141,12 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
* to perform the operation on that object if and only if that permission is assigned to (at least)
* one of the session's active roles. This implementation will verify the roles or userId correspond
* to the subject's active roles are registered in the object's access control list.
+ * It uses the {@link RbacCheckAccessRequest} and {@link RbacCheckAccessResponse} accelerator APIs.
*
* @param session This object must be instantiated by calling {@link #createSession} method before passing into the method. No variables need to be set by client after returned from createSession.
* @param perm must contain the object, {@link org.openldap.fortress.rbac.Permission#objName}, and operation, {@link org.openldap.fortress.rbac.Permission#opName}, of permission User is trying to access.
* @return True if user has access, false otherwise.
- * @throws SecurityException in the event of data validation failure, security policy violation or DAO error.
+ * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_CHECK_ACCESS_ERR}.
*/
@Override
public boolean checkAccess( Session session, Permission perm )
@@ -178,6 +189,16 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
}
+ /**
+ * Deactivate user role from rbac session
+ * This function follows the pattern from: {@link AccessMgr#dropActiveRole(org.openldap.fortress.rbac.Session, org.openldap.fortress.rbac.UserRole)}.
+ * Success will result in rbac session state to be modified inside server-side cache.
+ * It uses the {@link RbacDropRoleRequest} and {@link RbacDropRoleResponse} accelerator APIs.
+ *
+ * @param session contains a valid sessionId captured from accelerator createSession method.
+ * @param userRole both the {@link UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
+ * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_DROP_ROLE_ERR}.
+ */
public void dropActiveRole( Session session, UserRole userRole ) throws SecurityException
{
LdapConnection ld = null;
@@ -211,6 +232,16 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
}
}
+ /**
+ * Activate user role into rbac session
+ * This function follows the pattern from: {@link AccessMgr#addActiveRole(org.openldap.fortress.rbac.Session, org.openldap.fortress.rbac.UserRole)}.
+ * Success will result in rbac session state to be modified inside server-side cache.
+ * It uses the {@link RbacAddRoleRequest} and {@link RbacAddRoleResponse} accelerator APIs.
+ *
+ * @param session contains a valid sessionId captured from accelerator createSession method.
+ * @param userRole both the {@link UserRole#userId} and {@link UserRole#name} fields must be set before invoking.
+ * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_ADD_ROLE_ERR}.
+ */
public void addActiveRole( Session session, UserRole userRole ) throws SecurityException
{
LdapConnection ld = null;
@@ -256,6 +287,13 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
}
}
+ /**
+ * Delete the stored session on rbac accelerator server.
+ * It uses the {@link RbacDeleteSessionRequest} and {@link RbacDeleteSessionResponse} accelerator APIs.
+ *
+ * @param session contains a valid sessionId captured from accelerator createSession method.
+ * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_DELETE_SESSION_ERR}.
+ */
public void deleteSession( Session session ) throws SecurityException
{
LdapConnection ld = null;
@@ -283,6 +321,16 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
}
+ /**
+ * SessionRoles returns a list of UserRole's activated for user on rbac server.
+ * It uses the {@link RbacSessionRolesRequest} and {@link RbacSessionRolesResponse} accelerator APIs.
+ *
+ * todo: This method does not yet, but will soon populate temporal constraints associated with entities returned.
+ *
+ * @param session contains a valid sessionId captured from accelerator createSession method.
+ * @return List of type UserRole. May be null if user has no roles activated in session stored - server side.
+ * @throws SecurityException rethrows {@code LdapException} with {@code GlobalErrIds.ACEL_SESSION_ROLES_ERR}.
+ */
public List<UserRole> sessionRoles( Session session ) throws SecurityException
{
LdapConnection ld = null;
@@ -302,8 +350,8 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
userRoleList = new ArrayList<>( );
for( String roleNm : sessionRolesResponse.getRoles() )
{
- UserRole userRole = new UserRole( session.getUserId(), roleNm );
- userRoleList.add( userRole );
+ userRoleList.add( new UserRole( session.getUserId(), roleNm ) );
+ // todo: add temporal constraints here
}
}
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/AdminRoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AdminRoleDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AdminRoleDAO.java
index b8d1408..b10424d 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AdminRoleDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AdminRoleDAO.java
@@ -139,11 +139,6 @@ public final class AdminRoleDAO extends ApacheDsDataProvider implements org.open
};
- public AdminRoleDAO()
- {
- }
-
-
/**
* Create a new AdminRole entity using supplied data. Required attribute is {@link AdminRole#name}.
* This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/AuditDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AuditDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AuditDAO.java
index f128bbf..86a8d4d 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AuditDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AuditDAO.java
@@ -180,14 +180,6 @@ public final class AuditDAO extends ApacheDsDataProvider implements org.openldap
/**
- * Package private default constructor.
- */
- public AuditDAO()
- {
- }
-
-
- /**
* This method returns failed authentications where the userid is not present in the directory. This
* is possible because Fortress performs read on user before the bind.
* User:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/OrgUnitDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/OrgUnitDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/OrgUnitDAO.java
index a54e1e4..503adfd 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/OrgUnitDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/OrgUnitDAO.java
@@ -120,14 +120,6 @@ public final class OrgUnitDAO extends ApacheDsDataProvider implements org.openld
/**
- * Package private default constructor.
- */
- public OrgUnitDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
index 09938b6..3fa6704 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
@@ -195,14 +195,6 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
/**
- * Default constructor is used by internal Fortress classes.
- */
- public PermDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/PolicyDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/PolicyDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/PolicyDAO.java
index 5da81f9..1ebfbd9 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/PolicyDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/PolicyDAO.java
@@ -138,14 +138,6 @@ public final class PolicyDAO extends ApacheDsDataProvider implements org.openlda
/**
- * Package private default constructor.
- */
- public PolicyDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/RoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/RoleDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/RoleDAO.java
index a68b53f..7463a93 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/RoleDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/RoleDAO.java
@@ -114,14 +114,6 @@ public final class RoleDAO extends ApacheDsDataProvider implements org.openldap.
/**
- * Don't let any classes outside of this package construct instance of this class.
- */
- public RoleDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/SdDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/SdDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/SdDAO.java
index 811ed30..93ceff1 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/SdDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/SdDAO.java
@@ -136,14 +136,6 @@ public final class SdDAO extends ApacheDsDataProvider implements org.openldap.fo
/**
- * Package private constructor
- */
- public SdDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
index eb1121c..bc892fa 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
@@ -327,14 +327,6 @@ public final class UserDAO extends ApacheDsDataProvider implements org.openldap.
/**
- * Don't let classes outside of this package construct this.
- */
- public UserDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AdminRoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AdminRoleDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AdminRoleDAO.java
index 98ed2cc..9139f67 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AdminRoleDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AdminRoleDAO.java
@@ -135,11 +135,6 @@ public final class AdminRoleDAO extends UnboundIdDataProvider implements org.ope
};
- public AdminRoleDAO()
- {
- }
-
-
/**
* Create a new AdminRole entity using supplied data. Required attribute is {@link AdminRole#name}.
* This data will be stored in the {@link GlobalIds#ADMIN_ROLE_ROOT} container.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
index 63a2fd7..2d3d4be 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
@@ -177,14 +177,6 @@ public final class AuditDAO extends UnboundIdDataProvider implements org.openlda
/**
- * Package private default constructor.
- */
- public AuditDAO()
- {
- }
-
-
- /**
* This method returns failed authentications where the userid is not present in the directory. This
* is possible because Fortress performs read on user before the bind.
* User:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/OrgUnitDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/OrgUnitDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/OrgUnitDAO.java
index 0d67967..b7d4836 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/OrgUnitDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/OrgUnitDAO.java
@@ -117,14 +117,6 @@ public final class OrgUnitDAO extends UnboundIdDataProvider implements org.openl
/**
- * Package private default constructor.
- */
- public OrgUnitDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
index e1f8aff..10f47a5 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
@@ -188,14 +188,6 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
/**
- * Default constructor is used by internal Fortress classes.
- */
- public PermDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PolicyDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PolicyDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PolicyDAO.java
index 81afca8..9f2ad80 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PolicyDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PolicyDAO.java
@@ -134,14 +134,6 @@ public final class PolicyDAO extends UnboundIdDataProvider implements org.openld
/**
- * Package private default constructor.
- */
- public PolicyDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/RoleDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/RoleDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/RoleDAO.java
index 411e5cc..91affb6 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/RoleDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/RoleDAO.java
@@ -109,14 +109,6 @@ public final class RoleDAO extends UnboundIdDataProvider implements org.openldap
/**
- * Don't let any classes outside of this package construct instance of this class.
- */
- public RoleDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/SdDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/SdDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/SdDAO.java
index e9a1788..c1cf0bf 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/SdDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/SdDAO.java
@@ -133,14 +133,6 @@ public final class SdDAO extends UnboundIdDataProvider implements org.openldap.f
/**
- * Package private constructor
- */
- public SdDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws org.openldap.fortress.CreateException
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/7f33959a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/UserDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/UserDAO.java
index 6edadfc..7c114ff 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/UserDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/UserDAO.java
@@ -319,14 +319,6 @@ public final class UserDAO extends UnboundIdDataProvider implements org.openldap
/**
- * Don't let classes outside of this package construct this.
- */
- public UserDAO()
- {
- }
-
-
- /**
* @param entity
* @return
* @throws CreateException
[46/50] git commit: FC-148 - Extend password max age for demo users
Posted by el...@apache.org.
FC-148 - Extend password max age for demo users
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/23001622
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/23001622
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/23001622
Branch: refs/heads/master
Commit: 23001622084afcafda4cac5fe3c50a7c0ecdabde
Parents: 1b0a0bc
Author: Shawn McKinney <sh...@jts.us>
Authored: Fri Sep 5 08:38:07 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Fri Sep 5 08:38:07 2014 -0500
----------------------------------------------------------------------
config/log4j.xml | 12 ++++++------
ldap/setup/FortressDemoUsers.xml | 10 +++++-----
2 files changed, 11 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/23001622/config/log4j.xml
----------------------------------------------------------------------
diff --git a/config/log4j.xml b/config/log4j.xml
index d9a1b4a..8c77cca 100755
--- a/config/log4j.xml
+++ b/config/log4j.xml
@@ -32,12 +32,12 @@
<appender-ref ref="console"/>
</category>
-<!--
- <category name="org.apache.directory.api" class="org.apache.log4j.Logger" additivity="false">
- <priority value="DEBUG" class="org.apache.log4j.Level"/>
- <appender-ref ref="file"/>
- </category>
--->
+ <!--
+ <category name="org.apache.directory.api" class="org.apache.log4j.Logger" additivity="false">
+ <priority value="DEBUG" class="org.apache.log4j.Level"/>
+ <appender-ref ref="file"/>
+ </category>
+ -->
<root>
<priority value="INFO" class="org.apache.log4j.Level"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/23001622/ldap/setup/FortressDemoUsers.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/FortressDemoUsers.xml b/ldap/setup/FortressDemoUsers.xml
index 40ca567..25a24c4 100755
--- a/ldap/setup/FortressDemoUsers.xml
+++ b/ldap/setup/FortressDemoUsers.xml
@@ -140,16 +140,16 @@
<userrole userId="demoUser10" name="role1" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
<userrole userId="tcmanager" name="manager-gui" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
+ <userrole userId="tcmanager" name="manager-script" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
<userrole userId="tcmanager" name="manager" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
- <userrole userId="tcmanager" name="manager-jmx" beginTime="0000" endTime="0000" beginDate="" endDate="" beginLockDate="" endLockDate="" dayMask="" timeout="0"/>
</adduserrole>
<addrole>
<role name="role1" description="Tomcat Role 1 for Calendar App"/>
<role name="role2" description="Tomcat Role 2 for Calendar App"/>
- <role name="manager-gui" description="Tomcat 7 Manager Role"/>
+ <role name="manager-gui" description="Tomcat 7 Manager Role for Manager UI"/>
+ <role name="manager-script" description="Tomcat 7 Manager Role for Management Scripts"/>
<role name="manager" description="Tomcat Manager Role"/>
- <role name="manager-jmx" description="Tomcat Manager Role"/>
<role name="EnmasseSuperUser" description="Role to access En Masse services"/>
</addrole>
@@ -189,11 +189,11 @@
<!-- safe modify must be false iff user can chg pw after reset -->
<policy name="Test1"
minAge="0"
- maxAge="525600"
+ maxAge="7776000"
inHistory="5"
checkQuality="2"
minLength="4"
- expireWarning="1000000"
+ expireWarning="2592000"
graceLoginLimit="3"
lockout="true"
lockoutDuration="0"
[17/50] git commit: FC-140 - RBAC Overlay DB dir not setup
Posted by el...@apache.org.
FC-140 - RBAC Overlay DB dir not setup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/f0696467
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/f0696467
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/f0696467
Branch: refs/heads/master
Commit: f0696467b414b0b4921cc8a25852e4abed8aa7c2
Parents: 5f07c58
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 30 08:18:03 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 30 08:18:03 2014 -0500
----------------------------------------------------------------------
build.properties | 21 +++++++++++----------
build.xml | 6 ++++--
2 files changed, 15 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f0696467/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index 72cf883..0f4d3d1 100644
--- a/build.properties
+++ b/build.properties
@@ -204,8 +204,8 @@ dflt.checkpoint=checkpoint 64 5
# Option 2 - Debian 64-bit Silver:
platform=Debian-Silver-x86-64
-slapd.install=dpkg -i symas-openldap-silver.64_2.4.38-2_amd64.deb
-slapd.uninstall=dpkg -r symas-openldap-silver
+#slapd.install=dpkg -i symas-openldap-silver.64_2.4.38-2_amd64.deb
+#slapd.uninstall=dpkg -r symas-openldap-silver
install.image.dir=/home/smckinn/archives/debian64
slapd.module.dir=${openldap.root}/lib64/openldap
slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
@@ -282,8 +282,8 @@ tomcat-realm.conf=<Realm className="org.openldap.sentry.tomcat.Tc7AccessMgrProxy
tomcat.dir=../apache-tomcat
#These props are for 'Builder' target and have been moved here: "${user.home}/build.properties"
-#openldap.install.artifact.dir=${basedir}
-openldap.install.artifact.dir=${basedir}/symas-openldap
+openldap.install.artifact.dir=${basedir}
+#openldap.install.artifact.dir=${basedir}/symas-openldap
#tomcat.image.dir=/home/smckinn/archives/tomcat/apache-tomcat-7.0.27
#maven.image.dir=/home/smckinn/archives/java/apache-maven-3.0.4
@@ -308,6 +308,7 @@ sessions.dn=cn=rbac
audit.dn=cn=audit
db.sess.dir=${db.root}/rbacsess
db.audit.dir=${db.root}/rbacaudit
+db.rbac.dir=${db.root}/rbacoverlay
db.bak.audit.dir=${db.root}/backup/rbacaudit
########################################################################
@@ -315,11 +316,11 @@ db.bak.audit.dir=${db.root}/backup/rbacaudit
########################################################################
# Use Fortress defined LDAP Group objectclass:
-group.objectclass=configGroup
-group.protocol=configProtocol
-group.properties=configParameter
+#group.objectclass=configGroup
+#group.protocol=configProtocol
+#group.properties=configParameter
# Use Guacamole defined LDAP Group objectclass:
-#group.objectclass=guacConfigGroup
-#group.protocol=guacConfigProtocol
-#group.properties=guacConfigParameter
\ No newline at end of file
+group.objectclass=guacConfigGroup
+group.protocol=guacConfigProtocol
+group.properties=guacConfigParameter
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/f0696467/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 2439ba3..d840de2 100644
--- a/build.xml
+++ b/build.xml
@@ -691,8 +691,9 @@
<replace file="${target.slapd.conf}" token="@PERMS_DN@" value="${perms.dn}"/>
<replace file="${target.slapd.conf}" token="@SUFFIX@" value="${suffix.dc}"/>
<replace file="${target.slapd.conf}" token="@SUFFIX_NAME@" value="${suffix.name}"/>
- <replace file="${target.slapd.conf}" token="@RBAC_DB_PATH@" value="${db.sess.dir}"/>
+ <replace file="${target.slapd.conf}" token="@RBACSESS_DB_PATH@" value="${db.sess.dir}"/>
<replace file="${target.slapd.conf}" token="@AUDIT_DB_PATH@" value="${db.audit.dir}"/>
+ <replace file="${target.slapd.conf}" token="@RBACOVERLAY_DB_PATH@" value="${db.rbac.dir}"/>
<replace file="${target.slapd.conf}" token="@RBAC_DN@" value="${rbac.dn}"/>
<replace file="${target.slapd.conf}" token="@SESSIONS_DN@" value="${sessions.dn}"/>
<replace file="${target.slapd.conf}" token="@AUDITS_DN@" value="${audit.dn}"/>
@@ -705,7 +706,8 @@
<mkdir dir="${db.sess.dir}"/>
<echo message="############### Create RBAC ACCEL OVERLAY audit folder ###############"/>
<mkdir dir="${db.audit.dir}"/>
-
+ <echo message="############### Create RBAC ACCEL OVERLAY rbac folder ###############"/>
+ <mkdir dir="${db.rbac.dir}"/>
<antcall target="copy-rbac-libs"></antcall>
</target>
[20/50] git commit: reenable unit test functions
Posted by el...@apache.org.
reenable unit test functions
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/98353f8e
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/98353f8e
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/98353f8e
Branch: refs/heads/master
Commit: 98353f8eeaedcf35a6e276b8919892959df0647c
Parents: e65416c
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 30 14:06:35 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 30 14:06:35 2014 -0500
----------------------------------------------------------------------
.../fortress/rbac/accelerator/TestAccelerator.java | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/98353f8e/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
index 828e0e6..5a1a7b2 100644
--- a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
+++ b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
@@ -66,7 +66,7 @@ public class TestAccelerator
}
}
- //@Test
+ @Test
public void testCreateSession()
{
LOG.info( "testCreateSession..." );
@@ -107,7 +107,7 @@ public class TestAccelerator
}
}
- //@Test
+ @Test
public void testCheckAccess()
{
AccelMgr accelMgr = null;
@@ -150,7 +150,7 @@ public class TestAccelerator
}
}
- //@Test
+ @Test
public void testDeleteSession()
{
LOG.info( "testDeleteSession..." );
@@ -198,7 +198,7 @@ public class TestAccelerator
}
}
- //@Test
+ @Test
public void testDropActiveRole()
{
LOG.info( "testDropActiveRole..." );
@@ -227,7 +227,7 @@ public class TestAccelerator
}
- //@Test
+ @Test
public void testCombinedCalls()
{
LOG.info( "testCombinedCalls..." );
[16/50] git commit: FC-139 - AcceleratorDAO CheckAccess sending empty
objectId in request
Posted by el...@apache.org.
FC-139 - AcceleratorDAO CheckAccess sending empty objectId in request
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/5f07c581
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/5f07c581
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/5f07c581
Branch: refs/heads/master
Commit: 5f07c5817d523e7d816c7e212d75f65248169ee2
Parents: 7f33959
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 30 07:51:30 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 30 07:51:30 2014 -0500
----------------------------------------------------------------------
.../org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/5f07c581/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index 187ed1e..f6f2f03 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -160,7 +160,11 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
RbacCheckAccessRequest rbacCheckAccessRequest = new RbacCheckAccessRequestImpl();
rbacCheckAccessRequest.setSessionId( session.getSessionId() );
rbacCheckAccessRequest.setObject( perm.getObjName() );
- rbacCheckAccessRequest.setObjectId( perm.getObjId() );
+ // objectId is optional
+ if(VUtil.isNotNullOrEmpty( perm.getObjId()))
+ {
+ rbacCheckAccessRequest.setObjectId( perm.getObjId() );
+ }
rbacCheckAccessRequest.setOperation( perm.getOpName() );
// Send the request
RbacCheckAccessResponse rbacCheckAccessResponse = ( RbacCheckAccessResponse ) ld.extended(
[06/50] git commit: change license info to OPL
Posted by el...@apache.org.
change license info to OPL
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/8effa67a
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/8effa67a
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/8effa67a
Branch: refs/heads/master
Commit: 8effa67a56a3182d333c777432274a33d7ddf546
Parents: 113be67
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 23 16:17:31 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 23 16:17:31 2014 -0500
----------------------------------------------------------------------
NOTICE.txt | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/8effa67a/NOTICE.txt
----------------------------------------------------------------------
diff --git a/NOTICE.txt b/NOTICE.txt
index 9be0075..a6372e8 100755
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -1,7 +1,21 @@
+#
+# This work is part of OpenLDAP Software <http://www.openldap.org/>.
+#
+# Copyright 1998-2014 The OpenLDAP Foundation.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted only as authorized by the OpenLDAP
+# Public License.
+#
+# A copy of this license is available in the file LICENSE in the
+# top-level directory of the distribution or, alternatively, at
+# <http://www.OpenLDAP.org/license.html>.
+#
+
Fortress Identity Access Management SDK
-Copyright (c) 2009-2014 JoshuaTree Software, LLC
-This product distribution source code was developed by JoshuaTree Software (http://jts.us/).
+This product distribution source code was developed by The OpenLDAP Project (http://openldap.org/).
The purpose of this NOTICE.txt file is to include notices that are required by the copyright owner and their license. Some of the accompanying products have an attribution requirement, so see below. Other accompanying products do not require attribution, so are not listed.
[37/50] git commit: update fortress release link in README
Posted by el...@apache.org.
update fortress release link in README
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/b272ab2f
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/b272ab2f
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/b272ab2f
Branch: refs/heads/master
Commit: b272ab2f9255de504d83c089317d9fcf121d2161
Parents: de8f90d
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jul 21 12:24:24 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jul 21 12:24:24 2014 -0500
----------------------------------------------------------------------
README.txt | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/b272ab2f/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 48691c2..0b77636 100755
--- a/README.txt
+++ b/README.txt
@@ -142,7 +142,7 @@ ________________________________________________________________________________
# If Fortress User
RELEASES from Maven website:
-http://search.maven.org/#browse%7C-1179527181
+http://search.maven.org/#search%7Cga%7C1%7Cg%3A%22org.openldap%22
SNAPSHOTs from OpenLDAP's GIT Software Repo:
http://www.openldap.org/devel/gitweb.cgi?p=openldap-fortress-core.git;a=summary
[04/50] git commit: FC-133 - Fix Accelerator CreateSession negative
test case
Posted by el...@apache.org.
FC-133 - Fix Accelerator CreateSession negative test case
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/1e8533b1
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/1e8533b1
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/1e8533b1
Branch: refs/heads/master
Commit: 1e8533b1818e615c5a6b357f11182e6e945d5370
Parents: e2caa8a
Author: Shawn McKinney <sh...@jts.us>
Authored: Tue Jun 3 09:54:06 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Tue Jun 3 09:54:06 2014 -0500
----------------------------------------------------------------------
.../org/openldap/fortress/rbac/accelerator/TestAccelerator.java | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/1e8533b1/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
index a25f2d5..34cde17 100644
--- a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
+++ b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
@@ -67,6 +67,7 @@ public class TestAccelerator
// negative test case:
user.setUserId( "rbacuser1" );
user.setPassword( "secretx".toCharArray() );
+ session = null;
session = accelMgr.createSession( user, false );
fail("failed negative createSession for rbacuser1");
}
@@ -75,8 +76,8 @@ public class TestAccelerator
// sucess
}
- assertNotNull( session );
- assertFalse( session.isAuthenticated() );
+ // negative case should leave the session null.
+ assertNull( session );
}
catch( org.openldap.fortress.SecurityException se)
{
[13/50] git commit: FC-135 - add objectId to accel checkAccess
Posted by el...@apache.org.
FC-135 - add objectId to accel checkAccess
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9e3c8006
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9e3c8006
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9e3c8006
Branch: refs/heads/master
Commit: 9e3c80063be49c8782b56d166c891cc2fc53e75a
Parents: 63893e3
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jun 26 22:34:34 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jun 26 22:34:34 2014 -0500
----------------------------------------------------------------------
.../rbac/dao/apache/AcceleratorDAO.java | 1 +
.../org/openldap/fortress/util/LogUtil.java | 4 +-
.../fortress/rbac/AccelMgrImplTest.java | 56 +++++++++++++-------
3 files changed, 42 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9e3c8006/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index b4a8c98..2747101 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -143,6 +143,7 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
RbacCheckAccessRequest rbacCheckAccessRequest = new RbacCheckAccessRequestImpl();
rbacCheckAccessRequest.setSessionId( session.getSessionId() );
rbacCheckAccessRequest.setObject( perm.getObjName() );
+ rbacCheckAccessRequest.setObjectId( perm.getObjId() );
rbacCheckAccessRequest.setOperation( perm.getOpName() );
// Send the request
RbacCheckAccessResponse rbacCheckAccessResponse = ( RbacCheckAccessResponse ) ld.extended(
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9e3c8006/src/main/java/org/openldap/fortress/util/LogUtil.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/util/LogUtil.java b/src/main/java/org/openldap/fortress/util/LogUtil.java
index 5aae540..b452c54 100755
--- a/src/main/java/org/openldap/fortress/util/LogUtil.java
+++ b/src/main/java/org/openldap/fortress/util/LogUtil.java
@@ -37,7 +37,9 @@ public class LogUtil
*/
public static void logIt(String msg)
{
- msg = getContext() + " " + msg;
+ if(VUtil.isNotNullOrEmpty( getContext() ))
+ msg = getContext() + " " + msg;
+
if(LOG.isDebugEnabled())
{
LOG.debug( msg );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9e3c8006/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
index 143acd4..f2e34fe 100644
--- a/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
+++ b/src/test/java/org/openldap/fortress/rbac/AccelMgrImplTest.java
@@ -22,6 +22,7 @@ import junit.framework.Test;
import junit.framework.TestCase;
import junit.framework.TestSuite;
+import org.openldap.fortress.util.attr.VUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -190,6 +191,15 @@ public class AccelMgrImplTest extends TestCase
{
checkAccess( "CHCK-ACS TU3 TOB3 TOP3 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3,
PermTestData.OPS_TOP3, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 );
+
+ checkAccess( "CHCK-ACS TU3 TO3 TOP1 ", UserTestData.USERS_TU3, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3,
+ PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 );
+
+ checkAccess( "CHCK-ACS TU4 TO4 TOP1 ", UserTestData.USERS_TU4, PermTestData.OBJS_TOB2, PermTestData.OPS_TOP2,
+ PermTestData.OBJS_TOB2, PermTestData.OPS_TOP1 );
+
+ checkAccess( "CHCK-ACS TU1_UPD TO1 TOP1 ", UserTestData.USERS_TU1_UPD, PermTestData.OBJS_TOB1,
+ PermTestData.OPS_TOP1, PermTestData.OBJS_TOB3, PermTestData.OPS_TOP3 );
}
@@ -219,27 +229,37 @@ public class AccelMgrImplTest extends TestCase
int j = 0;
for ( String[] op : opArray )
{
- // Call checkAccess method
+ Permission goodPerm;
+ if( VUtil.isNotNullOrEmpty( PermTestData.getObjId( opArray[j] ) ) )
+ {
+ // with an objectId:
+ goodPerm = new Permission(
+ PermTestData.getName( obj ),
+ PermTestData.getName( op ),
+ PermTestData.getObjId( opArray[j] ) );
+ }
+ else
+ {
+ // without an objectId:
+ goodPerm = new Permission(
+ PermTestData.getName( obj ),
+ PermTestData.getName( op ) );
+ }
+
+ // Positive test case, call checkAccess method, should return 'true':
assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" +
PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]",
- accelMgr.checkAccess( session, new Permission( PermTestData.getName( obj ),
- PermTestData.getName( op ) ) ) );
- // TODO: add support for objectIds:
-/*
- assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
- + PermTestData.getName( obj ) + "] operationName [" + PermTestData.getName( op ) + "]",
- accelMgr.checkAccess(
- session,
- new Permission( PermTestData.getName( obj ), PermTestData.getName( op ), PermTestData
- .getObjId( opArray[j] ) ) ) );
-*/
- // Call checkAccess method (this should fail):
- assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" +
- PermTestData.getName( oArrayBad[i] ) + "] operationName [" + PermTestData.getName(
- opArrayBad[j] ) + "]", !accelMgr.checkAccess( session,
- new Permission( PermTestData.getName( oArrayBad[i] ), PermTestData.getName( opArrayBad[j]
- ), PermTestData.getObjId( opArrayBad[j] ) ) ) );
+ accelMgr.checkAccess( session, goodPerm ) );
+ Permission badPerm = new Permission(
+ PermTestData.getName( oArrayBad[i] ),
+ PermTestData.getName( opArrayBad[j]),
+ PermTestData.getObjId( opArrayBad[j] ) );
+
+ // Negative test case, call checkAccess method again, should return 'false':
+ assertFalse( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName [" +
+ PermTestData.getName( oArrayBad[i] ) + "] operationName [" + PermTestData.getName(
+ opArrayBad[j] ) + "]", accelMgr.checkAccess( session, badPerm ) );
j++;
}
i++;
[48/50] git commit: FC-151 - UnboundID SDK removal preparations
Posted by el...@apache.org.
FC-151 - UnboundID SDK removal preparations
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6bf332f7
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6bf332f7
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6bf332f7
Branch: refs/heads/master
Commit: 6bf332f7448f8b7b2f6f329bd43fba34afaef882
Parents: 9d516b8
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Oct 19 11:28:38 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Oct 19 11:28:38 2014 -0500
----------------------------------------------------------------------
build.xml | 4 ++--
ivy.xml | 4 ++--
.../org/openldap/fortress/GlobalErrIds.java | 4 ++++
.../openldap/fortress/SecurityException.java | 17 ++++++++-------
.../fortress/ldap/ApacheDsDataProvider.java | 16 ++++++++++++++
.../fortress/rbac/dao/apache/PermDAO.java | 8 ++++++-
.../fortress/rbac/dao/apache/UserDAO.java | 5 +++++
.../fortress/rbac/dao/unboundid/PermDAO.java | 9 +++++++-
.../fortress/rbac/AccessMgrImplTest.java | 22 ++++++++++++++------
.../fortress/rbac/DelegatedMgrImplTest.java | 22 ++++++++++++++------
10 files changed, 85 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 6a6f615..cc46a94 100644
--- a/build.xml
+++ b/build.xml
@@ -168,8 +168,8 @@
<property name="slf4j-log4j.jar" value="${lib.dir}/slf4j-log4j12-1.7.5.jar"/>
<property name="apacheJMeter_core.jar" value="${lib.dir}/ApacheJMeter_core-2.11.jar"/>
<property name="apacheJMeter_java.jar" value="${lib.dir}/ApacheJMeter_java-2.11.jar"/>
- <property name="apacheds-all.jar" value="${lib.dir}/apacheds-all-2.0.0-M16.jar"/>
- <property name="apacheds-api-all.jar" value="${lib.dir}/api-all-1.0.0-M22.jar"/>
+ <property name="apacheds-all.jar" value="${lib.dir}/apacheds-all-2.0.0-M17.jar"/>
+ <property name="apacheds-api-all.jar" value="${lib.dir}/api-all-1.0.0-M24.jar"/>
<property name="mina-core.jar" value="${lib.dir}/mina-core-2.0.7.jar"/>
<property name="opencsv.jar" value="${lib.dir}/opencsv-2.3.jar"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 888149c..1713d75 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -44,8 +44,8 @@
<dependency org="org.slf4j" name="slf4j-api" rev="1.7.5" conf="default->master"/>
<dependency org="org.slf4j" name="slf4j-log4j12" rev="1.7.5" conf="default->master"/>
<dependency org="org.slf4j" name="slf4j-jcl" rev="1.7.5" conf="default->master"/>
- <dependency org="org.apache.directory.api" name="api-all" rev="1.0.0-M22" conf="default->master"/>
- <dependency org="org.apache.directory.server" name="apacheds-all" rev="2.0.0-M16" conf="default->master"/>
+ <dependency org="org.apache.directory.api" name="api-all" rev="1.0.0-M24" conf="default->master"/>
+ <dependency org="org.apache.directory.server" name="apacheds-all" rev="2.0.0-M17" conf="default->master"/>
<dependency org="net.sf.opencsv" name="opencsv" rev="2.3" conf="default->master" />
<dependency org="org.apache.jmeter" name="ApacheJMeter_core" rev="2.11" conf="default->master" />
<dependency org="org.apache.jmeter" name="ApacheJMeter_java" rev="2.11" conf="default->master" />
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/GlobalErrIds.java b/src/main/java/org/openldap/fortress/GlobalErrIds.java
index 4454d44..03d3055 100755
--- a/src/main/java/org/openldap/fortress/GlobalErrIds.java
+++ b/src/main/java/org/openldap/fortress/GlobalErrIds.java
@@ -614,6 +614,10 @@ public class GlobalErrIds
* The supplied Permission operation could not be read due to server failure.
*/
public final static int PERM_COMPARE_OP_FAILED = 3028;
+ /**
+ * The supplied Permission does not exist in LDAP DIT.
+ */
+ public final static int PERM_NOT_EXIST = 3029;
/**
* 4000's - Password Policy Entity
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/SecurityException.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/SecurityException.java b/src/main/java/org/openldap/fortress/SecurityException.java
index e9338a4..80c467a 100755
--- a/src/main/java/org/openldap/fortress/SecurityException.java
+++ b/src/main/java/org/openldap/fortress/SecurityException.java
@@ -181,6 +181,7 @@ package org.openldap.fortress;
* <li> <code>{@link GlobalErrIds#PERM_OPERATION_NM_NULL} = 3026;</code>
* <li> <code>{@link GlobalErrIds#PERM_OBJECT_NM_NULL} = 3027;</code>
* <li> <code>{@link GlobalErrIds#PERM_COMPARE_OP_FAILED} = 3028;</code>
+ * <li> <code>{@link GlobalErrIds#PERM_NOT_EXIST} = 3029;</code>
* </ul>
* <h3>
* <p/>4000's - Password Policy Entity
@@ -416,26 +417,26 @@ package org.openldap.fortress;
* <li> <code>{@link GlobalErrIds#ACEL_DELETE_SESSION_ERR} = 10202;</code>
* <li> <code>{@link GlobalErrIds#ACEL_CHECK_ACCESS_ERR} = 10203;</code>
* <li> <code>{@link GlobalErrIds#ACEL_ADD_ROLE_ERR} = 10204;</code>
- * <li> <code>{@link GlobalErrIds#ACEL_DROP_ROLE_ERR} = 10205;</code>*
+ * <li> <code>{@link GlobalErrIds#ACEL_DROP_ROLE_ERR} = 10205;</code>
* </ul>
* <h3>
* <p/>10300's - LDAP Group operation Error Ids
* </h3>
* <ul>
* <li> <code>{@link GlobalErrIds#GROUP_SEARCH_FAILED} = 10300;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_READ_FAILED} = 10301;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_READ_FAILED} = 10301;</code>
* <li> <code>{@link GlobalErrIds#GROUP_ADD_FAILED} = 10302;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_UPDATE_FAILED} = 10303;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_UPDATE_FAILED} = 10303;</code>
* <li> <code>{@link GlobalErrIds#GROUP_DELETE_FAILED} = 10304;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_ADD_PROPERTY_FAILED} = 10305;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_ADD_PROPERTY_FAILED} = 10305;</code>
* <li> <code>{@link GlobalErrIds#GROUP_DELETE_PROPERTY_FAILED} = 10306;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_NOT_FOUND} = 10307;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_NOT_FOUND} = 10307;</code>
* <li> <code>{@link GlobalErrIds#GROUP_NULL} = 10308;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_USER_ASSIGN_FAILED} = 10309;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_USER_ASSIGN_FAILED} = 10309;</code>
* <li> <code>{@link GlobalErrIds#GROUP_USER_DEASSIGN_FAILED} = 10310;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_NAME_NULL} = 10311;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_NAME_NULL} = 10311;</code>
* <li> <code>{@link GlobalErrIds#GROUP_NAME_INVLD} = 10312;</code>
- * <li> <code>{@link GlobalErrIds#GROUP_PROTOCOL_INVLD} = 10313;</code> *
+ * <li> <code>{@link GlobalErrIds#GROUP_PROTOCOL_INVLD} = 10313;</code>
* </ul>
* <p/>
*
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
index 8594f69..1400370 100644
--- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
@@ -911,6 +911,22 @@ public abstract class ApacheDsDataProvider
/**
+ * Given an ldap attribute name and a list of attribute values, construct an ldap attribute set to be added to directory.
+ *
+ * @param list list of type string containing attribute values to load into attribute set.
+ * @param entry contains ldap attribute set targeted for adding.
+ * @param attrName name of ldap attribute being added.
+ */
+ protected void loadAttrs( List<String> list, Entry entry, String attrName ) throws LdapException
+ {
+ if ( list != null && list.size() > 0 )
+ {
+ entry.add( attrName, list.toArray( new String[] {} ) );
+ }
+ }
+
+
+ /**
* Given an ldap attribute name and a list of attribute values, construct an ldap modification set to be updated
* in directory.
*
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
index a2a1261..3396cff 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/PermDAO.java
@@ -816,7 +816,7 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
* record storage on ldap server but can be disabled.
*
* @param session contains {@link Session#getUserId()}, for rbac check {@link org.openldap.fortress.rbac.Session#getRoles()}, for arbac check: {@link org.openldap.fortress.rbac.Session#getAdminRoles()}.
- * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional.
+ * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objId} is optional.
* @return boolean containing result of check.
* @throws org.openldap.fortress.FinderException
* In the event system error occurs looking up data on ldap server.
@@ -836,6 +836,12 @@ public final class PermDAO extends ApacheDsDataProvider implements org.openldap.
// LDAP Operation #1: Read the targeted permission from ldap server
//LDAPEntry entry = read(ld, dn, PERMISSION_OP_ATRS, session.getUser().getDn());
Entry entry = read( ld, dn, PERMISSION_OP_ATRS );
+ if(entry == null)
+ {
+ // if permission not found, cannot continue.
+ String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]";
+ throw new FinderException( GlobalErrIds.PERM_NOT_EXIST, error );
+ }
// load the permission entity with data retrieved from the permission node:
Permission outPerm = unloadPopLdapEntry( entry, 0, inPerm.isAdmin() );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
index bc892fa..cf6e233 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
@@ -383,12 +383,17 @@ public final class UserDAO extends ApacheDsDataProvider implements org.openldap.
// These are multi-valued attributes, use the util function to load:
// These items are optional. The utility function will return quietly if no items are loaded into collection:
+ loadAttrs( entity.getPhones(), myEntry, TELEPHONE_NUMBER );
+ loadAttrs( entity.getMobiles(), myEntry, MOBILE );
+ loadAttrs( entity.getEmails(), myEntry, MAIL );
+/*
myEntry.add( TELEPHONE_NUMBER, entity.getPhones().toArray( new String[]
{} ) );
myEntry.add( MOBILE, entity.getMobiles().toArray( new String[]
{} ) );
myEntry.add( MAIL, entity.getEmails().toArray( new String[]
{} ) );
+*/
// The following attributes are optional:
if ( VUtil.isNotNullOrEmpty( entity.isSystem() ) )
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
index 2395d10..e39ac4f 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
@@ -782,7 +782,7 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
* record storage on ldap server but can be disabled.
*
* @param session contains {@link Session#getUserId()}, for rbac check {@link org.openldap.fortress.rbac.Session#getRoles()}, for arbac check: {@link org.openldap.fortress.rbac.Session#getAdminRoles()}.
- * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objectId} is optional.
+ * @param inPerm must contain required attributes {@link Permission#objName} and {@link Permission#opName}. {@link Permission#objId} is optional.
* @return boolean containing result of check.
* @throws org.openldap.fortress.FinderException
* In the event system error occurs looking up data on ldap server.
@@ -800,6 +800,13 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
ld = getAdminConnection();
// LDAP Operation #1: Read the targeted permission from ldap server
LDAPEntry entry = read( ld, dn, PERMISSION_OP_ATRS );
+ if(entry == null)
+ {
+ // if permission not found, cannot continue.
+ String error = "checkPermission DOES NOT EXIST : obj name [" + inPerm.getObjName() + "], obj id [" + inPerm.getObjId() + "], op name [" + inPerm.getOpName() + "], idAdmin [" + inPerm.isAdmin() + "]";
+ throw new FinderException( GlobalErrIds.PERM_NOT_EXIST, error );
+ }
+
// load the permission entity with data retrieved from the permission node:
Permission outPerm = unloadPopLdapEntry( entry, 0, inPerm.isAdmin() );
// The admin flag will be set to 'true' if this is an administrative permission:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
index cbddd3f..721ae08 100755
--- a/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
+++ b/src/test/java/org/openldap/fortress/rbac/AccessMgrImplTest.java
@@ -744,13 +744,23 @@ public class AccessMgrImplTest extends TestCase
.getObjId( opArray[j] ) ) ) );
// Call checkAccess method (this should fail):
- assertTrue(
- CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ try
+ {
+ boolean result = accessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
+ PermTestData.getName( opArrayBad[j] ), PermTestData.getObjId( opArrayBad[j] ) ) );
+ assertTrue(
+ CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ + PermTestData.getName( oArrayBad[i] ) + "] operationName ["
+ + PermTestData.getName( opArrayBad[j] ) + "]",
+ !result );
+ }
+ catch (SecurityException se)
+ {
+ // The expected condition is security exception perm not exist:
+ assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ PermTestData.getName( oArrayBad[i] ) + "] operationName ["
- + PermTestData.getName( opArrayBad[j] ) + "]",
- !accessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
- PermTestData.getName( opArrayBad[j] ), PermTestData.getObjId( opArrayBad[j] ) ) ) );
-
+ + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST );
+ }
j++;
}
i++;
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6bf332f7/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java b/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
index 6e360aa..e72dfdb 100755
--- a/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
+++ b/src/test/java/org/openldap/fortress/rbac/DelegatedMgrImplTest.java
@@ -548,13 +548,23 @@ public class DelegatedMgrImplTest extends TestCase
for ( String[] op : opArrayBad )
{
// Call checkAccess method (this should fail):
- assertTrue(
- CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ try
+ {
+ boolean result = dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
+ PermTestData.getName( opArrayBad[j] ) ) );
+ assertTrue(
+ CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ + PermTestData.getName( oArrayBad[i] ) + "] operationName ["
+ + PermTestData.getName( opArrayBad[j] ) + "]",
+ !result );
+ }
+ catch (SecurityException se)
+ {
+ // The expected condition is security exception perm not exist:
+ assertTrue( CLS_NM + ".checkAccess failed userId [" + user.getUserId() + "] Perm objName ["
+ PermTestData.getName( oArrayBad[i] ) + "] operationName ["
- + PermTestData.getName( opArrayBad[j] ) + "]",
- !dAccessMgr.checkAccess( session, new Permission( PermTestData.getName( oArrayBad[i] ),
- PermTestData.getName( opArrayBad[j] ) ) ) );
-
+ + PermTestData.getName( opArrayBad[j] ) + "], negative use case, incorrect exception id=" + se.getErrorId(), se.getErrorId() == GlobalErrIds.PERM_NOT_EXIST );
+ }
j++;
}
i++;
[25/50] git commit: Added instructions to README to setup default and
audit DB's in slapd.conf
Posted by el...@apache.org.
Added instructions to README to setup default and audit DB's in slapd.conf
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/be57c850
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/be57c850
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/be57c850
Branch: refs/heads/master
Commit: be57c850940f757d6293adc5873105324e0b5efc
Parents: 0a58abe
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jul 3 09:09:48 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jul 3 09:09:48 2014 -0500
----------------------------------------------------------------------
README.txt | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++-----
1 file changed, 62 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/be57c850/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index f687a8d..b47aef8 100755
--- a/README.txt
+++ b/README.txt
@@ -227,10 +227,12 @@ a. Install OpenLDAP using your existing package management system.
+ etc.
+
b. Copy fortress schema to openldap schema folder:
cp FORTRESS_HOME/ldap/schema/fortress.schema OPENLDAP_HOME/etc/openldap/schema
+
c. Enable Fortress schema in slapd.conf:
include OPENLDAP_HOME/etc/openldap/schema/fortress.schema
@@ -238,15 +240,69 @@ include OPENLDAP_HOME/etc/openldap/schema/fortress.schema
note: for steps b & c above substitute FORTRESS_HOME for root of your Fortress installation.
note: for steps b above substitute OPENLDAP_HOME for root of your OPENLDAP installation.
+
d. For password policy support, enable pwpolicy overlay in slapd.conf:
moduleload ppolicy.la
-e. For Fortress audit support, enable slapoaccesslog in slapd.conf
+
+e. For Fortress audit support, enable slapoaccesslog in slapd.conf:
moduleload accesslog.la
-f. Gather the following information about your OpenLDAP instance:
+
+f. Add Fortress audit log settings to slapd.conf:
+
+# History DB Settings (optional, use only if fortress audit is needed)
+# note: the following settings may be tailored to your requirements:
+database mdb
+maxreaders 64
+maxsize 1000000000
+suffix "cn=log"
+rootdn "cn=Manager,cn=log"
+rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
+directory "/var/openldap/hist"
+access to *
+ by dn.base="cn=Manager,cn=log" write
+dbnosync
+checkpoint 64 5
+
+
+g. Add Fortress default DB settings to slapd.conf:
+
+# Default DB Settings
+# note: the following settings may be tailored to your requirements:
+database mdb
+maxreaders 64
+maxsize 1000000000
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+
+index uidNumber,gidNumber,objectclass eq
+index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
+index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq
+
+directory "/var/openldap/dflt"
+overlay accesslog
+logdb "cn=log"
+dbnosync
+checkpoint 64 5
+
+
+h. More Fortress audit log settings in slapd.conf:
+
+# Audit Log Settings (optional, use only if fortress audit is needed)
+# note: the following settings may be tailored to your requirements:
+logops bind writes compare
+logoldattr ftModifier ftModCode ftModId ftRC ftRA ftARC ftARA ftCstr ftId ftPermName ftObjNm ftOpNm ftObjId ftGroups ftRoles ftUsers ftType
+logpurge 5+00:00 1+00:00
+
+# Instructions to configure Fortress to work with your customized OpenLDAP instance
+
+
+i. Gather the following information about your OpenLDAP instance:
i. suffix
ii. host
@@ -257,7 +313,7 @@ vi. ldap user account that has read/write priv for access log DIT (log root work
vii. pw for above
-g. Example OpenLDAP instance:
+j. Example OpenLDAP instance:
i. dc=example, dc=com
ii. myhostname
@@ -269,7 +325,7 @@ vii. secret
h. Modify the build.properties file with settings
-i.
+k.
suffix.name=example
suffix.dc=com
@@ -286,13 +342,13 @@ vi. log.root.dn=cn=Manager,${log.suffix}
vii. secret
-i. Create the Fortress DIT:
+l. Create the Fortress DIT:
from the FORTRESS_HOME root folder, enter the following:
>$ANT_HOME/bin/ant load-slapd
-j. Proceed to SECTION 8 to regression test Fortress and OpenLDAP
+m. Skip to SECTION 8 to regression test Fortress and OpenLDAP
___________________________________________________________________________________
###################################################################################
[02/50] git commit: FC-129 - change setting build.xml for sentry
distribution
Posted by el...@apache.org.
FC-129 - change setting build.xml for sentry distribution
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/218ba45d
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/218ba45d
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/218ba45d
Branch: refs/heads/master
Commit: 218ba45d0fe83dcd3b3f8a3b8917d72af792c2a6
Parents: 76116bf
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed May 28 14:33:19 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed May 28 14:33:19 2014 -0500
----------------------------------------------------------------------
build.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/218ba45d/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 2067550..86ca1a7 100644
--- a/build.xml
+++ b/build.xml
@@ -106,7 +106,7 @@
<!-- ########### Sentry manage & config properties ########################### -->
<property name="sentry" value="sentry"/>
<property name="sentry.dir" value="${basedir}/${sentry}-${version}"/>
- <property name="sentry.zip" value="${lib.dir}/${sentry}-${version}-dist.jar"/>
+ <property name="sentry.zip" value="${lib.dir}/${sentry}-${version}.jar"/>
<!-- ########### EnMasse manage & config properties ########################### -->
<property name="enmasse" value="enmasse"/>
[50/50] git commit: FC-151 - UnboundID SDK removal preparations -
cleanup
Posted by el...@apache.org.
FC-151 - UnboundID SDK removal preparations - cleanup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/b59b4541
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/b59b4541
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/b59b4541
Branch: refs/heads/master
Commit: b59b454158c6a86979574cda3539660ed55c88ed
Parents: 39ac279
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Oct 20 14:15:57 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Oct 20 14:15:57 2014 -0500
----------------------------------------------------------------------
.../openldap/fortress/ldap/ApacheDsDataProvider.java | 14 --------------
1 file changed, 14 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/b59b4541/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
index aee62b4..f9d235e 100644
--- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
@@ -118,20 +118,6 @@ public abstract class ApacheDsDataProvider
private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG ) != null ) && ( Config
.getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
- static
- {
- if(IS_SET_TRUST_STORE_PROP)
- {
- LOG.info( "Set JSSE truststore properties:");
- LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
- LOG.info( "javax.net.debug: " + new Boolean( IS_SSL_DEBUG ).toString());
- System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
- System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
- System.setProperty( "javax.net.debug", new Boolean( IS_SSL_DEBUG ).toString() );
- }
- }
-
-
/**
* The Admin connection pool
*/
[11/50] git commit: More changes to the README.txt
Posted by el...@apache.org.
More changes to the README.txt
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/683d5d34
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/683d5d34
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/683d5d34
Branch: refs/heads/master
Commit: 683d5d34361e12ac160d28981cba7d3500b17fe8
Parents: c76cc3a
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Jun 25 16:55:53 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Jun 25 16:55:53 2014 -0500
----------------------------------------------------------------------
README.txt | 24 ++++++++++++++++--------
1 file changed, 16 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/683d5d34/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 26378b6..7cbc8e9 100755
--- a/README.txt
+++ b/README.txt
@@ -17,22 +17,30 @@ README for Fortress Identity and Access Management SDK
Version 1.0.0.RC37
last updated: June 25, 2014
-This document contains instructions to download, compile, test and use the
-Fortress Identity and Access Management system.___________________________________________________________________________________
+This document provides instructions to download, compile, test and use the
+Fortress IAM with OpenLDAP server. If you don't already have OpenLDAP installed,
+instructions contained within may be followed.
+___________________________________________________________________________________
###################################################################################
-# SECTION 0: Prerequisites
+# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
###################################################################################
1. Internet access to retrieve source code from OpenLDAP GIT and binary dependencies from online Maven repo.
-NOTE: The Fortress build.xml may run without connection to Internet iff:
-- The Fortress source modules have been downloaded
-- The binary dependencies are already present in FORTRESS_HOME/lib folder
-- Local mode has been enabled on target machine. Local mode can be enabled by adding this property to build.properties:
+Fortress uses Apache Ant for installation and management of its operations. Ordinarily the target environment
+would have access to the Internet to pull down its dependencies from Maven but may run without outside connection iff:
+
+a. The binary dependencies are already present in FORTRESS_HOME/lib folder. For list of dependencies goto ivy.xml file.
+b. Local mode has been enabled on target machine. This can be done by adding the following entry to your build.properties file:
+
local.mode=true
2. Java SDK Version 7 or beyond installed to target environment
3. Apache Ant 1.8 or beyond installed to target environment
-4. OpenLDAP installed to target system. (options follow in section 1)
+4. OpenLDAP installed to target system. (options follow in section 1).
+
+Note: Fortress SDK is LDAPv3 compliant and works with other directory servers, especially ApacheDS:
+README-QUICKSTART-APACHEDS.html.
+
5. GIT installed to target environment. (Fortress developers only)
___________________________________________________________________________________
###################################################################################
[21/50] git commit: change to OPL
Posted by el...@apache.org.
change to OPL
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/12392c98
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/12392c98
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/12392c98
Branch: refs/heads/master
Commit: 12392c9843a98f75baf6c720f905e30531fafdfd
Parents: 98353f8
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Jul 2 13:51:56 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Jul 2 13:51:56 2014 -0500
----------------------------------------------------------------------
src/main/java/org/openldap/fortress/overview.html | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/12392c98/src/main/java/org/openldap/fortress/overview.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/overview.html b/src/main/java/org/openldap/fortress/overview.html
index d0f1611..4536cad 100755
--- a/src/main/java/org/openldap/fortress/overview.html
+++ b/src/main/java/org/openldap/fortress/overview.html
@@ -39,12 +39,12 @@
<h2>What technologies are used?</h2>
<p>
Fortress SDK runs on any platform that supports Java technology and LDAP v3 protocols. Functionality that extends beyond
- LDAP v3 is provided via <a href="http://openldap.org/">OpenLDAP</a> specific features. In other words Fortress was optimized to run on OpenLDAP.
+ LDAP v3 is provided via <a href="http://openldap.org/">OpenLDAP</a> specific features. In other words Fortress was optimized to run on OpenLDAP but will work on any directory.
</p>
<hr>
<h2>What are the conditions of use?</h2>
<p>
- This software development kit is open source, thus free to use and distribute via the <a href="http://www.opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</a>.
+ This software development kit is open source, thus free to use and distribute via the <a href="http://www.OpenLDAP.org/license.html">OpenLDAP Public License</a>.
It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and was helped along
by the following open source products:
<ol>
[08/50] git commit: trivial change to project description
Posted by el...@apache.org.
trivial change to project description
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9909be5a
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9909be5a
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9909be5a
Branch: refs/heads/master
Commit: 9909be5a90473cb399c95e5a0a41be44ba5b3882
Parents: 4d036ba
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 23 16:19:25 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 23 16:19:25 2014 -0500
----------------------------------------------------------------------
src/main/java/org/openldap/fortress/overview.html | 2 +-
src/test/java/org/openldap/fortress/samples/overview.html | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9909be5a/src/main/java/org/openldap/fortress/overview.html
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/overview.html b/src/main/java/org/openldap/fortress/overview.html
index 78962cc..d0f1611 100755
--- a/src/main/java/org/openldap/fortress/overview.html
+++ b/src/main/java/org/openldap/fortress/overview.html
@@ -44,7 +44,7 @@
<hr>
<h2>What are the conditions of use?</h2>
<p>
- This software development toolkit is open source, thus free to use and distribute via the <a href="http://www.opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</a>.
+ This software development kit is open source, thus free to use and distribute via the <a href="http://www.opensource.org/licenses/BSD-3-Clause">BSD 3-Clause License</a>.
It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and was helped along
by the following open source products:
<ol>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9909be5a/src/test/java/org/openldap/fortress/samples/overview.html
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/samples/overview.html b/src/test/java/org/openldap/fortress/samples/overview.html
index b793f98..b96fb1d 100755
--- a/src/test/java/org/openldap/fortress/samples/overview.html
+++ b/src/test/java/org/openldap/fortress/samples/overview.html
@@ -57,7 +57,7 @@
</p>
<h2>What are the conditions of use?</h2>
<p>
- This software development toolkit is open source, thus free to use and distribute via the <a href="http://en.wikipedia.org/wiki/BSD_licenses">New BSD License</a>.
+ This software development kit is open source, thus free to use and distribute via the <a href="http://en.wikipedia.org/wiki/BSD_licenses">New BSD License</a>.
It was developed and tested on open systems like <a href="http://www.ubuntu.com/">Ubuntu</a> and <a href="http://www.centos.org/">Centos</a> and and was helped along
by open source contributions from the following:
<ol>
[09/50] git commit: minor code cleanup
Posted by el...@apache.org.
minor code cleanup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/76865358
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/76865358
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/76865358
Branch: refs/heads/master
Commit: 7686535802f0f1349e6e25d5e766f1a855ddc22f
Parents: 9909be5
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 23 16:20:07 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 23 16:20:07 2014 -0500
----------------------------------------------------------------------
.../org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/76865358/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index 79bc82c..b4a8c98 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -76,9 +76,8 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
ld.setTimeOut( 0 );
// Create a new RBAC session
RbacCreateSessionRequest rbacCreateSessionRequest = new RbacCreateSessionRequestImpl();
- //rbacCreateSessionRequest.setSessionId( "foofighters" );
- rbacCreateSessionRequest.setTenantId( "jts" );
- //rbacCreateSessionRequest.setTenantId( user.getContextId() );
+ //rbacCreateSessionRequest.setTenantId( "jts" );
+ rbacCreateSessionRequest.setTenantId( user.getContextId() );
rbacCreateSessionRequest.setUserIdentity( user.getUserId() );
rbacCreateSessionRequest.setPassword( new String(user.getPassword()) );
if( VUtil.isNotNullOrEmpty( user.getRoles() ))
[07/50] git commit: remove redundant pathelement location statement
Posted by el...@apache.org.
remove redundant pathelement location statement
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/4d036ba3
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/4d036ba3
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/4d036ba3
Branch: refs/heads/master
Commit: 4d036ba33ddb6cedaed7b1491233ff0aab9c6374
Parents: 8effa67
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 23 16:18:21 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 23 16:18:21 2014 -0500
----------------------------------------------------------------------
build.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4d036ba3/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 84be0cd..2439ba3 100644
--- a/build.xml
+++ b/build.xml
@@ -228,7 +228,7 @@
<pathelement location="${images.dir}"/>
<pathelement location="${accelerator-api.jar}"/>
<pathelement location="${accelerator-impl.jar}"/>
- <pathelement location="${apacheds-api-all.jar}"/>
+<!-- <pathelement location="${apacheds-api-all.jar}"/>-->
<pathelement location="${mina-core.jar}"/>
<pathelement location="${opencsv.jar}"/>
<pathelement location="${apacheJMeter_core.jar}"/>
[34/50] git commit: add sample ldap group load file
Posted by el...@apache.org.
add sample ldap group load file
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/38f45b8e
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/38f45b8e
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/38f45b8e
Branch: refs/heads/master
Commit: 38f45b8e29bf5b3934c0a0f1a940b1f2f015447f
Parents: 18b3a26
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Jul 19 11:27:33 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Jul 19 11:27:33 2014 -0500
----------------------------------------------------------------------
ldap/setup/LdapGroupSetup.xml | 66 ++++++++++++++++++++++++++++++++++++++
1 file changed, 66 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/38f45b8e/ldap/setup/LdapGroupSetup.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/LdapGroupSetup.xml b/ldap/setup/LdapGroupSetup.xml
new file mode 100644
index 0000000..84b9606
--- /dev/null
+++ b/ldap/setup/LdapGroupSetup.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ ~
+ ~ Copyright 1998-2014 The OpenLDAP Foundation.
+ ~ All rights reserved.
+ ~
+ ~ Redistribution and use in source and binary forms, with or without
+ ~ modification, are permitted only as authorized by the OpenLDAP
+ ~ Public License.
+ ~
+ ~ A copy of this license is available in the file LICENSE in the
+ ~ top-level directory of the distribution or, alternatively, at
+ ~ <http://www.OpenLDAP.org/license.html>.
+ -->
+<project basedir="." default="all" name="Fortress LDAP Group Test 002 Data">
+ <taskdef classname="org.openldap.fortress.ant.FortressAntTask" name="FortressAdmin" >
+ <classpath path="${java.class.path}"/>
+ </taskdef>
+
+ <target name="all">
+ <FortressAdmin>
+
+ <adduser>
+ <user userId="groupuser1" password="password" description="Ldap Group Test User 1" cn="group user1" sn="user1" ou="grptest1" />
+ <user userId="groupuser2" password="password" description="Ldap Group Test User 2" cn="group user1" sn="user2" ou="grptest1" />
+ <user userId="groupuser3" password="password" description="Ldap Group Test User 3" cn="group user1" sn="user3" ou="grptest1" />
+ <user userId="groupuser4" password="password" description="Ldap Group Test User 4" cn="group user1" sn="user4" ou="grptest1" />
+ <user userId="groupuser5" password="password" description="Ldap Group Test User 5" cn="group user1" sn="user5" ou="grptest1" />
+ </adduser>
+
+ <deluser>
+ <user userId="groupuser1"/>
+ <user userId="groupuser2"/>
+ <user userId="groupuser3"/>
+ <user userId="groupuser4"/>
+ <user userId="groupuser5"/>
+ </deluser>
+
+ <addgroup>
+ <group name="test-group-1" protocol="ssh" properties="hostname=host1, port=22, username=tgadmin1, password=secret" members="groupuser1,groupuser2,groupuser3,groupuser4,groupuser5" description="Ldap Test Group 1 Configuration" />
+ <group name="test-group-2" protocol="ssh" properties="hostname=host2, port=22, username=tgadmin2, password=secret" members="groupuser1,groupuser2,groupuser3,groupuser4" description="Ldap Test Group 2 Configuration" />
+ <group name="test-group-3" protocol="ssh" properties="hostname=host3, port=22, username=tgadmin3, password=secret" members="groupuser1,groupuser2,groupuser3" description="Ldap Test Group 3 Configuration" />
+ <group name="test-group-4" protocol="ssh" properties="hostname=host4, port=22, username=tgadmin4, password=secret" members="groupuser1,groupuser2" description="Ldap Test Group 4 Configuration" />
+ <group name="test-group-5" protocol="ssh" properties="hostname=host5, port=22, username=tgadmin5, password=secret" members="groupuser1" description="Ldap Test Group 5 Configuration" />
+ </addgroup>
+
+ <delgroup>
+ <group name="test-group-1" />
+ <group name="test-group-2" />
+ <group name="test-group-3" />
+ <group name="test-group-4" />
+ <group name="test-group-5" />
+ </delgroup>
+
+ <addorgunit>
+ <orgunit name="grptest1" typeName="USER" description="Ldap Group Test Users"/>
+ </addorgunit>
+
+ <delorgunit>
+ <orgunit name="grptest1" typeName="USER"/>
+ </delorgunit>
+
+ </FortressAdmin>
+ </target>
+</project>
\ No newline at end of file
[24/50] git commit: More updates to README
Posted by el...@apache.org.
More updates to README
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/0a58abe3
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/0a58abe3
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/0a58abe3
Branch: refs/heads/master
Commit: 0a58abe3f2a2fb7f16a6273871602bc93edcbbb7
Parents: fe0da5f
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jul 3 08:30:25 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jul 3 08:30:25 2014 -0500
----------------------------------------------------------------------
README.txt | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/0a58abe3/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 71c5503..f687a8d 100755
--- a/README.txt
+++ b/README.txt
@@ -229,13 +229,14 @@ a. Install OpenLDAP using your existing package management system.
b. Copy fortress schema to openldap schema folder:
-cp FORTRESS_HOME/ldap/schema/fortress.schema $OPENLDAP_HOME/etc/openldap/schema
+cp FORTRESS_HOME/ldap/schema/fortress.schema OPENLDAP_HOME/etc/openldap/schema
c. Enable Fortress schema in slapd.conf:
-include FORTRESS_HOME/etc/openldap/schema/fortress.schema
+include OPENLDAP_HOME/etc/openldap/schema/fortress.schema
-note: for steps b & c above substitute FORTRESS_HOME for root of your OpenLDAP installation.
+note: for steps b & c above substitute FORTRESS_HOME for root of your Fortress installation.
+note: for steps b above substitute OPENLDAP_HOME for root of your OPENLDAP installation.
d. For password policy support, enable pwpolicy overlay in slapd.conf:
[10/50] git commit: Update README.txt steps
Posted by el...@apache.org.
Update README.txt steps
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/c76cc3ad
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/c76cc3ad
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/c76cc3ad
Branch: refs/heads/master
Commit: c76cc3adacb0eaddae1e223f1b89d846f5b7d9f0
Parents: 7686535
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Jun 25 16:44:31 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Jun 25 16:44:31 2014 -0500
----------------------------------------------------------------------
README.txt | 45 +++++++++++++++------------------------------
1 file changed, 15 insertions(+), 30 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/c76cc3ad/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index a72afa4..26378b6 100755
--- a/README.txt
+++ b/README.txt
@@ -14,13 +14,11 @@
___________________________________________________________________________________
###################################################################################
README for Fortress Identity and Access Management SDK
-Version 1.0.0.RC36
-last updated: April 27, 2014
+Version 1.0.0.RC37
+last updated: June 25, 2014
This document contains instructions to download, compile, test and use the
-Fortress Identity and Access Management system.
-Fortress is released under BSD open source license as specified within this package.
-___________________________________________________________________________________
+Fortress Identity and Access Management system.___________________________________________________________________________________
###################################################################################
# SECTION 0: Prerequisites
###################################################################################
@@ -36,7 +34,6 @@ local.mode=true
3. Apache Ant 1.8 or beyond installed to target environment
4. OpenLDAP installed to target system. (options follow in section 1)
5. GIT installed to target environment. (Fortress developers only)
-
___________________________________________________________________________________
###################################################################################
# SECTION 1: Options for installing OpenLDAP to target server environment
@@ -45,13 +42,13 @@ ________________________________________________________________________________
This document includes three options for installing OpenLDAP server:
-------------------------------------------------------------------------------
-- INSTALL OPTION 1 - JOSHUATREE SOFTWARE Fortress Quickstart installation packages for OpenLDAP server
+- INSTALL OPTION 1 - Fortress QUICKSTART installation packages for OpenLDAP server
-------------------------------------------------------------------------------
- Required Sections to follow:
2, 3, 4
-------------------------------------------------------------------------------
-- INSTALL OPTION 2 - TARGET system package management system for OpenLDAP server
+- INSTALL OPTION 2 - TARGET operating system's OpenLDAP server
-------------------------------------------------------------------------------
- Required Sections to follow:
2, 3, 5, 6
@@ -61,7 +58,6 @@ This document includes three options for installing OpenLDAP server:
-------------------------------------------------------------------------------
- Required Sections to follow:
2, 3, 5, 7
-
___________________________________________________________________________________
###################################################################################
# SECTION 2. Instructions to pull Fortress source code from OpenLDAP GIT
@@ -110,36 +106,26 @@ a. from the FORTRESS_HOME root folder, enter the following:
- All project artifacts are loaded into $FORTRESS_HOME/openldap-fortress-core/dist location.
___________________________________________________________________________________
###################################################################################
-# SECTION 4. Instructions for JOSHUATREE BUILDER installation of OpenLDAP
+# SECTION 4. Instructions for FORTRESS QUICKSTART builder installation of OpenLDAP
###################################################################################
-a. Go to https://joshuatreesoftware.us/jtspages/download.php
-
-b. Register, pull down the Fortress Builder package to match your target platform.
-
-c. Follow the README-QUICKSTART.txt or more involved README-INSTALL-FORTRESS.txt contained within the Builder package.
+a. Go to http://iamfortress.org/download
-d. Execute the 'init-slapd' and 'init-config' targets in Fortress Builder.
+b. Pull down the Fortress Builder package to match your target platform.
-e. Add a property to build.properties in this package that points back to where Fortress Builder package resides.
+c. Follow the steps I, II & III contained within README-QUICKSTART.html, or README-QUICKSTART-WINDOWS.html documents.
-Edit $FORTRESS_HOME/openldap-fortress-core/build.properties and add the following directive:
-
-builder.home=/path to $FORTRESS_BUILDER_HOME/fortressBuilder-[platform]-[version]
-
-e.g.:
-
-builder.home=/home/user/dev/fortressBuilder-Debian-Silver-i386-1.0.0
+d. Proceed to SECTION 8 in this document for integration testing Fortress & OpenLDAP on your target platform.
___________________________________________________________________________________
###################################################################################
# SECTION 5. Instructions to configure openldap-fortress-core SDK for target system
###################################################################################
-- This must be done when OpenLDAP is not installed with Fortress Builder.
+- This must be done when OpenLDAP is not installed with the Fortress QUICKSTART package.
- The 'init-config' ant target on this project will substitute parameters found in 'build.properties' into their proper location.
-- For newcomers just trying to learn the ropes the defaults usually work, especially if you are using the fortress-builder package to install OpenLDAP.
+- For newcomers just trying to learn the ropes the defaults usually work.
- unless you know what you are doing, never change ant substitution parameters within the properties. These are are anything inside and including '${}'. i.e. ${param1}.
@@ -424,16 +410,15 @@ It is currently set to "/usr/lib/jvm/java-6-openjdk/jre"
If running sudo:
- Option 1:
-sudo apt-get install openjdk-6-jdk
+sudo apt-get install openjdk-7-jdk
- Option 2:
add this to build.xml javac task:
- executable="/opt/jdk1.6.0_27/bin/javac"
- compiler="javac1.6"
+ executable="/opt/jdk1.7.0_27/bin/javac"
+ compiler="javac1.7"
fork = "true"
-
___________________________________________________________________________________
###################################################################################
# SECTION 14. Instructions to enable Apache Ivy dependency management
[44/50] git commit: FC-146 - RC39 Release
Posted by el...@apache.org.
FC-146 - RC39 Release
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/e8aad1d6
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/e8aad1d6
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/e8aad1d6
Branch: refs/heads/master
Commit: e8aad1d6470f6eb764b4ab7115ad5af64bc8aa1a
Parents: 6d6d195
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Aug 9 22:01:03 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Aug 9 22:01:03 2014 -0500
----------------------------------------------------------------------
build.properties | 7 +++----
ivy.xml | 6 ++++--
pom.xml | 2 +-
3 files changed, 8 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e8aad1d6/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index f9bb753..34ec983 100644
--- a/build.properties
+++ b/build.properties
@@ -27,7 +27,7 @@
########################################################################
# Use this Fortress Core version:
-version=1.0-RC38
+version=1.0-RC39
# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true
@@ -74,9 +74,9 @@ ldap.uris=ldap://${ldap.host}:${ldap.port}
#ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}
#enable.ldap.ssl=true
#enable.ldap.ssl.debug=true
-#key.store=/home/myuser/fortress/builder/src/test/resources/certs/mykeystore
+#key.store=/home/smckinn/fortress/builder/src/test/resources/certs/mykeystore
#key.store.password=changeit
-#trust.store=/home/myuser/fortress/builder/src/test/resources/certs/mytruststore
+#trust.store=/home/smckinn/fortress/builder/src/test/resources/certs/mytruststore
#trust.store.password=changeit
#trust.store.set.prop=true
@@ -200,7 +200,6 @@ dflt.checkpoint=checkpoint 64 5
###########################################################################################
slapd.start=${openldap.root}/etc/solserver start
-slapd.stop=${openldap.root}/etc/solserver stop
## If using Symas OpenLDAP, uncomment single option from #1 - 8 below:
# Each of the options are used for a particular Symas-OpenLDAP platform.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e8aad1d6/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 863f4c8..0ee65e4 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -51,15 +51,16 @@
<dependency org="org.apache.jmeter" name="ApacheJMeter_java" rev="2.11" conf="default->master" />
<!-- Fortress core source IS dependent org.openldap accelerator: -->
- <dependency org="org.openldap" name="accelerator-impl" rev="1.0-RC38" conf="default->master">
+ <dependency org="org.openldap" name="accelerator-impl" rev="1.0-RC39" conf="default->master">
<artifact name="accelerator-impl" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="accelerator-api" rev="1.0-RC38" conf="default->master">
+ <dependency org="org.openldap" name="accelerator-api" rev="1.0-RC39" conf="default->master">
<artifact name="accelerator-api" type="jar"/>
</dependency>
<!-- Fortress core source is NOT dependent on Sentry, EnMasse or Commander artifacts rather they're required for its QUICKSTART demo apps: -->
+<!--
<dependency org="org.openldap" name="sentry" rev="1.0-RC38" conf="default->master">
<artifact name="sentry" e:classifier="dist" type="jar"/>
</dependency>
@@ -69,6 +70,7 @@
<dependency org="org.openldap" name="commander" rev="1.0-RC38" conf="default->master">
<artifact name="commander" type="jar"/>
</dependency>
+-->
</dependencies>
</ivy-module>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e8aad1d6/pom.xml
----------------------------------------------------------------------
diff --git a/pom.xml b/pom.xml
index b1e1651..2e49adb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -18,7 +18,7 @@
<artifactId>fortress</artifactId>
<packaging>jar</packaging>
<name>Fortress Core</name>
- <version>1.0-RC38</version>
+ <version>1.0-RC39</version>
<description>Fortress is a standards-based Identity and Access Management SDK that implements ANSI RBAC INCITS 359.</description>
<url>http://www.openldap.org/fortress/</url>
[14/50] git commit: FC-136 - Add sessionRoles to AccelMgr
Posted by el...@apache.org.
FC-136 - Add sessionRoles to AccelMgr
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/01ef8075
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/01ef8075
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/01ef8075
Branch: refs/heads/master
Commit: 01ef8075dfe5f4766a433daf862c9b47625c8a8b
Parents: 9e3c800
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Jun 29 00:57:08 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Jun 29 00:57:08 2014 -0500
----------------------------------------------------------------------
ldap/setup/FortressDemoUsers.xml | 2 +-
.../java/org/openldap/fortress/AccelMgr.java | 19 +++++++++
.../org/openldap/fortress/GlobalErrIds.java | 4 ++
.../fortress/ldap/ApacheDsDataProvider.java | 4 +-
.../openldap/fortress/rbac/AccelMgrImpl.java | 17 ++++++++
.../fortress/rbac/dao/AcceleratorDAO.java | 3 ++
.../rbac/dao/apache/AcceleratorDAO.java | 44 ++++++++++++++++++++
.../rbac/accelerator/TestAccelerator.java | 32 +++++++++++---
8 files changed, 118 insertions(+), 7 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/ldap/setup/FortressDemoUsers.xml
----------------------------------------------------------------------
diff --git a/ldap/setup/FortressDemoUsers.xml b/ldap/setup/FortressDemoUsers.xml
index 8363bc4..40ca567 100755
--- a/ldap/setup/FortressDemoUsers.xml
+++ b/ldap/setup/FortressDemoUsers.xml
@@ -189,7 +189,7 @@
<!-- safe modify must be false iff user can chg pw after reset -->
<policy name="Test1"
minAge="0"
- maxAge="2000000"
+ maxAge="525600"
inHistory="5"
checkQuality="2"
minLength="4"
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/AccelMgr.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/AccelMgr.java b/src/main/java/org/openldap/fortress/AccelMgr.java
index 869f666..9a2da51 100644
--- a/src/main/java/org/openldap/fortress/AccelMgr.java
+++ b/src/main/java/org/openldap/fortress/AccelMgr.java
@@ -119,10 +119,29 @@ public interface AccelMgr extends Manageable
throws SecurityException;
+ /**
+ * This function deletes a fortress session from the RBAC Policy Decision Point inside OpenLDAP RBAC Accelerator. The function is valid if
+ * and only if the session is a valid Fortress session.
+ *
+ * @param session object contains the user's returned RBAC session from the createSession method.
+ * @throws SecurityException is thrown if session invalid or system. error.
+ */
public void deleteSession(Session session)
throws SecurityException;
/**
+ * This function returns the active roles associated with a session. The function is valid if
+ * and only if the session is a valid Fortress session.
+ *
+ * @param session object contains the user's returned RBAC session from the createSession method.
+ * @return List<UserRole> containing all roles active in user's session. This will NOT contain inherited roles.
+ * @throws SecurityException is thrown if session invalid or system. error.
+ */
+ public List<UserRole> sessionRoles(Session session)
+ throws SecurityException;
+
+
+ /**
* Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is
* allowed or not to perform a given operation on a given object. The function is valid if and
* only if the session is a valid Fortress session, the object is a member of the OBJS data set,
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/GlobalErrIds.java b/src/main/java/org/openldap/fortress/GlobalErrIds.java
index 6bbdc2a..4454d44 100755
--- a/src/main/java/org/openldap/fortress/GlobalErrIds.java
+++ b/src/main/java/org/openldap/fortress/GlobalErrIds.java
@@ -1548,6 +1548,10 @@ public class GlobalErrIds
public final static int ACEL_DROP_ROLE_ERR = 10205;
/**
+ * The RBAC Accelerator function failed because SessionRoles LDAP extended operation error.
+ */
+ public final static int ACEL_SESSION_ROLES_ERR = 10206;
+ /**
* 10300's - Group Error Ids
*/
/**
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
index 50a91e9..8594f69 100644
--- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
@@ -139,7 +139,9 @@ public abstract class ApacheDsDataProvider
+ "org.openldap.accelerator.impl.checkAccess.RbacCheckAccessFactory,"
+ "org.openldap.accelerator.impl.addRole.RbacAddRoleFactory,"
+ "org.openldap.accelerator.impl.dropRole.RbacDropRoleFactory,"
- + "org.openldap.accelerator.impl.deleteSession.RbacDeleteSessionFactory");
+ + "org.openldap.accelerator.impl.deleteSession.RbacDeleteSessionFactory,"
+ + "org.openldap.accelerator.impl.sessionRoles.RbacSessionRolesFactory"
+ );
LdapApiService ldapApiService = new StandaloneLdapApiService();
if ( LdapApiServiceFactory.isInitialized() == false )
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java b/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
index a929b09..023ba3d 100644
--- a/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
+++ b/src/main/java/org/openldap/fortress/rbac/AccelMgrImpl.java
@@ -158,6 +158,23 @@ public class AccelMgrImpl extends Manageable implements AccelMgr
/**
+ * This function returns the active roles associated with a session. The function is valid if
+ * and only if the session is a valid Fortress session.
+ *
+ * @param session object contains the user's returned RBAC session from the createSession method.
+ * @return List<UserRole> containing all roles active in user's session. This will NOT contain inherited roles.
+ * @throws SecurityException is thrown if session invalid or system. error.
+ */
+ public List<UserRole> sessionRoles(Session session)
+ throws SecurityException
+ {
+ String methodName = "sessionRoles";
+ assertContext( CLS_NM, methodName, session, GlobalErrIds.USER_SESS_NULL );
+ return aDao.sessionRoles( session );
+ }
+
+
+ /**
* Perform user rbac authorization. This function returns a Boolean value meaning whether the subject of a given session is
* allowed or not to perform a given operation on a given object. The function is valid if and
* only if the session is a valid Fortress session, the object is a member of the OBJS data set,
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
index 0b88268..7361a39 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/AcceleratorDAO.java
@@ -21,11 +21,14 @@ import org.openldap.fortress.rbac.Session;
import org.openldap.fortress.rbac.User;
import org.openldap.fortress.rbac.UserRole;
+import java.util.List;
+
public interface AcceleratorDAO
{
public Session createSession( User user ) throws SecurityException;
public void deleteSession( Session session ) throws SecurityException;
+ public List<UserRole> sessionRoles( Session session ) throws SecurityException;
public boolean checkAccess( Session session, Permission perm ) throws SecurityException;
public void dropActiveRole( Session session, UserRole userRole ) throws SecurityException;
public void addActiveRole( Session session, UserRole userRole ) throws SecurityException;
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
index 2747101..9a0346d 100644
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/AcceleratorDAO.java
@@ -34,6 +34,9 @@ import org.openldap.accelerator.api.dropRole.RbacDropRoleResponse;
import org.apache.directory.api.ldap.model.exception.LdapException;
import org.apache.directory.ldap.client.api.LdapConnection;
+import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequest;
+import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesRequestImpl;
+import org.openldap.accelerator.api.sessionRoles.RbacSessionRolesResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.openldap.fortress.*;
@@ -45,6 +48,9 @@ import org.openldap.fortress.rbac.User;
import org.openldap.fortress.rbac.UserRole;
import org.openldap.fortress.util.attr.VUtil;
+import java.util.ArrayList;
+import java.util.List;
+
public final class AcceleratorDAO extends ApacheDsDataProvider implements org.openldap.fortress.rbac.dao.AcceleratorDAO
@@ -275,4 +281,42 @@ public final class AcceleratorDAO extends ApacheDsDataProvider implements org.op
closeAdminConnection( ld );
}
}
+
+
+ public List<UserRole> sessionRoles( Session session ) throws SecurityException
+ {
+ LdapConnection ld = null;
+ List<UserRole> userRoleList = null;
+ try
+ {
+ ld = getAdminConnection();
+ RbacSessionRolesRequest sessionRolesRequest = new RbacSessionRolesRequestImpl();
+ sessionRolesRequest.setSessionId( session.getSessionId() );
+ sessionRolesRequest.setUserIdentity( session.getUserId() );
+ // Send the request
+ RbacSessionRolesResponse sessionRolesResponse = ( RbacSessionRolesResponse ) ld.extended(
+ sessionRolesRequest );
+ LOG.debug( "sessionRoles result: {}", sessionRolesResponse.getLdapResult().getResultCode().getResultCode());
+ if(VUtil.isNotNullOrEmpty( sessionRolesResponse.getRoles() ) )
+ {
+ userRoleList = new ArrayList<>( );
+ for( String roleNm : sessionRolesResponse.getRoles() )
+ {
+ UserRole userRole = new UserRole( session.getUserId(), roleNm );
+ userRoleList.add( userRole );
+ }
+ }
+ }
+ catch ( LdapException e )
+ {
+ String error = "sessionRoles caught LDAPException=" + " msg=" + e
+ .getMessage();
+ throw new org.openldap.fortress.SecurityException( GlobalErrIds.ACEL_SESSION_ROLES_ERR, error, e );
+ }
+ finally
+ {
+ closeAdminConnection( ld );
+ }
+ return userRoleList;
+ }
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/01ef8075/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
----------------------------------------------------------------------
diff --git a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
index 34cde17..828e0e6 100644
--- a/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
+++ b/src/test/java/org/openldap/fortress/rbac/accelerator/TestAccelerator.java
@@ -46,6 +46,27 @@ public class TestAccelerator
}
@Test
+ public void testSessionRoles()
+ {
+ LOG.info( "testSessionRoles..." );
+ User user = new User();
+ user.setUserId( "rbacuser1" );
+ user.setPassword( "secret".toCharArray() );
+ try
+ {
+ AccelMgr accelMgr = AccelMgrFactory.createInstance( TestUtils.getContext() );
+ Session session;
+ session = accelMgr.createSession( user, false );
+ assertNotNull( session );
+ accelMgr.sessionRoles( session );
+ }
+ catch( org.openldap.fortress.SecurityException se)
+ {
+ se.printStackTrace();
+ }
+ }
+
+ //@Test
public void testCreateSession()
{
LOG.info( "testCreateSession..." );
@@ -86,7 +107,7 @@ public class TestAccelerator
}
}
- @Test
+ //@Test
public void testCheckAccess()
{
AccelMgr accelMgr = null;
@@ -113,6 +134,7 @@ public class TestAccelerator
// positive test case:
Permission perm = new Permission();
perm.setObjName( "/rbac/cal2.jsp" );
+ //perm.setObjId( "123456" );
perm.setOpName( "8am" );
boolean result = accelMgr.checkAccess( session, perm );
assertTrue( result );
@@ -128,7 +150,7 @@ public class TestAccelerator
}
}
- @Test
+ //@Test
public void testDeleteSession()
{
LOG.info( "testDeleteSession..." );
@@ -149,7 +171,7 @@ public class TestAccelerator
}
}
- @Test
+ //@Test
public void testAddActiveRole()
{
LOG.info( "testAddActiveRole..." );
@@ -176,7 +198,7 @@ public class TestAccelerator
}
}
- @Test
+ //@Test
public void testDropActiveRole()
{
LOG.info( "testDropActiveRole..." );
@@ -205,7 +227,7 @@ public class TestAccelerator
}
- @Test
+ //@Test
public void testCombinedCalls()
{
LOG.info( "testCombinedCalls..." );
[42/50] git commit: FC-144 - Add Tomcat SSL to demo
Posted by el...@apache.org.
FC-144 - Add Tomcat SSL to demo
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/103d2ac5
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/103d2ac5
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/103d2ac5
Branch: refs/heads/master
Commit: 103d2ac5a533ab6dbea50af084069e591e392eba
Parents: 6b045d6
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Aug 9 10:47:22 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Aug 9 10:47:22 2014 -0500
----------------------------------------------------------------------
build.properties | 8 +++++---
build.xml | 2 ++
config/fortress.properties.src | 4 ++++
3 files changed, 11 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/103d2ac5/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index f33276d..8095a1e 100644
--- a/build.properties
+++ b/build.properties
@@ -69,11 +69,12 @@ ldap.host=localhost
ldap.port=389
ldap.uris=ldap://${ldap.host}:${ldap.port}
-
# These are needed for client SSL connections with LDAP Server:
#ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}
#enable.ldap.ssl=true
#enable.ldap.ssl.debug=true
+#key.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mykeystore
+#key.store.password=changeit
#trust.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mytruststore
#trust.store.password=changeit
#trust.store.set.prop=true
@@ -197,7 +198,7 @@ dflt.checkpoint=checkpoint 64 5
# 5. BEGIN SYMAS-OPENLDAP INSTALL CONFIGURATION SECTION (Ignore if using ApacheDS or HTTP):
###########################################################################################
-#slapd.start=${openldap.root}/etc/solserver start
+slapd.start=${openldap.root}/etc/solserver start
## If using Symas OpenLDAP, uncomment single option from #1 - 8 below:
# Each of the options are used for a particular Symas-OpenLDAP platform.
@@ -216,7 +217,7 @@ platform=Debian-Silver-x86-64
#slapd.uninstall=dpkg -r symas-openldap-silver
install.image.dir=/home/smckinn/archives/debian64
slapd.module.dir=${openldap.root}/lib64/openldap
-slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
+#slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f ${openldap.root}/etc/openldap/slapd.conf -F ${openldap.root}/etc/openldap
# Option 3 - Debian i386 Gold:
#platform=Debian-Gold-i386
@@ -287,6 +288,7 @@ slapd.start=${openldap.root}/lib64/slapd -h ldap://${ldap.host}:${ldap.port} -f
M2_HOME=./apache-maven
#M2_HOME=/usr/share/maven2
tomcat-realm.conf=<Realm className="org.openldap.sentry.tomcat.Tc7AccessMgrProxy" debug="0" resourceName="UserDatabase" containerType="Tomcat7" realmClasspath="${user.dir}${file.separator}conf${path.separator}${user.dir}${file.separator}dist${file.separator}fortressSentry-${version}.jar"/>
+tomcat-ssl.conf=<Connector port="8443" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${key.store}" keystorePass="${key.store.password}" clientAuth="false" sslProtocol="TLS"/>
tomcat.dir=../apache-tomcat
#These props are for 'Builder' target and have been moved here: "${user.home}/build.properties"
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/103d2ac5/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 7bee54a..6a6f615 100644
--- a/build.xml
+++ b/build.xml
@@ -860,6 +860,8 @@
<replace file="${dst.remote.conf}" token="@TRUST_STORE@" value="${trust.store}"/>
<replace file="${dst.remote.conf}" token="@TRUST_STORE_PW@" value="${trust.store.password}"/>
<replace file="${dst.remote.conf}" token="@TRUST_STORE_SET_PROPW@" value="${trust.store.set.prop}"/>
+ <replace file="${dst.remote.conf}" token="@KEY_STORE@" value="${key.store}"/>
+ <replace file="${dst.remote.conf}" token="@KEY_STORE_PW@" value="${key.store.password}"/>
<echo message="############### Modify fortress load scripts per user settings ###############"/>
<delete file="${dst.load.bootstrap.script}"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/103d2ac5/config/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/fortress.properties.src b/config/fortress.properties.src
index 30a4593..0be6bfc 100755
--- a/config/fortress.properties.src
+++ b/config/fortress.properties.src
@@ -26,6 +26,10 @@ trust.store=@TRUST_STORE@
trust.store.password=@TRUST_STORE_PW@
trust.store.set.prop=@TRUST_STORE_SET_PROPW@
+# Used for SSL Demo with Tomcat:
+key.store=@KEY_STORE@
+key.store.password=@KEY_STORE_PW@
+
# These credentials are used for read/write access to all nodes under suffix:
admin.user=@ROOT_DN@
# LDAP admin root pass is encrypted using 'encrypt' target in build.xml:
[26/50] git commit: minor change to README.html documents
Posted by el...@apache.org.
minor change to README.html documents
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/cae517f8
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/cae517f8
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/cae517f8
Branch: refs/heads/master
Commit: cae517f837fc0d64b586d272f0a284b96f111ddc
Parents: be57c85
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Jul 3 09:21:46 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Jul 3 09:21:46 2014 -0500
----------------------------------------------------------------------
README-QUICKSTART-APACHEDS.html | 3 ++-
README-QUICKSTART-WINDOWS.html | 4 ++--
README-QUICKSTART.html | 4 +++-
3 files changed, 7 insertions(+), 4 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cae517f8/README-QUICKSTART-APACHEDS.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART-APACHEDS.html b/README-QUICKSTART-APACHEDS.html
index 8963247..fa2f4bc 100644
--- a/README-QUICKSTART-APACHEDS.html
+++ b/README-QUICKSTART-APACHEDS.html
@@ -16,7 +16,8 @@
<img src="./images/fortresscommunitylogov3.jpg" />
<br>
<p>
-These instructions are intended for new users who want to quickly learn how to install and test JoshuaTree Fortress and ApacheDS IAM software.
+These instructions are intended for new users who want to quickly learn how to install and test JoshuaTree Fortress and ApacheDS IAM software using QUICKSTART package:
+ http://iamfortress.org/download
<br><br>Follow the steps and
<ul>
<li>ApacheDS will be installed, configured, loaded, and ready to use by <em>Section IV</em>.</li>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cae517f8/README-QUICKSTART-WINDOWS.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART-WINDOWS.html b/README-QUICKSTART-WINDOWS.html
index 6cb3b52..2bf8adb 100644
--- a/README-QUICKSTART-WINDOWS.html
+++ b/README-QUICKSTART-WINDOWS.html
@@ -16,8 +16,8 @@
<img src="./images/fortresscommunitylogov3.jpg" />
<br>
<p>
-These instructions are intended for new users who want to quickly learn how to use JoshuaTree Fortress and Symas OpenLDAP IAM software on Windows platform.
-These instructions are intended for new users who want to quickly learn how to install and test JoshuaTree Fortress and Symas OpenLDAP IAM software.
+These instructions are intended for new users who want to quickly learn how to use JoshuaTree Fortress and Symas OpenLDAP IAM software on Windows platform using QUICKSTART package:
+ http://iamfortress.org/download
<br><br>Follow the steps and
<ul>
<li>OpenLDAP will be installed, configured, loaded, and ready to use by <em>Section IV</em>.</li>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/cae517f8/README-QUICKSTART.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART.html b/README-QUICKSTART.html
index 76a3996..26e7f55 100755
--- a/README-QUICKSTART.html
+++ b/README-QUICKSTART.html
@@ -16,7 +16,9 @@
<img src="./images/fortresscommunitylogov3.jpg" />
<br>
<p>
-These instructions are intended for new users who want to quickly learn how to install and test JoshuaTree Fortress and Symas OpenLDAP IAM software.
+These instructions are intended for new users who want to quickly learn how to install and test JoshuaTree Fortress and Symas OpenLDAP IAM software using the QUICKSTART package:
+ http://iamfortress.org/download
+ For instructions on how to get Fortress working with existing OpenLDAP instance, following instructions in README.txt, SECTION 6
<br><br>Follow the steps and
<ul>
<li>OpenLDAP will be installed, configured, loaded, and ready to use by <em>Section IV</em>.</li>
[40/50] git commit: FC-143 - Add SSL to Unbound connection pool
Posted by el...@apache.org.
FC-143 - Add SSL to Unbound connection pool
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9f428f04
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9f428f04
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9f428f04
Branch: refs/heads/master
Commit: 9f428f04da4821d89f35acfbc3d9cda900e76166
Parents: 35ef63d
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Aug 2 22:55:52 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Aug 2 22:55:52 2014 -0500
----------------------------------------------------------------------
.../openldap/fortress/ldap/ConnectionPool.java | 140 ++++++++++++++++---
1 file changed, 121 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9f428f04/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java b/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
index 424e538..b092ead 100755
--- a/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
+++ b/src/main/java/org/openldap/fortress/ldap/ConnectionPool.java
@@ -1,4 +1,17 @@
-/* Notice:
+/*
+ * This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2014 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ *
* The contents of this file are subject to the Netscape Public
* License Version 1.1 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
@@ -31,33 +44,33 @@
package org.openldap.fortress.ldap;
+import java.security.GeneralSecurityException;
import java.util.Date;
+import com.unboundid.ldap.sdk.migrate.ldapjdk.JavaToLDAPSocketFactory;
+import com.unboundid.util.ssl.SSLUtil;
+import com.unboundid.util.ssl.TrustStoreTrustManager;
+import org.openldap.fortress.cfg.Config;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
+import javax.net.ssl.SSLSocketFactory;
+
/**
- * Connection pool class is used by {@link PoolMgr} to manage live connections to the ldap server. The connection pools
- * increase speed for data access by avoiding cost of recreating connections for every ldap request.
- * </p>
- * <p/>
- * The contents of this file were derived from the ConnectionPool in Mozilla Java LDAP SDK and are subject to the Netscape Public
- * License Version 1.1 (the "License"); you may not use this file
- * except in compliance with the License. You may obtain a copy of the License at
- * <a href="http://www.mozilla.org/MPL/MPL-1.1.html/">Mozilla Public License Version 1.1</a> or see
- * <a href="http://www.mozilla.org/MPL/">Mozilla Public License</a> for more info.
- * <p/>
- * </p>
- * Software distributed under the License is distributed on an "AS
- * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- * implied. See the License for the specific language governing
- * rights and limitations under the License.
- * <p/>
+ * This connection pool class is used by Fortress {@link PoolMgr}.
+ * PoolMgr operations utilize multiple instances of this class to connections for different purposes.
+ * For example the 'admin' pool contains connections that have privileges to make modifications to the directory data during administrative operations {@link org.openldap.fortress.AdminMgr}.
+ * The 'user' pool contain unprivileged connections used for authentication processing only, {@link org.openldap.fortress.AccessMgr}.
+ * A 3rd pool, may be used to interrogate data stored by OpenLDAP's slapo access log info, This is used interrogating the fortress audit log events, {@link org.openldap.fortress.AuditMgr}.
+ * The contents of this file have been derived from the original, Mozilla Java LDAP SDK, and are subject to the Netscape Public License Version 1.1 (the "License")
+ * as described at the top of this file;
+ * The code mods include additional functionality to enable SSL connections in pool. There have been other updates to the original functions to integrate with UnboundID's Java LDAP SDK.
* </p>
+ * Original Mozilla javadoc:
* Class to maintain a pool of individual connections to the
* same server. Specify the initial size and the max size
* when constructing a pool. Call getConnection() to obtain
@@ -436,6 +449,14 @@ class ConnectionPool
}
+ /**
+ * *** FORTRESS MOD ****
+ *
+ * Create pool of LDAP connections to server. Add SSL capability using unboundId's compatibility utility.
+ *
+ * @param size number of connections to generate and store in pool
+ * @throws LDAPException in the event of system error.
+ */
private synchronized void setUpPool( int size )
throws LDAPException
{
@@ -444,8 +465,8 @@ class ConnectionPool
{
LDAPConnectionObject co =
new LDAPConnectionObject();
- // Make LDAP connection, using template if available
- LDAPConnection newConn = new LDAPConnection();
+
+ LDAPConnection newConn = createConnection( );
newConn.connect( host, port, authdn, authpw );
co.setLDAPConn( newConn );
co.setInUse( false ); // Mark not in use
@@ -453,6 +474,87 @@ class ConnectionPool
}
}
+ /**
+ * *** FORTRESS MOD ****
+ *
+ * Used to manage trust store properties. If enabled, create SSL connection.
+ *
+ */
+ private static final String ENABLE_LDAP_SSL = "enable.ldap.ssl";
+ private static final String ENABLE_LDAP_SSL_DEBUG = "enable.ldap.ssl.debug";
+ private static final String TRUST_STORE = Config.getProperty( "trust.store" );
+ private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
+ private static final boolean IS_SSL = (
+ Config.getProperty( ENABLE_LDAP_SSL ) != null &&
+ Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
+ TRUST_STORE != null &&
+ TRUST_STORE_PW != null );
+
+ private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
+ private static final boolean IS_SET_TRUST_STORE_PROP = (
+ IS_SSL &&
+ Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
+ Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
+
+ private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG ) != null ) && ( Config
+ .getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
+
+ static
+ {
+ if(IS_SET_TRUST_STORE_PROP)
+ {
+ LOG.info( "Set JSSE truststore properties:");
+ LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
+ LOG.info( "javax.net.debug: " + new Boolean( IS_SSL_DEBUG ).toString());
+ System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
+ System.setProperty( "javax.net.debug", new Boolean( IS_SSL_DEBUG ).toString() );
+ }
+ }
+
+ /**
+ * *** FORTRESS MOD ****
+ *
+ * If enabled, use Unbound compatibility lib to create SSL connection.
+ *
+ * @return handle to LDAPConnection
+ * @throws LDAPException wrap GeneralSecurityException or throws ldapexcep.
+ */
+ private LDAPConnection createConnection() throws LDAPException
+ {
+ LDAPConnection newConn = null;
+ if(IS_SSL)
+ {
+ // Generate SSL Connection using Unbound compatibility lib utils:
+ // http://stackoverflow.com/questions/22672477/unboundid-ldap-jdk-migration
+ SSLSocketFactory sslSocketFactory;
+ //SSLUtil sslUtil = new SSLUtil(new TrustAllTrustManager());
+ // These config values set in fortress.properties
+ SSLUtil sslUtil = new SSLUtil(
+ new TrustStoreTrustManager(
+ TRUST_STORE,
+ TRUST_STORE_PW.toCharArray() , null, true ) );
+ try
+ {
+ sslSocketFactory = sslUtil.createSSLSocketFactory();
+ }
+ catch(GeneralSecurityException e)
+ {
+ String error = "GeneralSecurityException while creating SSL socket factory=" + e;
+ throw new LDAPException( error, LDAPException.CONNECT_ERROR );
+ }
+ JavaToLDAPSocketFactory ldapSocketFactory =
+ new JavaToLDAPSocketFactory(sslSocketFactory);
+ newConn = new LDAPConnection(ldapSocketFactory);
+ }
+ else
+ {
+ // Make LDAP connection, using template if available
+ newConn = new LDAPConnection();
+ }
+ return newConn;
+ }
+
private int find( LDAPConnection con )
{
[41/50] git commit: Automate: FC-143 - Add SSL to Unbound connection
pool
Posted by el...@apache.org.
Automate: FC-143 - Add SSL to Unbound connection pool
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/6b045d63
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/6b045d63
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/6b045d63
Branch: refs/heads/master
Commit: 6b045d6393f820fb0e2cc21596b8db467956fdc3
Parents: 9f428f0
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Aug 6 16:28:28 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Aug 6 16:28:28 2014 -0500
----------------------------------------------------------------------
build.properties | 41 +++++++++---------
build.xml | 59 +++++++++++++++++++++++++-
ldap/slapd.conf.src | 5 +++
ldap/symas-openldap.conf | 59 ++++++++++++++++++++++++++
ldap/symas-openldap.conf.src | 59 ++++++++++++++++++++++++++
src/test/resources/certs/ca-cert.pem | 23 ++++++++++
src/test/resources/certs/mytruststore | Bin 0 -> 1071 bytes
src/test/resources/certs/server-cert.pem | 21 +++++++++
src/test/resources/certs/server-key.pem | 27 ++++++++++++
9 files changed, 272 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/build.properties
----------------------------------------------------------------------
diff --git a/build.properties b/build.properties
index e8d2777..f33276d 100644
--- a/build.properties
+++ b/build.properties
@@ -32,17 +32,12 @@ version=1.0-RC38
# Enable local.mode property if your machine does not have connection to Internet and runtime dependencies have already downloaded to FORTRESS_HOME/lib folder on this machine:
#local.mode=true
-# Set sudo.pw if running 'init-slapd' on Linux machine and sudo access required, otherwise leave this value blank
+# Set sudo.pw is used by 'init-slapd', 'start-slapd' and 'stop-slapd' tagets on Linux machine when sudo access required, otherwise leave this value blank
# The sudo.pw variable must be uncommented and left empty iff installing Symas-OpenLDAP package onto Redhat Linux platform:
sudo.pw=
-# If encryption of LDAP &/or HTTP service account passwords (e.g. cfg.root.pw, cfg.log.root.pw and http.pw params) is required, this field must be set.
-# If encryption of service accounts not needed, leave this value blank, and set the password values for cfg.root.pw, cfg.log.root.pw and http.pw to be their clear text value.
-# Use any arbitrary value here but whatever used must also be key used to encrypt.
-crypto.prop=abcd12345
-
########################################################################
-# 2. BEGIN HTTP CONFIGURATION SECTION (Ignore if using LDAPv3):
+# 2. BEGIN HTTP CLIENT CONFIGURATION SECTION (Ignore if using LDAPv3):
########################################################################
# The following optional HTTP parameters are needed when Fortress client communicates though EnMasse HTTP proxy (rather than LDAP) server:
@@ -53,12 +48,12 @@ enable.mgr.impl.rest=false
# This user account is added automatically during init-slapd or init-apacheds target via 'FortressDemoUsers.xml' policy file:
http.user=demouser4
-http.pw=gX9JbCTxJW5RiH+otQEX0Ja0RIAoPBQf
+http.pw=password
http.host=localhost
http.port=8080
########################################################################
-# 3. BEGIN LDAP SERVER CONFIGURATION SECTION: (Ignore if using HTTP):
+# 3. BEGIN LDAP CLIENT CONFIGURATION SECTION: (Ignore if using HTTP):
########################################################################
# This param tells fortress what type of ldap server in use:
@@ -72,21 +67,25 @@ ldap.server.type=openldap
# These parameters point fortress to LDAP host:
ldap.host=localhost
ldap.port=389
-#ldap.host=192.168.1.102
-#ldap.port=10389
+ldap.uris=ldap://${ldap.host}:${ldap.port}
+
-# These are for setting up SSL with OpenLDAP Server:
+# These are needed for client SSL connections with LDAP Server:
+#ldap.uris=ldap://${ldap.host}:389 ldaps://${ldap.host}:${ldap.port}
#enable.ldap.ssl=true
#enable.ldap.ssl.debug=true
-#trust.store=fully / qualified / file / name / to / truststore
+#trust.store=/home/smckinn/GIT/fortressDev/openldap-fortress-core/src/test/resources/certs/mytruststore
#trust.store.password=changeit
#trust.store.set.prop=true
+# These are needed for OpenLDAP server-side SSL configuration:
+#tls.ca.cert.file=ca-cert.pem
+#tls.cert.file=server-cert.pem
+#tls.key.file=server-key.pem
+
# These are used to construct suffix for DIT, i.e. dc=example,dc=com.
suffix.name=openldap
suffix.dc=org
-#suffix.name=jts
-#suffix.dc=us
#suffix.name=example
#suffix.dc=com
@@ -115,8 +114,8 @@ root.dn=cn=Manager,${suffix}
#root.dn=uid=admin,ou=system
# Used to load OpenLDAP admin root password in slapd.conf and was encrypted using 'slappasswd' command:
root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
-# This OpenLDAP admin root pass is bound for fortress.properties and was encrypted using 'encrypt' target in build.xml:
-cfg.root.pw=W7T0G9hylKZQ4K+DF8gfgA==
+# This OpenLDAP admin root pass is bound for fortress.properties used by 'admin' pooled connections:
+cfg.root.pw=secret
# This specifies the number of default LDAP connections to maintain in the pool:
admin.min.conn=1
@@ -140,8 +139,8 @@ log.max.conn=3
log.root.dn=cn=Manager,${log.suffix}
# This OpenLDAP slapd logger password is bound for slapd.conf and was encrypted using 'slappasswd' command:
log.root.pw={SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU
-# This OpenLDAP slapd logger password will be stored using fortress' remote configuration utility and was encrypted using 'encrypt' target in build.xml:
-cfg.log.root.pw=W7T0G9hylKZQ4K+DF8gfgA==
+# This password is bound for slapd.conf file for slapd access log service account:
+cfg.log.root.pw=secret
# More Audit Config:
log.suffix=cn=log
log.ops=logops bind writes compare
@@ -159,7 +158,7 @@ log.bdb.cache.size=
#base.load.script=FortressDemoUsers.xml
-# Do not change any params below this line unless you know what you are doing:
+# These next params used by 'init-slapd' target to install OpenLDAP to target machine. Do not change any params below this line unless you know what you are doing:
## If using Symas OpenLDAP on NIX, uncomment this section:
db.root=/var/openldap
@@ -198,6 +197,8 @@ dflt.checkpoint=checkpoint 64 5
# 5. BEGIN SYMAS-OPENLDAP INSTALL CONFIGURATION SECTION (Ignore if using ApacheDS or HTTP):
###########################################################################################
+#slapd.start=${openldap.root}/etc/solserver start
+
## If using Symas OpenLDAP, uncomment single option from #1 - 8 below:
# Each of the options are used for a particular Symas-OpenLDAP platform.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 05bb538..7bee54a 100644
--- a/build.xml
+++ b/build.xml
@@ -43,6 +43,7 @@
<property name="lib.dir" value="${basedir}/lib"/>
<property name="src.java.dir" value="${src.dir}/main/java"/>
<property name="src.test.dir" value="${src.dir}/test/java"/>
+ <property name="src.test.resources.dir" value="${src.dir}/test/resources"/>
<!-- ########### Build properties & artifacts ########################### -->
<property name="build.dir" value="${basedir}/build"/>
@@ -62,6 +63,8 @@
<property name="ldap.setup.dir" value="${ldap.dir}/setup"/>
<property name="ldap.schema.dir" value="${ldap.dir}/schema"/>
<property name="slapd.schema.dir" value="${slapd.dir}/schema"/>
+ <property name="src.slapd.ssl.keys.dir" value="${src.test.resources.dir}/certs"/>
+ <property name="dst.slapd.ssl.keys.dir" value="${openldap.root}/ssl"/>
<!-- ########### Configuration, Load and builder properties ########################### -->
<property name="src.load.bootstrap.script" value="${ldap.setup.dir}/refreshLDAPData-src.xml"/>
@@ -94,6 +97,9 @@
<property name="mkdir.slapd-win" value="${ldap.setup.dir}/mkDir.cmd"/>
<property name="uninstall.slapd.script" value="${ldap.setup.dir}/uninstall.sh"/>
<property name="install.slapd.script" value="${ldap.setup.dir}/install.sh"/>
+ <property name="source.symas.conf" value="${ldap.dir}/symas-openldap.conf.src"/>
+ <property name="target.symas.conf" value="${ldap.dir}/symas-openldap.conf"/>
+ <property name="dst.symas.conf" value="${slapd.dir}/symas-openldap.conf"/>
<property name="source.slapd.conf" value="${ldap.dir}/slapd.conf.src"/>
<property name="target.slapd.conf" value="${ldap.dir}/slapd.conf"/>
<property name="dst.slapd.conf" value="${slapd.dir}/slapd.conf"/>
@@ -636,7 +642,7 @@
================================= -->
<target name="init-openldap-config" depends="init" description="--> map env params from build.properties to scripts and config files">
<echo message="############### Modify slapd configuration per user settings ###############"/>
- <delete file="${target.slapd.conf}"/>
+ <delete file="${target.slapd.conf}" failonerror="false"/>
<copy file="${source.slapd.conf}" tofile="${target.slapd.conf}"/>
<replace file="${target.slapd.conf}" token="@SCHEMA_PATH@" value="${slapd.schema.dir}"/>
<replace file="${target.slapd.conf}" token="@SUFFIX@" value="${suffix}"/>
@@ -664,11 +670,18 @@
<replace file="${target.slapd.conf}" token="@DFLT_BDB_CACHE_SIZE@" value="${dflt.bdb.cache.size}"/>
<replace file="${target.slapd.conf}" token="@DFLT_BDB_CACHE_IDLE_SIZE@" value="${dflt.bdb.cache.idle.size}"/>
<replace file="${target.slapd.conf}" token="@POLICIES_DN@" value="${policies.dn}"/>
+
+ <!-- setup the symas openldap slapd start/stop script -->
+ <delete file="${target.symas.conf}" failonerror="false"/>
+ <copy file="${source.symas.conf}" tofile="${target.symas.conf}"/>
+ <replace file="${target.symas.conf}" token="@LDAP_URIS@" value="${ldap.uris}"/>
+
<antcall target="init-rbac-accelerator"></antcall>
+ <antcall target="init-slapd-ssl"></antcall>
+
<echo message="Target init-all-config complete."/>
</target>
-
<!-- =================================
RBAC Accelerator Overlay Config
================================= -->
@@ -723,6 +736,34 @@
</target>
<!-- =================================
+ OpenLDAP SSL Config
+ ================================= -->
+ <target name="init-slapd-ssl" depends="init">
+ <antcall target="enable-slapd-ssl"></antcall>
+ <antcall target="disable-slapd-ssl"></antcall>
+ </target>
+
+ <!-- =================================
+ Enable OpenLDAP SSL
+ ================================= -->
+ <target name="enable-slapd-ssl" depends="init" if="enable.ldap.ssl">
+ <echo message="############### Enable OpenLDAP SSL"/>
+ <antcall target="copy-ssl-keys"></antcall>
+ <replace file="${target.slapd.conf}" token="@IS_SSL@" value=""/>
+ <replace file="${target.slapd.conf}" token="@CA_CERT_FILEW@" value="${dst.slapd.ssl.keys.dir}/${tls.ca.cert.file}"/>
+ <replace file="${target.slapd.conf}" token="@CERT_FILEW@" value="${dst.slapd.ssl.keys.dir}/${tls.cert.file}"/>
+ <replace file="${target.slapd.conf}" token="@CERT_KEY_FILEW@" value="${dst.slapd.ssl.keys.dir}/${tls.key.file}"/>
+ </target>
+
+ <!-- =================================
+ Disable OpenLDAP SSL
+ ================================= -->
+ <target name="disable-slapd-ssl" depends="init" unless="enable.ldap.ssl">
+ <echo message="############### Disable OpenLDAP SSL"/>
+ <replace file="${target.slapd.conf}" token="@IS_SSL@" value="#"/>
+ </target>
+
+ <!-- =================================
init slapd for windows
================================= -->
<target name="init-slapd-win-script" depends="init" if="windows" description="--> creates a startup file for slapd on windows">
@@ -937,6 +978,7 @@
<echo message="############### Backup slapd configuration and Fortress LDAP schema ###############"/>
<move file="${dst.slapd.conf}" tofile="${dst.slapd.conf}.bak.${TODAY}" failonerror="false" />
+ <move file="${dst.symas.conf}" tofile="${dst.symas.conf}.bak.${TODAY}" failonerror="false" />
<move file="${target.fortress.schema}" tofile="${target.fortress.schema}.${TODAY}" failonerror="false" />
<move file="${target.rbac.schema}" tofile="${target.rbac.schema}.${TODAY}" failonerror="false" />
@@ -947,6 +989,7 @@
<copy todir="${slapd.schema.dir}" file="${source.fortress.schema}"/>
<copy todir="${slapd.schema.dir}" file="${source.rbac.schema}"/>
<copy todir="${slapd.dir}" file="${target.slapd.conf}"/>
+ <copy todir="${slapd.dir}" file="${target.symas.conf}"/>
<antcall target="copy-access-libs"></antcall>
<antcall target="init-slapd-win-script"></antcall>
@@ -996,6 +1039,18 @@
</target>
<!-- =================================
+ copy the slapd rbac accelerator overlay libs from install to bin folder
+ ================================= -->
+ <target name="copy-ssl-keys" depends="init" >
+ <echo message="############### Copy SSL keys from ${src.slapd.ssl.keys.dir} to ${dst.slapd.ssl.keys.dir}"/>
+ <copy todir="${dst.slapd.ssl.keys.dir}" failonerror="false">
+ <fileset dir="${src.slapd.ssl.keys.dir}">
+ <include name="*.pem"/>
+ </fileset>
+ </copy>
+ </target>
+
+ <!-- =================================
if windows system create slapd server folders
================================= -->
<target name="mkdir-slapd-win" depends="init" if="windows">
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/ldap/slapd.conf.src
----------------------------------------------------------------------
diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src
index 5eb2409..31f1415 100755
--- a/ldap/slapd.conf.src
+++ b/ldap/slapd.conf.src
@@ -24,6 +24,11 @@ include @SCHEMA_PATH@/openldap.schema
include @SCHEMA_PATH@/fortress.schema
include @SCHEMA_PATH@/rbac.schema
+### SSL Configuration
+@IS_SSL@TLSCACertificateFile @CA_CERT_FILEW@
+@IS_SSL@TLSCertificateFile @CERT_FILEW@
+@IS_SSL@TLSCertificateKeyFile @CERT_KEY_FILEW@
+
disallow bind_anon
idletimeout 0
sizelimit 5000
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/ldap/symas-openldap.conf
----------------------------------------------------------------------
diff --git a/ldap/symas-openldap.conf b/ldap/symas-openldap.conf
new file mode 100644
index 0000000..6c99295
--- /dev/null
+++ b/ldap/symas-openldap.conf
@@ -0,0 +1,59 @@
+#
+# Symas OpenLDAP Configuration file
+# Copyright (c) 2009 Symas Corporation. All Rights Reserved.
+#
+# This file contains configuration information for Symas OpenLDAP.
+# Refer to the comments just before each variable to determine proper
+# settings.
+#
+#
+# RUN_SLAPD - Control the ldap server daemon.
+# A value of Y will cause the ldap server daemon to be started.
+# Any other value will prevent it from being started.
+RUN_SLAPD=Y
+
+# SLAPD_USER, SLAPD_GROUP - Set the user group id of the ldap
+# server daemon. Generally these are best left set to root,but
+# some folks like to change the ID for security reasons. If you
+# do this, make sure the various directories and files used by
+# slapd have the appropriate access permissions.
+#SLAPD_USER=root
+#SLAPD_GROUP=root
+
+#
+# HOST_LIST - The list of listeners the ldap demon should start.
+# The value needs to be a quoted, space-separated list of ldap
+# URIs. For example:
+# HOST_LIST="ldap:/// ldaps:/// ldapi:///"
+# will cause the ldap daemon to start a standard ldap listener
+# on port 389, an SSL listener on port 636, and a listener on
+# a UNIX domain socket.
+HOST_LIST="ldap://localhost:389"
+
+# EXTRA_SLAPD_ARGS - Extra arguments for slapd. Use this variable
+# to hold extra flags and parameters for the slapd command line.
+# For example, to specify the location of the dynamic config
+# directory:
+# EXTRA_SLAPD_ARGS="-F /opt/symas/etc/openldap/slapd.d"
+EXTRA_SLAPD_ARGS=
+
+#
+# SOL_PRELOAD - Pre-load a library when starting slapd. Use this
+# variable to specify a library to be pre-loaded when starting
+# slapd. The most common use for this is to use alternate memory
+# allocation libraries, such as libtcmalloc.
+# For example, use the following statement to use the libtcmalloc
+# allocator:
+# SOL_PRELOAD=/opt/symas/lib64/libtcmalloc.so
+#SOL_PRELOAD=
+
+#
+# SLAPD_TIMEOUT - How long to wait for slapd to exit when stopping, in
+# seconds.
+SLAPD_TIMEOUT=60
+
+#
+# BIN and LIB - select which binaries and libraries to use,
+# for architectures where several possible ABIs may be available.
+BIN=/opt/symas/bin
+LIB=/opt/symas/lib64
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/ldap/symas-openldap.conf.src
----------------------------------------------------------------------
diff --git a/ldap/symas-openldap.conf.src b/ldap/symas-openldap.conf.src
new file mode 100644
index 0000000..9cffe5c
--- /dev/null
+++ b/ldap/symas-openldap.conf.src
@@ -0,0 +1,59 @@
+#
+# Symas OpenLDAP Configuration file
+# Copyright (c) 2009 Symas Corporation. All Rights Reserved.
+#
+# This file contains configuration information for Symas OpenLDAP.
+# Refer to the comments just before each variable to determine proper
+# settings.
+#
+#
+# RUN_SLAPD - Control the ldap server daemon.
+# A value of Y will cause the ldap server daemon to be started.
+# Any other value will prevent it from being started.
+RUN_SLAPD=Y
+
+# SLAPD_USER, SLAPD_GROUP - Set the user group id of the ldap
+# server daemon. Generally these are best left set to root,but
+# some folks like to change the ID for security reasons. If you
+# do this, make sure the various directories and files used by
+# slapd have the appropriate access permissions.
+#SLAPD_USER=root
+#SLAPD_GROUP=root
+
+#
+# HOST_LIST - The list of listeners the ldap demon should start.
+# The value needs to be a quoted, space-separated list of ldap
+# URIs. For example:
+# HOST_LIST="ldap:/// ldaps:/// ldapi:///"
+# will cause the ldap daemon to start a standard ldap listener
+# on port 389, an SSL listener on port 636, and a listener on
+# a UNIX domain socket.
+HOST_LIST="@LDAP_URIS@"
+
+# EXTRA_SLAPD_ARGS - Extra arguments for slapd. Use this variable
+# to hold extra flags and parameters for the slapd command line.
+# For example, to specify the location of the dynamic config
+# directory:
+# EXTRA_SLAPD_ARGS="-F /opt/symas/etc/openldap/slapd.d"
+EXTRA_SLAPD_ARGS=
+
+#
+# SOL_PRELOAD - Pre-load a library when starting slapd. Use this
+# variable to specify a library to be pre-loaded when starting
+# slapd. The most common use for this is to use alternate memory
+# allocation libraries, such as libtcmalloc.
+# For example, use the following statement to use the libtcmalloc
+# allocator:
+# SOL_PRELOAD=/opt/symas/lib64/libtcmalloc.so
+#SOL_PRELOAD=
+
+#
+# SLAPD_TIMEOUT - How long to wait for slapd to exit when stopping, in
+# seconds.
+SLAPD_TIMEOUT=60
+
+#
+# BIN and LIB - select which binaries and libraries to use,
+# for architectures where several possible ABIs may be available.
+BIN=/opt/symas/bin
+LIB=/opt/symas/lib64
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/ca-cert.pem
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/ca-cert.pem b/src/test/resources/certs/ca-cert.pem
new file mode 100644
index 0000000..d763a69
--- /dev/null
+++ b/src/test/resources/certs/ca-cert.pem
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2TCCAsGgAwIBAgIJAPrmyB44m77vMA0GCSqGSIb3DQEBBQUAMIGCMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEUMBIGA1UEBwwLSm9zaHVhIFRy
+ZWUxFjAUBgNVBAoMDW15Y29tcGFueW5hbWUxFDASBgNVBAsMC215Z3JvdXBuYW1l
+MRowGAYDVQQDDBFmb3J0cmVzc2RlbW8yLmNvbTAeFw0xNDA4MDUxNTQ3NDNaFw0y
+NDA2MTMxNTQ3NDNaMIGCMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5p
+YTEUMBIGA1UEBwwLSm9zaHVhIFRyZWUxFjAUBgNVBAoMDW15Y29tcGFueW5hbWUx
+FDASBgNVBAsMC215Z3JvdXBuYW1lMRowGAYDVQQDDBFmb3J0cmVzc2RlbW8yLmNv
+bTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOQj5MEJcEU9qRwH4pk7
+lkBtNsODQq/M4MjAndcpp/HOHmFq9TZizYAMb5r95D0OECreBv4xoHwPNRFDOmee
+HGq4poeUk73R0dnf6TFqGtjETRoI1liQkl7X2bDKzcKoZRncUzU+Aw4Of/V8Q8Ex
+W5dvLtk4AEbk072zYOZtRTO9VytCPVeZrN4ztUT9H0QFypqooiCt0XOmlGy2rXLI
+HkSs+3181E2e/3ig6fSfTuFwCMaSwZx+xiB9Wc3qmpSa6QLg5E4ty9HNtRGAkUNq
+s99kc6S/mAmJAoPTX9nzJeq1/JPjOtYJ/USLs60sLgPVWNMd4NfofMgNLAJ6fSX5
+lD8CAwEAAaNQME4wHQYDVR0OBBYEFK7G3d6ChE0OSPvPeUAW0ToA0xZLMB8GA1Ud
+IwQYMBaAFK7G3d6ChE0OSPvPeUAW0ToA0xZLMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQEFBQADggEBAL185kD78VyZeXW+mzGWQB8ZZ08XJgndBUcyKP7RcgAoOJym
+4hOm9CmE4Qbpn1k7DWj2kXyucmMoQrV+sl8GFPZEyNiHR+EXoPHc2TlNm0adYVHO
+rbYHpxep1dbkUPOnT+3/QxRhztui642NeVvePQOPC7Ne4swuUiPhFVpzpasUdWMt
+2PQg2oA1FS8QONW94KF8vlO94M9lN/o3QJtdQ0611yhEMhNq5nVEkKwNFG2aIGGQ
+YTiiVkzYeBmHTMgCzGWoU9XdKTuGEAYTCDhl03z9Y/uc//qyYuj7TrI3P+6mTxSG
+0GE3PgcjH5oIEO4OjHYhMxQ++lx8wIBl4QmfhrQ=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/mytruststore
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/mytruststore b/src/test/resources/certs/mytruststore
new file mode 100644
index 0000000..0d51d07
Binary files /dev/null and b/src/test/resources/certs/mytruststore differ
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/server-cert.pem
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/server-cert.pem b/src/test/resources/certs/server-cert.pem
new file mode 100644
index 0000000..947ffac
--- /dev/null
+++ b/src/test/resources/certs/server-cert.pem
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDdjCCAl4CAQEwDQYJKoZIhvcNAQEFBQAwgYIxCzAJBgNVBAYTAlVTMRMwEQYD
+VQQIDApDYWxpZm9ybmlhMRQwEgYDVQQHDAtKb3NodWEgVHJlZTEWMBQGA1UECgwN
+bXljb21wYW55bmFtZTEUMBIGA1UECwwLbXlncm91cG5hbWUxGjAYBgNVBAMMEWZv
+cnRyZXNzZGVtbzIuY29tMB4XDTE0MDgwNTE2MDMxMloXDTE5MDgwNDE2MDMxMlow
+fzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFDASBgNVBAcMC0pv
+c2h1YSBUcmVlMRYwFAYDVQQKDA1teWNvbXBhbnluYW1lMRQwEgYDVQQLDAtteWdy
+b3VwbmFtZTEXMBUGA1UEAwwOU2hhd24gTWNLaW5uZXkwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDNamWSaKd+rFbkYxiyc0QWMb31aAl8MbmE1sP0bT/G
+fkn5Rf+5PF07FUjhqyqkzHEL/hbbIksVONcEYf3sP6meLww5s0w7fyDxTahGE86k
+FnnwbJppJUEsZXnX02tiANrm/cQfuhm7k3nf/sXCpoo5uOnUA1ITdvxFyl1SSTNq
+ShzL5nZ2iOtVpfsFrebx4j870Jrm9J+kFdM/HvIzJnqAJ1LH4kwdj6CocobvVHvw
+sWgAB1/KGLS+y8S5htAegzZ9Z5ffUu/TBLU8sS6hv4Wgdx6wcDi7hCxX+2cZx6Vg
+ynDiKphYgcZ/4e3IVUd1OnQI347HMZwWVWxTjCV77OqtAgMBAAEwDQYJKoZIhvcN
+AQEFBQADggEBAEYk8ZeTbjvBeWgl6QLN1IZ6elFRF/96/EzwClBhdEtMl3o9y2id
+ZELXspByoRC20Z9UV7bBtyKAck1Byc5e0im+L45bF9MH/nZNnQGTVjg9dG67Nj28
+XTMXWSyhZCiceoKOSkUkdTA3SH9i5f8NWPPFJGmbsaEMuLCCeY0qwLoAaEboksi6
+bHvJhDRLtfkhZtGY3Jg4yNuNM0mmorseYvfkb8SBq3PocsZs+c2wwH0k93kZPC2J
+zuB0Wy9KWwV8atmz3dwQeMst+tg6eL/XwFt1H/EKc2QImOyRPSulNkagy/40Otj0
+yWLJAgbD47RlIYfaaHaoVnSFsGTLzoG2Q6o=
+-----END CERTIFICATE-----
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/6b045d63/src/test/resources/certs/server-key.pem
----------------------------------------------------------------------
diff --git a/src/test/resources/certs/server-key.pem b/src/test/resources/certs/server-key.pem
new file mode 100644
index 0000000..e758539
--- /dev/null
+++ b/src/test/resources/certs/server-key.pem
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAzWplkminfqxW5GMYsnNEFjG99WgJfDG5hNbD9G0/xn5J+UX/
+uTxdOxVI4asqpMxxC/4W2yJLFTjXBGH97D+pni8MObNMO38g8U2oRhPOpBZ58Gya
+aSVBLGV519NrYgDa5v3EH7oZu5N53/7FwqaKObjp1ANSE3b8RcpdUkkzakocy+Z2
+dojrVaX7Ba3m8eI/O9Ca5vSfpBXTPx7yMyZ6gCdSx+JMHY+gqHKG71R78LFoAAdf
+yhi0vsvEuYbQHoM2fWeX31Lv0wS1PLEuob+FoHcesHA4u4QsV/tnGcelYMpw4iqY
+WIHGf+HtyFVHdTp0CN+OxzGcFlVsU4wle+zqrQIDAQABAoIBAAVGbTNUUrDTFiwp
+S1IR2bbEMj+iG1RAJqZ9qWyWfaPITHgFTyrfnPlOc5+v+Jlg0qpfLREVkV4LJqJr
+Lc0qWV3BkYvNyfBhNGRd/StHiO/3z8vXziNTHJhaRsW/HSvYH8b8z1ONQOnrQJ76
++PMlubj/wal7KFltnc7hAoKBdLuO/eNaEKyZH3Rtzg1nRN5r07g7fEY3PChRcO7+
+3/U0/oy43TqH/RDMulKvIliIWcNZ7DMWHvYc01JGWagdKAyKzt275QGeRn8y0Pab
+BdgMKzaJ3dSCAt4U1rUQiireebXOk3UB/getyXUPrDNfZiCpbnPNzwuxAp6pwjNZ
+yf1kQsECgYEA7WVgCgO1cPV5lnbVoX3+IGGIuFLnClBckct1lkJ6xvKCqLDTPN41
+fRocw/IXo49a+N3aaOszUISQgh9ze3clRzvE1yVNy7PuGYLXb9x/fuyDAqhGtMnu
+Bk7L1a38/9mPqM3q+ZG3JJm/xU5RvpT1FN1h8gCdP8eNoDcGXPqZ5v0CgYEA3YNu
+17yhRh5FQ/mToOrjCMmrcIqyab1ZPISTKIPEiD7Jomyp0OozyeakF+q5/Hm5Ebyr
+gxR4kTyQJchYXRDM6Yu/2GCwZhCXHbcdXY/bmCn6cSf6Jv2l2RVRJh8uzGzfBPxz
+e9dmODTBEpDkH8JfXXX8CcMSkGD53Ky5S+ZwWXECgYEAo9Og6mhSz4hoB0Es/ox/
+UoNcoa98h+6bY3XgSPjJ1//F0Xpt3ISQryvVDBhG3fXxVutrbZpayEcjntjrjhnU
+HQuPNNYmkNw0BWD5IdYuGj5Hzw6n9N2hqLK6ElVG0p2meVzZuq8nj1eXMydwXDBZ
+zbNVg3ePDVO+VgGDH6lFilUCgYB/gnHis81uDGy4xUiqv6ry2wvZ26z52yosAPCo
+yLjv6Jyu57gU70vic+aPcemfoP3cbOuZp8YDbIZZiWr8H3ilE3Haf0Xraq9iRo8b
+1XyFqdxlGKsRmL7IKFIvDJIm0KDMQPnFFufbgNqG8mqusXet2AW+JNFh1MDfu3lq
+bHrNsQKBgHM79p1nBZIQdzY86VzNKCEzkvp/bTgn9EM+EkOI0x+kZX8KfID/oeY6
+JdfL6MA08VWZ+ee6KhkuFyyWzJYkD5sTIzNj4WBl63af8mPgDM8rwzW8ffEUy2RG
+eZluTwzgfAZPJnp/YpYaJePXmDfHs8UqBouH6rDRBqjycvMMqs0J
+-----END RSA PRIVATE KEY-----
[47/50] git commit: FC-149 - AuditMgr.getUserAuthZs incorrectly
handles failures
Posted by el...@apache.org.
FC-149 - AuditMgr.getUserAuthZs incorrectly handles failures
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9d516b8a
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9d516b8a
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9d516b8a
Branch: refs/heads/master
Commit: 9d516b8add9230fa7bda59f2bccf9e925498338c
Parents: 2300162
Author: Shawn McKinney <sh...@jts.us>
Authored: Thu Sep 18 22:21:25 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Thu Sep 18 22:21:25 2014 -0500
----------------------------------------------------------------------
.../java/org/openldap/fortress/GlobalIds.java | 2 ++
.../java/org/openldap/fortress/rbac/AuthZ.java | 22 ++++++++++++++++++++
.../fortress/rbac/dao/unboundid/AuditDAO.java | 16 +++++++++++---
.../fortress/rbac/dao/unboundid/PermDAO.java | 10 ++++-----
4 files changed, 42 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9d516b8a/src/main/java/org/openldap/fortress/GlobalIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/GlobalIds.java b/src/main/java/org/openldap/fortress/GlobalIds.java
index 8453ea2..fc55cd3 100755
--- a/src/main/java/org/openldap/fortress/GlobalIds.java
+++ b/src/main/java/org/openldap/fortress/GlobalIds.java
@@ -505,6 +505,8 @@ public class GlobalIds
public final static boolean LDAP_FILTER_SIZE_FOUND = ( org.openldap.fortress.cfg.Config
.getProperty( LDAP_FILTER_SIZE_PROP ) != null );
public static final String APACHE_LDAP_API = "apache";
+ public static final String AUTH_Z_FAILED = "authzfailed";
+ public static final String AUTH_Z_FAILED_VALUE = "ftOpNm=" + AUTH_Z_FAILED;
/**
* maximum number of entries allowed for ldap filter replacements.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9d516b8a/src/main/java/org/openldap/fortress/rbac/AuthZ.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/AuthZ.java b/src/main/java/org/openldap/fortress/rbac/AuthZ.java
index 3c8ecd4..8a61cc7 100755
--- a/src/main/java/org/openldap/fortress/rbac/AuthZ.java
+++ b/src/main/java/org/openldap/fortress/rbac/AuthZ.java
@@ -72,6 +72,7 @@ import java.io.Serializable;
"reqStart",
"reqTimeLimit",
"reqType",
+ "reqAssertion",
"structuralObjectClass",
"subschemaSubentry",
"sequenceId"
@@ -103,6 +104,7 @@ public class AuthZ extends FortEntity implements Serializable
private String reqStart;
private String reqTimeLimit;
private String reqType;
+ private String reqAssertion;
private String structuralObjectClass;
private String subschemaSubentry;
private long sequenceId;
@@ -497,6 +499,26 @@ public class AuthZ extends FortEntity implements Serializable
}
/**
+ * Get the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.
+ *
+ * @return value that maps to 'reqAssertion' attribute on 'auditCompare' object class.
+ */
+ public String getReqAssertion()
+ {
+ return reqAssertion;
+ }
+
+ /**
+ * Set the Compare operation the reqAssertion attribute carries the Attribute Value Assertion used in the compare request.
+ *
+ * @param reqAssertion value maps to 'reqAssertion' attribute contained in the 'auditCompare' object class.
+ */
+ public void setReqAssertion( String reqAssertion )
+ {
+ this.reqAssertion = reqAssertion;
+ }
+
+ /**
* Returns the name of the structural object class that is used to log the event. For this entity
* this value will always be 'auditSearch'.
*
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9d516b8a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
index 2d3d4be..3d7255c 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/AuditDAO.java
@@ -160,7 +160,7 @@ public final class AuditDAO extends UnboundIdDataProvider implements org.openlda
CREATETIMESTAMP, CREATORSNAME, ENTRYCSN, ENTRYDN, ENTRYUUID, HASSUBORDINATES, MODIFIERSNAME,
MODIFYTIMESTAMP, OBJECTCLASS, REQATTR, REQATTRSONLY, REQUAUTHZID, REQCONTROLS, REQDN, REQDREFALIASES,
REQEND, REQENTRIES, REQFILTER, REQRESULT, REQSCOPE, REQSESSION, REQSIZELIMIT, REQSTART, REQTIMELIMIT,
- REQTYPE, STRUCTURALOBJECTCLASS, SUBSCHEMAENTRY
+ REQTYPE, REQASSERTION, STRUCTURALOBJECTCLASS, SUBSCHEMAENTRY
};
private static final String[] AUDIT_BIND_ATRS =
@@ -309,10 +309,14 @@ public final class AuditDAO extends UnboundIdDataProvider implements org.openlda
+ audit.getObjName() + "," + permRoot;
String filter = GlobalIds.FILTER_PREFIX + ACCESS_AUTHZ_CLASS_NM + ")(" + REQDN + "=" +
reqDn + ")(" + REQUAUTHZID + "=" + GlobalIds.UID + "=" + audit.getUserId() + "," + userRoot + ")";
+/*
+ todo: fixme (can't search on reqAssertion attribute):
if ( audit.isFailedOnly() )
{
- filter += "(!(" + REQRESULT + "=" + 6 + "))";
+ //filter += "(!(" + REQRESULT + "=" + 6 + "))";
+ filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
}
+*/
if ( audit.getBeginDate() != null )
{
String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
@@ -393,10 +397,14 @@ public final class AuditDAO extends UnboundIdDataProvider implements org.openlda
//filter += "(" + REQDN + "=" + GlobalIds.POP_NAME + "=" + audit.getOpName() + "," + GlobalIds.POBJ_NAME + "=" + audit.getObjName() + ",*)";
filter += "(" + REQDN + "=" + audit.getDn() + ")";
}
+/*
+ todo: fixme (can't search on reqAssertion attribute):
if (audit.isFailedOnly())
{
- filter += "(!(" + REQRESULT + "=" + 6 + "))";
+ //filter += "(!(" + REQRESULT + "=" + 6 + "))";
+ filter += "(" + REQASSERTION + "=" + GlobalIds.AUTH_Z_FAILED_VALUE + ")";
}
+*/
if ( audit.getBeginDate() != null )
{
String szTime = AttrHelper.encodeGeneralizedTime( audit.getBeginDate() );
@@ -752,6 +760,7 @@ public final class AuditDAO extends UnboundIdDataProvider implements org.openlda
private String reqStart;
private String reqTimeLimit;
private String reqType;
+ private String reqAssertion;
private String structuralObjectClass;
private String subschemaSubentry;
}*/
@@ -786,6 +795,7 @@ public final class AuditDAO extends UnboundIdDataProvider implements org.openlda
authZ.setReqScope( getAttribute( le, REQSCOPE ) );
authZ.setReqSizeLimit( getAttribute( le, REQSIZELIMIT ) );
authZ.setReqTimeLimit( getAttribute( le, REQTIMELIMIT ) );
+ authZ.setReqAssertion( getAttribute( le, REQASSERTION ) );
return authZ;
}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9d516b8a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
index 0fbff79..2395d10 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/unboundid/PermDAO.java
@@ -144,10 +144,10 @@ import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
public final class PermDAO extends UnboundIdDataProvider implements org.openldap.fortress.rbac.dao.PermDAO
{
/*
- * *************************************************************************
- * ** OpenAccessMgr PERMISSION STATICS
- * ************************************************************************
- */
+ * *************************************************************************
+ * ** OpenAccessMgr PERMISSION STATICS
+ * ************************************************************************
+ */
private static final String TYPE = "ftType";
private static final String PERM_OBJ_OBJECT_CLASS_NAME = "ftObject";
private static final String PERM_OP_OBJECT_CLASS_NAME = "ftOperation";
@@ -821,7 +821,7 @@ public final class PermDAO extends UnboundIdDataProvider implements org.openldap
else
{
// No, set a simple error message onto this attribute for storage into audit trail:
- attributeValue = "AuthZ Failed";
+ attributeValue = GlobalIds.AUTH_Z_FAILED;
}
// There is a switch in fortress config to disable audit ops like this one.
// But if used the compare method will use OpenLDAP's Proxy Authorization Control to assert identity of end user onto connection.
[05/50] git commit: FC-134 - replace bootstrap props with group vals
Posted by el...@apache.org.
FC-134 - replace bootstrap props with group vals
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/113be670
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/113be670
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/113be670
Branch: refs/heads/master
Commit: 113be6703be32c0d752e1d0ca6547273155a96cb
Parents: 1e8533b
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Jun 14 15:26:28 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Jun 14 15:26:28 2014 -0500
----------------------------------------------------------------------
build.xml | 3 +++
config/bootstrap/fortress.properties.src | 11 +++--------
2 files changed, 6 insertions(+), 8 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/113be670/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index 86ca1a7..84be0cd 100644
--- a/build.xml
+++ b/build.xml
@@ -788,6 +788,9 @@
<replace file="${dst.bootstrap.conf}" token="@ADMINPERMS_DN@" value="${adminperms.dn}"/>
<replace file="${dst.bootstrap.conf}" token="@AUDITS_DN@" value="${audits.dn}"/>
<replace file="${dst.bootstrap.conf}" token="@GROUPS_DN@" value="${groups.dn}"/>
+ <replace file="${dst.bootstrap.conf}" token="@GROUP_OBJECT_CLASS@" value="${group.objectclass}"/>
+ <replace file="${dst.bootstrap.conf}" token="@GROUP_PROTOCOL@" value="${group.protocol}"/>
+ <replace file="${dst.bootstrap.conf}" token="@GROUP_PROPERTIES@" value="${group.properties}"/>
<copy file="${src.remote.conf}" tofile="${dst.remote.conf}"/>
<replace file="${dst.remote.conf}" token="@SUFFIX@" value="${suffix}"/>
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/113be670/config/bootstrap/fortress.properties.src
----------------------------------------------------------------------
diff --git a/config/bootstrap/fortress.properties.src b/config/bootstrap/fortress.properties.src
index 308e9ad..f5ea519 100755
--- a/config/bootstrap/fortress.properties.src
+++ b/config/bootstrap/fortress.properties.src
@@ -144,14 +144,9 @@ ldap.sub.15=7e
#regXSafetext=^A-Za-z0-9- .
user.objectclass=inetOrgPerson
-group.objectclass=configGroup
-group.protocol=configProtocol
-group.properties=configParameter
-#group.objectclass=guacConfigGroup
-#group.protocol=guacConfigProtocol
-#group.properties=guacConfigParameter
-
-
+group.objectclass=@GROUP_OBJECT_CLASS@
+group.protocol=@GROUP_PROTOCOL@
+group.properties=@GROUP_PROPERTIES@
crypto.prop=@CFG_CRYPTO_PROP@
enable.audit=true
clientside.sorting=true
[32/50] git commit: added content to README
Posted by el...@apache.org.
added content to README
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/9f71d33d
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/9f71d33d
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/9f71d33d
Branch: refs/heads/master
Commit: 9f71d33d9b539200d56734ef604371aeff150bb1
Parents: a9c8b68
Author: Shawn McKinney <sh...@jts.us>
Authored: Tue Jul 15 09:07:56 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Tue Jul 15 09:07:56 2014 -0500
----------------------------------------------------------------------
README.txt | 155 ++++++++++++++++++++++++++++++++++----------------------
1 file changed, 95 insertions(+), 60 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/9f71d33d/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 9d1858d..1dbbeb3 100755
--- a/README.txt
+++ b/README.txt
@@ -15,26 +15,39 @@ ________________________________________________________________________________
###################################################################################
README for Fortress Identity and Access Management SDK
Version 1.0-RC38
-last updated: July 6, 2014
+last updated: July 14, 2014
-This document provides instructions to download, compile, test and use the
-Fortress IAM with OpenLDAP server. If you don't already have OpenLDAP installed,
-instructions following may be followed.
+Follow instructions to download, compile, load and test Fortress software with LDAP system.
+If you don't already have LDAP server installed, instructions follow below.
+
+APIs within this software package adhere to the following security standards:
+ 1 - IETF Password Policy Draft
+ 2 - An Effective Role Administration Model Using Organization Structure
+ - a.k.a. Administrative Role-Based Access Control (ARBAC02)
+ - OH/SANDHU/ZHANG
+ 3 - ANSI INCITS 359 Role-Based Access Control (RBAC)
+
+The combination of 1 2 & 3 above will be designated as 'A/P/R/BAC' in document as follows.
___________________________________________________________________________________
###################################################################################
-# Guidelines and Tips for first-time users
+# Tips for first-time users
###################################################################################
- - In the document that follows, when you read:
+ - Definitions: When you read:
+ FORTRESS_HOME, refer to the package root of the openldap-fortress-core project download.
+ OPENLDAP_HOME, refer to the root of OpenLDAP binary installation folder, e.g. /opt/etc/openldap
+ ANT_HOME, refer to the package root of the target machine's ant distribution package.
- - This system uses ant and maven targets to build, install and configure itself with OpenLDAP.
- There are also targets that may be used for management of process and policy data within LDAP.
- This document covers the most important ones to get started. For a full list of targets enter:
+ - This software package uses an Apache Ant script (FORTRESS_HOME/build.xml) to compile, install, and configure fortress into an LDAP server using
+ operational steps called 'targets'.
+
+ - The Ant targets may be used to manage A/P/R/BAC policy data contained within an existing LDAP server.
+
+ - This document describes the most important Ant targets to start using fortress. For a complete list of targets, enter (from FORTRESS_HOME):
$ANT_HOME/bin/ant -p
- - Questions or suggestions on how this package works? Submit to openldap-fortress mailing list:
+ - Or view the ant script itself (FORTRESS_HOME/build.xml).
+
+ - Questions pertaining to usage of this software may be submitted to:
http://www.openldap.org/lists/mm/listinfo/openldap-fortress
___________________________________________________________________________________
###################################################################################
@@ -54,12 +67,12 @@ More prereqs:
3. Apache Ant 1.8 or beyond installed to target environment
-4. OpenLDAP installed to target system. (options follow in section 1).
+4. LDAP server installed. (options follow in section 1).
-Note: Fortress is LDAPv3 compliant and works with other directory servers, especially ApacheDS:
-README-QUICKSTART-APACHEDS.html.
+Prereq notes:
-5. GIT installed to target environment. (Fortress developers only)
+ - Fortress is LDAPv3 compliant and works with any directory server.
+ - Tested with ApacheDS: FORTRESS_HOME/README-QUICKSTART-APACHEDS.html.
___________________________________________________________________________________
###################################################################################
# SECTION 1: Options for installing OpenLDAP to target server environment
@@ -105,8 +118,7 @@ read-only:
Committers: Open a terminal session within preferred folder name/location and enter the following command:
>git clone ssh://git-master.openldap.org/~git/git/openldap-fortress-core.git
-This will pull down source code from GIT and load into
-the directory from which it ran, hereafter called 'FORTRESS_HOME'.
+Pulls source code from GIT and loads into the current directory, hereafter called 'FORTRESS_HOME'.
___________________________________________________________________________________
###################################################################################
# SECTION 3. Instructions to build openldap-fortress-core software distribution packages using 'dist' target.
@@ -117,19 +129,31 @@ NOTE: The Fortress build.xml may run without connection to Internet iff:
- Local mode has been enabled on target machine. Local mode can be enabled by adding this property to build.properties:
local.mode=true
-a. from the FORTRESS_HOME root folder, enter the following:
+a. set JAVA_HOME per target machine
+
+for example:
+>export JAVA_HOME=/opt/jdk1.7.0_10
+
+b. set ANT_HOME per target machine:
+
+for example:
+>export ANT_HOME=/home/user/apache-ant-1.8.2
+
+c. from the FORTRESS_HOME root folder, enter the following command:
>$ANT_HOME/bin/ant dist
-- During the above step, Apache Ivy jar will download automatically to the configured $ANT_HOME/lib folder.
+dist notes:
-- During the above step, fortress dependencies will be downloaded from maven global
+- Apache Ivy jar will download automatically to the configured $ANT_HOME/lib folder.
+
+- fortress dependencies will be downloaded from maven global
Internet repository using Apache Ivy into $FORTRESS_HOME/lib.
- Fortress source modules will be compiled along with production of java archive (jar)
files, javadoc and sample distributions.
-- All project artifacts are loaded into $FORTRESS_HOME/dist location.
+- Project artifacts are loaded into $FORTRESS_HOME/dist location.
___________________________________________________________________________________
###################################################################################
# SECTION 4. Instructions for FORTRESS QUICKSTART builder installation of OpenLDAP
@@ -229,15 +253,14 @@ slapd.uninstall=rpm -e symas-openldap-gold
i. (option if using Symas OpenLDAP binaries) Point slapdInstall.sh to use correct Symas OpenLDAP installation binaries.
for example for Redhat i386:
slapd.install=rpm -Uvv symas-openldap-gold.i386-2.4.25.110424.rpm
-
___________________________________________________________________________________
###################################################################################
# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation using 'load-slapd' target.
###################################################################################
-a. Install OpenLDAP using your existing package management system.
+a. Install OpenLDAP using preferred method.
- For example:
+ For example (existing package management system):
+ On Debian systems: http://wiki.debian.org/LDAP/OpenLDAPSetup
@@ -248,7 +271,7 @@ a. Install OpenLDAP using your existing package management system.
b. Copy fortress schema to openldap schema folder:
-cp FORTRESS_HOME/ldap/schema/fortress.schema OPENLDAP_HOME/etc/openldap/schema
+>cp FORTRESS_HOME/ldap/schema/fortress.schema OPENLDAP_HOME/etc/openldap/schema
c. Enable Fortress schema in slapd.conf:
@@ -368,6 +391,13 @@ from the FORTRESS_HOME root folder, enter the following:
m. Skip to SECTION 8 to regression test Fortress and OpenLDAP
+load-slapd notes:
+
+ - Uses 'admin' target (described in SECTION 13) to seed the configured default database with data, i.e. db.root in build.properties file, using the following files:
+ 1 - refreshLDAPData.xml - DIT organizationalUnit structure and client config data - required for Fortress Java SDK to work.
+ 2 - DelegatedAdminManagerLoad.xml - Delegated administration policy - required for EnMasse and Commander web application demonstrations.
+ 3 - FortressDemoUsers.xml - demo/sample data - not required.
+ - for production usage 2 & 3 above may be cleared out using any ldap client tool.
___________________________________________________________________________________
###################################################################################
# SECTION 7. Instructions for Symas installation of OpenLDAP - using 'init-slapd' target
@@ -419,30 +449,36 @@ if not sudo you must run as user that has priv to modify folders in /var and /op
>su
>$ANT_HOME/bin/ant init-slapd
+init-slapd notes:
+
+ - Refreshes database contents by moving default and history database folders to location ${db.root}/backup.
+ - per your db.root setting in build.properties file.
+ - Seeds LDAP data by calling 'load-slapd' target as described in section above.
_______________________________________________________________________________
###############################################################################
-# SECTION 8. Instructions to fully regression test openldap-fortress-core using 'test-full' target
-###############################################################################
+# SECTION 8. Instructions to integration test openldap-fortress-core using 'test-full' target
+########################################s#######################################
a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant test-full
-Testing Notes:
+test-full Notes:
- - If these tests complete without Junit or ant ERRORS, Fortress is certified to run on the target ldap server.
+ - If tests complete without Junit or ant ERRORS, current Fortress is certified to run on target ldap server.
- - These tests will load thousands of records into the target ldap server.
+ - Tests load thousands of records into target ldap server.
- - The 'test-full' target may be run as many times as necessary and should be run at least twice to test the teardown APIs.
+ - The 2nd and subsequent times test runs, teardown of data from prior run occurs.
- - The 2nd and subsequent times 'test-full' runs, it will tear down the data loaded during the prior run.
+ - Should be run at least twice to verify Fortress A/P/R/BAC teardown API success.
- - After the 'test-full' target runs, you may run the 'init-slapd' target to clear out the the test data loaded.
- - Unless you followed steps from SECTION 6 (existing OpenLDAP server), in which case do NOT run the 'init-slapd' target.
+ - After this target runs, the organizationalUnit structure must remain in target LDAP DIT.
+ - The test data may be cleared.
+ - One way to clear out the the test data is to run the 'init-slapd' target (described in previous section).
+ - If you followed steps from SECTION 6 (existing OpenLDAP server), do NOT run the 'init-slapd' target.
- WARNING log messages are good as these are negative tests in action:
-
___________________________________________________________________________________
###################################################################################
# SECTION 9. Instructions to run the openldap-fortress-core command line interpreter (CLI) utility using 'cli' target
@@ -455,10 +491,9 @@ a. from FORTRESS_HOME enter the following command:
b. follow instructions in the command line interpreter reference manual contained within the javadoc:
$FORTRESS_HOME/dist/docs/api/com/jts/fortress/cli/package-summary.html
-
___________________________________________________________________________________
###################################################################################
-# SECTION 10. Learn how to use openldap-fortress-core APIs with samples using 'test-samples' target
+# SECTION 10. Learn how to use openldap-fortress-core A/P/R/BAC APIs with samples using 'test-samples' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
@@ -483,13 +518,13 @@ $FORTRESS_HOME/dist/docs/api/index.html
Testing Notes:
- - Test cases are simple and useful for learning how to code using Fortress APIs.
+ - Test cases are simple and useful for learning how to code using Fortress A/P/R/BAC APIs.
- Tests should complete without Junit or ant ERRORS.
- These tests will load some records into the target ldap server.
- - The 'test-samples' target may be run as many times as necessary and should be run at least twice to test the teardown APIs.
+ - The 'test-samples' target may be run as many times as necessary and should be run at least twice to test the teardown A/P/R/BAC APIs.
- The 2nd and subsequent times 'test-samples' runs, it will tear down the data loaded during the prior run.
___________________________________________________________________________________
@@ -500,7 +535,6 @@ ________________________________________________________________________________
a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant console
-
___________________________________________________________________________________
###################################################################################
# SECTION 12. Instructions to encrypt LDAP passwords used in openldap-fortress-core config files.
@@ -509,7 +543,7 @@ ________________________________________________________________________________
If you need the passwords for LDAP service accounts to be encrypted before loading into Fortress properties files you can
use the 'encrypt' ant target.
-a. From FORTRESS_BUILDER_HOME root folder, enter the following command from a system prompt:
+a. From FORTRESS_HOME root folder, enter the following command from a system prompt:
>$ANT_HOME/bin/ant encrypt -Dparam1=secret
encrypt:
@@ -518,38 +552,30 @@ encrypt:
BUILD SUCCESSFUL
Total time: 1 second
-b. Copy the Encrypted value and paste it into the corresponding build.properties setting, e.g.:
+b. Copy the hashed value and paste it into the corresponding build.properties setting, e.g.:
-# This OpenLDAP admin root pass is bound for fortress.properties and was encrypted using 'encrypt' target in build.xml:
+# This OpenLDAP admin root pass is bound for fortress.properties and was hashed using 'encrypt' target in build.xml:
cfg.log.root.pw=wApnJUnuYZRBTF1zQNxX/Q==
-
___________________________________________________________________________________
###################################################################################
-# SECTION 13. Troubleshooting
+# SECTION 13. Instructions to load data into the default database using 'admin' target.
###################################################################################
-a. Problem with javac under sudo
-
-If you see this error:
+If you need to load data into the default database you can use the 'admin' ant target.
-BUILD FAILED
-/home/user/tmp/fortress/13/openldap-fortress-core-302f201/build.xml:233: Unable to find a javac compiler;
-com.sun.tools.javac.Main is not on the classpath.
-Perhaps JAVA_HOME does not point to the JDK.
-It is currently set to "/usr/lib/jvm/java-7-openjdk/jre"
+a. Create a load file using examples from FORTRESS_HOME/ldap/setup folder.
-If running sudo:
+e.g. myLoadFile.xml
-- Option 1:
-sudo apt-get install openjdk-7-jdk
+b. From FORTRESS_HOME folder, enter the following command from a system prompt:
-- Option 2:
+>$ANT_HOME/bin/ant admin -Dparam1=/ldap/setup/myLoadFile.xml
-add this to build.xml javac task:
+admin notes:
- executable="/opt/jdk1.7.0_27/bin/javac"
- compiler="javac1.7"
- fork = "true"
+ - Calls ant target to execute FortressAntTask class (described in FORTRESS_HOME/dist/docs/api/org/openldap/fortress/ant/FortressAntTask.html).
+ - Drives Fortress A/P/R/BAC APIs using supplied text files containing data in xml format.
+ - Used to automatically load common data into target ldap machines.
___________________________________________________________________________________
###################################################################################
# SECTION 14. Instructions to enable Apache Ivy dependency management
@@ -567,3 +593,12 @@ a. from FORTRESS_HOME enter the following command:
- After the above commands are run (also assuming network is good), Apache Ivy library
will downloaded into ANT_HOME/lib folder. Ivy is needed to build Fortress.
+___________________________________________________________________________________
+###################################################################################
+# SECTION 15. Troubleshooting
+###################################################################################
+
+- common problems related to environment variables not being properly set per SECTION 3.
+- can't pull down binary dependencies per SECTION 0.
+- consult the openldap-fortress mailing list:
+ http://www.openldap.org/lists/mm/listinfo/openldap-fortress
\ No newline at end of file
[45/50] git commit: FC-147 - RC39 Cleanup
Posted by el...@apache.org.
FC-147 - RC39 Cleanup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/1b0a0bcd
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/1b0a0bcd
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/1b0a0bcd
Branch: refs/heads/master
Commit: 1b0a0bcd24b171f38c23036c01c18856041a0cba
Parents: e8aad1d
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Aug 11 12:52:36 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Aug 11 12:52:36 2014 -0500
----------------------------------------------------------------------
README-QUICKSTART.html | 2 +-
ivy.xml | 8 +++-----
2 files changed, 4 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/1b0a0bcd/README-QUICKSTART.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART.html b/README-QUICKSTART.html
index d53ab35..621e921 100755
--- a/README-QUICKSTART.html
+++ b/README-QUICKSTART.html
@@ -444,7 +444,7 @@ The 'test-full' target may be re-run as often as necessary. After regressions t
<li>Reload necessary regression test data by running the <b>test-full</b> target described in <b>Section IV: Instructions to regression test Fortress and Symas OpenLDAP on target machine</b>
</li><br>
<li>Now you can run the rbac accelerator regression tests:
- <br><pre><p style="font-family:monospace;color:blue;font-size:14px;">./b.sh test-full-accel</p></pre>
+ <br><pre><p style="font-family:monospace;color:blue;font-size:14px;">./b.sh test-accel-full</p></pre>
</li>
<li>Verify the <b>test-full-accel</b> target completed with no ant or junit errors</li><br>
<li>Check out the javadoc for learning about APIs supported within the RBAC accelerator:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/1b0a0bcd/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 0ee65e4..888149c 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -60,17 +60,15 @@
</dependency>
<!-- Fortress core source is NOT dependent on Sentry, EnMasse or Commander artifacts rather they're required for its QUICKSTART demo apps: -->
-<!--
- <dependency org="org.openldap" name="sentry" rev="1.0-RC38" conf="default->master">
+ <dependency org="org.openldap" name="sentry" rev="1.0-RC39" conf="default->master">
<artifact name="sentry" e:classifier="dist" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="enmasse" rev="1.0-RC38" conf="default->master">
+ <dependency org="org.openldap" name="enmasse" rev="1.0-RC39" conf="default->master">
<artifact name="enmasse" type="jar"/>
</dependency>
- <dependency org="org.openldap" name="commander" rev="1.0-RC38" conf="default->master">
+ <dependency org="org.openldap" name="commander" rev="1.0-RC39" conf="default->master">
<artifact name="commander" type="jar"/>
</dependency>
--->
</dependencies>
</ivy-module>
[35/50] git commit: table of contents added to README.txt
Posted by el...@apache.org.
table of contents added to README.txt
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/e6fa6eb8
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/e6fa6eb8
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/e6fa6eb8
Branch: refs/heads/master
Commit: e6fa6eb81195cc448608d04ac8f62e8762535c0d
Parents: 38f45b8
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Jul 19 12:00:59 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Jul 19 12:00:59 2014 -0500
----------------------------------------------------------------------
README.txt | 54 ++++++++++++++++++++++++++++++++++++++----------------
build.xml | 2 +-
2 files changed, 39 insertions(+), 17 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e6fa6eb8/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index ee8a4c0..622834c 100755
--- a/README.txt
+++ b/README.txt
@@ -15,13 +15,35 @@ ________________________________________________________________________________
###################################################################################
# README for Fortress Identity and Access Management SDK
# Version 1.0-RC38
-# last updated: July 15, 2014
+# last updated: July 19, 2014
###################################################################################
-# Introduction
+# Table of Contents
###################################################################################
-
-This document contains instructions to download, compile, load and test Fortress software with LDAP system.
-If you don't already have an LDAP server installed, options to do so follow in subsequent sections.
+# Document Overview
+# Tips for first-time users of Fortress
+# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
+# SECTION 1: Options for installing OpenLDAP to target server environment
+# SECTION 1: Options for installing OpenLDAP to target server environment
+# SECTION 2. Instructions for Fortress Quickstart builder installation of OpenLDAP
+# SECTION 3. Instructions to pull Fortress source code from OpenLDAP GIT
+# SECTION 4. Instructions to build software distribution packages using 'dist' target.
+# SECTION 5. Instructions to configure SDK for target system using build.properties file.
+# SECTION 6. Instructions for using pre-existing or native OpenLDAP installation using 'load-slapd' target.
+# SECTION 7. Instructions for Symas installation of OpenLDAP - using 'init-slapd' target
+# SECTION 8. Instructions to integration test using 'test-full' target
+# SECTION 9. Instructions to run the command line interpreter (CLI) utility using 'cli' target
+# SECTION 10. Instructions to use Fortress A/P/R/BAC APIs with samples using 'test-samples' target
+# SECTION 11. Instructions to run the command console using 'console' target
+# SECTION 12. Instructions to encrypt LDAP passwords used in config files.
+# SECTION 13. Instructions to load data into the default database using 'admin' target.
+# SECTION 14. Instructions to enable Apache Ivy dependency management
+# SECTION 15. Troubleshooting
+___________________________________________________________________________________
+###################################################################################
+# Document Overview
+###################################################################################
+This document contains instructions to download, compile, load and test Fortress SDK with LDAP system.
+If you don't already have an LDAP server installed, options follow in subsequent sections.
APIs within this software package adhere to the following security standards:
1 - IETF Password Policy Draft
@@ -33,7 +55,7 @@ APIs within this software package adhere to the following security standards:
The combination of 1 2 & 3 above will be designated as 'A/P/R/BAC' in document as follows.
___________________________________________________________________________________
###################################################################################
-# Tips for first-time users of Fortress
+# Tips for first-time users of Fortress
###################################################################################
- Follow the instructions in SECTION 2 (INSTALL Option 1).
@@ -61,7 +83,7 @@ ________________________________________________________________________________
###################################################################################
1. Internet access to retrieve source code from OpenLDAP GIT and binary dependencies from online Maven repo.
Fortress installation procedures use Apache Ant & Ivy. Ivy pulls external dependencies from Maven repositories over the Internet.
-These ant targets need external access to the Internet to pull down dependencies but may run without external connection IFF:
+These ant targets need external access to the Internet to pull down dependencies but may run without IFF:
a. The necessary binary jars are already present and loaded into FORTRESS_HOME/lib folder. For list of dependency jars check out the ivy.xml file.
b. Local mode has been enabled in target runtime env. This can be done by adding the following to build.properties file:
@@ -105,7 +127,7 @@ This document includes three options for use of Fortress and LDAP server:
3, 4, 5, 7, 8
___________________________________________________________________________________
###################################################################################
-# SECTION 2. Instructions for FORTRESS QUICKSTART builder installation of OpenLDAP
+# SECTION 2. Instructions for Fortress Quickstart builder installation of OpenLDAP
###################################################################################
a. Go to http://iamfortress.org/download
@@ -137,7 +159,7 @@ Committers: Open a terminal session within preferred folder name/location and en
Pulls source code from GIT and loads into the current directory, hereafter called 'FORTRESS_HOME'.
___________________________________________________________________________________
###################################################################################
-# SECTION 4. Instructions to build openldap-fortress-core software distribution packages using 'dist' target.
+# SECTION 4. Instructions to build software distribution packages using 'dist' target.
###################################################################################
NOTE: The Fortress build.xml may run without connection to Internet iff:
@@ -173,7 +195,7 @@ dist notes:
- Project artifacts are loaded into $FORTRESS_HOME/dist location.
___________________________________________________________________________________
###################################################################################
-# SECTION 5. Instructions to configure openldap-fortress-core SDK for target system using build.properties file.
+# SECTION 5. Instructions to configure SDK for target system using build.properties file.
###################################################################################
- This must be done when OpenLDAP is not installed with the Fortress QUICKSTART package.
@@ -455,7 +477,7 @@ init-slapd notes:
- Seeds LDAP data by calling 'load-slapd' target as described in section above.
_______________________________________________________________________________
###############################################################################
-# SECTION 8. Instructions to integration test openldap-fortress-core using 'test-full' target
+# SECTION 8. Instructions to integration test using 'test-full' target
########################################s#######################################
a. from FORTRESS_HOME enter the following command:
@@ -468,7 +490,7 @@ test-full Notes:
- Tests load thousands of records into target ldap server.
- - The 2nd and subsequent times test runs, teardown of data from prior run occurs.
+ - The 2nd and subsequent time tests runs, teardown of data from prior run occurs.
- Should be run at least twice to verify Fortress A/P/R/BAC teardown API success.
@@ -480,7 +502,7 @@ test-full Notes:
- WARNING log messages are good as these are negative tests in action:
___________________________________________________________________________________
###################################################################################
-# SECTION 9. Instructions to run the openldap-fortress-core command line interpreter (CLI) utility using 'cli' target
+# SECTION 9. Instructions to run the command line interpreter (CLI) utility using 'cli' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
@@ -492,7 +514,7 @@ b. follow instructions in the command line interpreter reference manual containe
$FORTRESS_HOME/dist/docs/api/com/jts/fortress/cli/package-summary.html
___________________________________________________________________________________
###################################################################################
-# SECTION 10. Learn how to use openldap-fortress-core A/P/R/BAC APIs with samples using 'test-samples' target
+# SECTION 10. Instructions to use Fortress A/P/R/BAC APIs with samples using 'test-samples' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
@@ -528,7 +550,7 @@ Testing Notes:
- The 2nd and subsequent times 'test-samples' runs, it will tear down the data loaded during the prior run.
___________________________________________________________________________________
###################################################################################
-# SECTION 11. Instructions to run the openldap-fortress-core command console using 'console' target
+# SECTION 11. Instructions to run the command console using 'console' target
###################################################################################
a. from FORTRESS_HOME enter the following command:
@@ -536,7 +558,7 @@ a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant console
___________________________________________________________________________________
###################################################################################
-# SECTION 12. Instructions to encrypt LDAP passwords used in openldap-fortress-core config files.
+# SECTION 12. Instructions to encrypt LDAP passwords used in config files.
###################################################################################
If you need the passwords for LDAP service accounts to be encrypted before loading into Fortress properties files you can
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/e6fa6eb8/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index d840de2..2fb371e 100644
--- a/build.xml
+++ b/build.xml
@@ -860,7 +860,7 @@
<target name="load-slapd" depends="build-jar" description="--> task runs ant admin scripts to refresh fortress boostrap data">
<echo message="############### Initialize OpenLDAP ###############"/>
- <echo message="Load the Fortress boostrap config and demo users"/>
+ <echo message="Load the Fortress bootstrap config and demo users"/>
<antcall target="admin">
<param name="param1" value="${dst.load.bootstrap.script}"/>
</antcall>
[12/50] git commit: and more changes to README
Posted by el...@apache.org.
and more changes to README
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/63893e34
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/63893e34
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/63893e34
Branch: refs/heads/master
Commit: 63893e34ae2c16ad6a0b60f5e1e079d0bee472bc
Parents: 683d5d3
Author: Shawn McKinney <sh...@jts.us>
Authored: Wed Jun 25 17:16:51 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Wed Jun 25 17:16:51 2014 -0500
----------------------------------------------------------------------
README.txt | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/63893e34/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 7cbc8e9..40a62d1 100755
--- a/README.txt
+++ b/README.txt
@@ -14,7 +14,7 @@
___________________________________________________________________________________
###################################################################################
README for Fortress Identity and Access Management SDK
-Version 1.0.0.RC37
+Version 1.0-RC37
last updated: June 25, 2014
This document provides instructions to download, compile, test and use the
@@ -264,7 +264,7 @@ ________________________________________________________________________________
# SECTION 7. Instructions for Symas installation of OpenLDAP
###################################################################################
-a. Go to http://www.symas.com/index.php/downloads/
+a. Go to Symas.com downloads section.
b. Register, pull down Silver or Gold packages for target server.
@@ -315,22 +315,22 @@ _______________________________________________________________________________
# SECTION 8. Instructions to test openldap-fortress-core using regression tests
###############################################################################
-a. from the same shell prompt as 2a enter the following:
-
-(if first time regression tests run:)
-
->$ANT_HOME/bin/ant test-full-init
-
-b. Or for subsequent runs:
+a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant test-full
+Notes:
+ - These tests load tens of thousands of ldap records into your newly installed directory.
+ - The 'init-slapd' and 'test-full' targets may be re-run as often as necessary.
+ - After regressions testing has completed, you may run the 'init-slapd' target to remove all test data from the directory.
+ - WARNING log messages in test output are good as these are negative tests in action:
+ - If these test completes without junit or ant ERRORS, Fortress is certified to run on your target ldap server machine.
___________________________________________________________________________________
###################################################################################
# SECTION 9. Instructions to run the openldap-fortress-core command line interpreter (CLI) utility
###################################################################################
-a. from the same shell prompt as 2a enter the following:
+a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant cli
@@ -343,7 +343,7 @@ ________________________________________________________________________________
# SECTION 10. Learn how to use openldap-fortress-core APIs with samples
###################################################################################
-a. from the same shell prompt as 2a enter the following:
+a. from FORTRESS_HOME enter the following command:
(if first time sample tests run)
@@ -374,7 +374,7 @@ ________________________________________________________________________________
# SECTION 11. Instructions to run the openldap-fortress-core command console
###################################################################################
-a. from the same shell prompt as 2a enter the following:
+a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant console
@@ -436,7 +436,7 @@ Note: This is included for informational purposes in case it fails to automatic
- Apache Ivy is used to retrieve the Java libraries that openldap-fortress-core depends on.
-a. Open a shell prompt within the FORTRESS_HOME root folder and enter the following:
+a. from FORTRESS_HOME enter the following command:
>export JAVA_HOME=/path to the root folder of your java SDK
>export ANT_HOME=/path to the root folder of your Apache Ant installation
[30/50] git commit: another update to README.txt
Posted by el...@apache.org.
another update to README.txt
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/aad78e27
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/aad78e27
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/aad78e27
Branch: refs/heads/master
Commit: aad78e271c62d4b0122a46388fb962e12d752f12
Parents: 4d4a7d6
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Jul 6 10:44:16 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Jul 6 10:44:16 2014 -0500
----------------------------------------------------------------------
README.txt | 46 +++++++++++++++++++++++++++++++---------------
1 file changed, 31 insertions(+), 15 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/aad78e27/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index 2ae4437..9517197 100755
--- a/README.txt
+++ b/README.txt
@@ -14,12 +14,28 @@
___________________________________________________________________________________
###################################################################################
README for Fortress Identity and Access Management SDK
-Version 1.0-RC37
-last updated: July 4, 2014
+Version 1.0-RC38
+last updated: July 6, 2014
This document provides instructions to download, compile, test and use the
Fortress IAM with OpenLDAP server. If you don't already have OpenLDAP installed,
-instructions contained within may be followed.
+instructions following may be followed.
+___________________________________________________________________________________
+###################################################################################
+# Guidelines and Tips for first-time users
+###################################################################################
+ - In the document that follows, when you read:
+ + FORTRESS_HOME, refer to the package root of the openldap-fortress-core project download.
+ + OPENLDAP_HOME, refer to the root of OpenLDAP binary installation folder, e.g. /opt/etc/openldap
+ + ANT_HOME, refer to the package root of the target machine's ant distribution package.
+
+ - This system uses ant and maven targets to build, install and configure itself with OpenLDAP.
+ There are also targets that may be used for management of process and policy data within LDAP.
+ This document covers the most important ones to get started. For a full list of targets enter:
+ $ANT_HOME/bin/ant -p
+
+ - Questions or suggestions on how this package works? Submit to openldap-fortress mailing list:
+ http://www.openldap.org/lists/mm/listinfo/openldap-fortress
___________________________________________________________________________________
###################################################################################
# SECTION 0: Prerequisites for Fortress SDK installation and use with LDAP server
@@ -86,7 +102,7 @@ read-only:
# If Fortress Developer and have access to GIT repo:
-committers: Open a terminal session within preferred folder name/location and enter the following command:
+Committers: Open a terminal session within preferred folder name/location and enter the following command:
>git clone ssh://git-master.openldap.org/~git/git/openldap-fortress-core.git
This will pull down source code from GIT and load into
@@ -97,7 +113,7 @@ ________________________________________________________________________________
###################################################################################
NOTE: The Fortress build.xml may run without connection to Internet iff:
-- The binary dependencies are already present in $FORTRESS_HOME/openldap-fortress-core/lib folder
+- The binary dependencies are already present in $FORTRESS_HOME/lib folder
- Local mode has been enabled on target machine. Local mode can be enabled by adding this property to build.properties:
local.mode=true
@@ -108,12 +124,12 @@ a. from the FORTRESS_HOME root folder, enter the following:
- During the above step, Apache Ivy jar will download automatically to the configured $ANT_HOME/lib folder.
- During the above step, fortress dependencies will be downloaded from maven global
- Internet repository using Apache Ivy into $FORTRESS_HOME/openldap-fortress-core/lib.
+ Internet repository using Apache Ivy into $FORTRESS_HOME/lib.
- Fortress source modules will be compiled along with production of java archive (jar)
files, javadoc and sample distributions.
-- All project artifacts are loaded into $FORTRESS_HOME/openldap-fortress-core/dist location.
+- All project artifacts are loaded into $FORTRESS_HOME/dist location.
___________________________________________________________________________________
###################################################################################
# SECTION 4. Instructions for FORTRESS QUICKSTART builder installation of OpenLDAP
@@ -139,7 +155,7 @@ ________________________________________________________________________________
- unless you know what you are doing, never change ant substitution parameters within the properties. These are are anything inside and including '${}'. i.e. ${param1}.
-a. Edit the $FORTRESS_HOME/openldap-fortress-core/build.properties file.
+a. Edit the $FORTRESS_HOME/build.properties file.
b. Set the LDAP Host and port properties. Either a valid host name or IP address can be used. If you are running the build.xml script from same platform as your
are running OpenLDAP, localhost will do:
@@ -239,8 +255,8 @@ c. Enable Fortress schema in slapd.conf:
include OPENLDAP_HOME/etc/openldap/schema/fortress.schema
-note: for steps b & c above substitute FORTRESS_HOME for root of your Fortress installation.
-note: for steps b above substitute OPENLDAP_HOME for root of your OPENLDAP installation.
+note: for steps b above substitute FORTRESS_HOME for root of your Fortress installation.
+note: for steps b & c above substitute OPENLDAP_HOME for root of your OPENLDAP installation.
d. For password policy support, enable pwpolicy overlay in slapd.conf:
@@ -438,7 +454,7 @@ a. from FORTRESS_HOME enter the following command:
b. follow instructions in the command line interpreter reference manual contained within the javadoc:
-$FORTRESS_HOME/openldap-fortress-core/dist/docs/api/com/jts/fortress/cli/package-summary.html
+$FORTRESS_HOME/dist/docs/api/com/jts/fortress/cli/package-summary.html
___________________________________________________________________________________
###################################################################################
@@ -451,7 +467,7 @@ a. from FORTRESS_HOME enter the following command:
c. view and change the samples here:
-$FORTRESS_HOME/openldap-fortress-core/src/test/com/jts/fortress/samples
+$FORTRESS_HOME/src/test/com/jts/fortress/samples
d. compile and re-run samples to test your changes using:
@@ -459,11 +475,11 @@ d. compile and re-run samples to test your changes using:
e. view the samples java doc here:
-$FORTRESS_HOME/openldap-fortress-core/dist/docs/samples/index.html
+$FORTRESS_HOME/dist/docs/samples/index.html
f. view the fortress-core SDK java doc here:
-$FORTRESS_HOME/openldap-fortress-core/dist/docs/api/index.html
+$FORTRESS_HOME/dist/docs/api/index.html
Testing Notes:
@@ -520,7 +536,7 @@ BUILD FAILED
/home/user/tmp/fortress/13/openldap-fortress-core-302f201/build.xml:233: Unable to find a javac compiler;
com.sun.tools.javac.Main is not on the classpath.
Perhaps JAVA_HOME does not point to the JDK.
-It is currently set to "/usr/lib/jvm/java-6-openjdk/jre"
+It is currently set to "/usr/lib/jvm/java-7-openjdk/jre"
If running sudo:
[18/50] git commit: FC-140 - RBAC Overlay DB dir not setup
Posted by el...@apache.org.
FC-140 - RBAC Overlay DB dir not setup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/4974c325
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/4974c325
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/4974c325
Branch: refs/heads/master
Commit: 4974c32531e6b81de4764665fdbe0a0a60092fa2
Parents: f069646
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Jun 30 08:31:38 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Jun 30 08:31:38 2014 -0500
----------------------------------------------------------------------
ldap/slapd.conf.src | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4974c325/ldap/slapd.conf.src
----------------------------------------------------------------------
diff --git a/ldap/slapd.conf.src b/ldap/slapd.conf.src
index 7304b03..5eb2409 100755
--- a/ldap/slapd.conf.src
+++ b/ldap/slapd.conf.src
@@ -131,7 +131,7 @@ ppolicy_hash_cleartext
@IS_RBAC_ACCELERATOR@suffix "@SESSIONS_DN@"
@IS_RBAC_ACCELERATOR@rootdn "cn=manager,@SESSIONS_DN@"
@IS_RBAC_ACCELERATOR@rootpw @LOG_ROOT_PW@
-@IS_RBAC_ACCELERATOR@directory "@RBAC_DB_PATH@"
+@IS_RBAC_ACCELERATOR@directory "@RBACSESS_DB_PATH@"
@IS_RBAC_ACCELERATOR@overlay dds
@IS_RBAC_ACCELERATOR@dds-default-ttl 3600
@IS_RBAC_ACCELERATOR@dds-max-dynamicObjects 100000
@@ -156,6 +156,7 @@ ppolicy_hash_cleartext
@IS_RBAC_ACCELERATOR@suffix "@RBAC_DN@"
@IS_RBAC_ACCELERATOR@rootdn "cn=manager,@RBAC_DN@"
@IS_RBAC_ACCELERATOR@rootpw @LOG_ROOT_PW@
+@IS_RBAC_ACCELERATOR@directory "@RBACOVERLAY_DB_PATH@"
@IS_RBAC_ACCELERATOR@overlay rbac
@IS_RBAC_ACCELERATOR@rbac-default-tenant-id "@SUFFIX_NAME@"
@IS_RBAC_ACCELERATOR@rbac-default-users-base-dn "@USERS_DN@"
[29/50] git commit: FC-142 - RC38 Cleanup
Posted by el...@apache.org.
FC-142 - RC38 Cleanup
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/4d4a7d68
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/4d4a7d68
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/4d4a7d68
Branch: refs/heads/master
Commit: 4d4a7d6894bab656b7bd3564bb112efaad394935
Parents: d911e22
Author: Shawn McKinney <sh...@jts.us>
Authored: Sun Jul 6 01:57:12 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sun Jul 6 01:57:12 2014 -0500
----------------------------------------------------------------------
README-QUICKSTART.html | 72 +++++++++++++++++++++++++++++++++++++--------
README.txt | 2 +-
ivy.xml | 21 ++++++-------
3 files changed, 69 insertions(+), 26 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4d4a7d68/README-QUICKSTART.html
----------------------------------------------------------------------
diff --git a/README-QUICKSTART.html b/README-QUICKSTART.html
index 26e7f55..c651585 100755
--- a/README-QUICKSTART.html
+++ b/README-QUICKSTART.html
@@ -16,14 +16,27 @@
<img src="./images/fortresscommunitylogov3.jpg" />
<br>
<p>
-These instructions are intended for new users who want to quickly learn how to install and test JoshuaTree Fortress and Symas OpenLDAP IAM software using the QUICKSTART package:
- http://iamfortress.org/download
- For instructions on how to get Fortress working with existing OpenLDAP instance, following instructions in README.txt, SECTION 6
-<br><br>Follow the steps and
+The intent of this document is to help new users with OpenLDAP Fortress IAM software using one of the the linux QUICKSTART packages located here:
+ <a href="http://iamfortress.org/download">iamfortress.org/download</a>
+ <br>For instructions on how to get Fortress connected to an existing OpenLDAP instance, follow the instructions inside <b>SECTION 6</b> of this document: <a href="./README.txt">README.txt</a>
+ <h2>Table of Contents</h2>
<ul>
- <li>OpenLDAP will be installed, configured, loaded, and ready to use by <em>Section IV</em>.</li>
- <li>Commander Web Admin demo starts in <em>Section V</em></li>
- <li>EnMasse Policy Server demo starts in <em>Section XI</em></li>
+ <li>System Prerequisites</li>
+ <li>Guidelines and Tips for first-time users</li>
+ <li><b><em>Section I</em></b> - download Fortress QUICKSTART and prepare the package</li>
+ <li><b><em>Section II</em></b> - compile Fortress source and build distribution packages</li>
+ <li><b><em>Section III</em></b> - install, configure and load OpenLDAP with seed data</li>
+ <li><b><em>Section IV</em></b> - integration test Fortress and OpenLDAP</li>
+ <li><b><em>Section V</em></b> - Commander Web Administration demo</li>
+ <li><b><em>Section VI</em></b> - integration test Commander with Solenium</li>
+ <li><b><em>Section VII</em></b> - connecting to Commander via Web browser</li>
+ <li><b><em>Section VIII</em></b> - Instructions to use Fortress Command Line Interpreter (CLI)</li>
+ <li><b><em>Section IX</em></b> - Instructions to use Fortress Console utility (CLI)</li>
+ <li><b><em>Section X</em></b> - How to generate and view javadoc</li>
+ <li><b><em>Section XI</em></b> - EnMasse REST Policy Server demo</li>
+ <li><b><em>Section XII</em></b> - integration test Fortress, EnMasse and OpenLDAP</li>
+ <li><b><em>Section XIII</em></b> - enable and test the OpenLDAP RBAC Accelerator Overlay</li>
+ <li><b><em>Section XIV</em></b> - misc info about other utilities</li>
</ul>
</p>
<hr>
@@ -32,7 +45,7 @@ These instructions are intended for new users who want to quickly learn how to i
<ul>
<li>Internet access to retrieve binary dependencies from online Maven repo.</li>
<li>Java SDK Version 7 or beyond installed to target environment</li>
- <li>Redhat or Ubuntu server machine (for window environments use <em>README-QUICKSTART-WINDOWS.html</em>)</li>
+ <li>Redhat or Ubuntu server machine (for window environments use <a href="./README-QUICKSTART-WINDOWS.html">README-QUICKSTART-WINDOWS.html</a>)</li>
<li>1GB RAM</li>
<li>20GB HD</li>
</ul>
@@ -48,16 +61,17 @@ These instructions are intended for new users who want to quickly learn how to i
<ul>
<li>In the document that follows, when you read <em>[version]</em> or <em>[platform]</em> substitute with current package info. For example - if the downloaded package version is 1.0.0 and platform is 'Debian Silver i386', the instructions show fortressBuilder-<em>[platform]</em>-<em>[version]</em>.jar your file name would be fortressBuilder-Debian-Silver-i386-1.0.0.zip</li>
<br>
- <li>Is your target machine windows? Go to <em>README-QUICKSTART-WINDOWS</em></li>
+ <li>Is your target machine windows? Go to <a href="./README-QUICKSTART-WINDOWS.html">README-QUICKSTART-WINDOWS.html</a></li>
<br>
- <li>The source code for this project is located in <em>FORTRESS_HOME/src</em> folder.</li>
+ <li>The source code for this project is located here <a href="./src">./src</a>.</li>
</ul>
<ol type="I">
<hr>
<li>
- <h3>Instructions to extract and configure Fortress Builder Package to Target System</h3>
- <ol type="A">
+ <h3>Instructions to download, extract and configure Fortress Builder Package to Target System</h3>
+ <ol type="A">
+ <li>Download one of the linux packages from here: <a href="http://iamfortress.org/download">iamfortress.org/download</a></li><br>
<li>Copy fortressBuilder-[platform]-[version].zip to hard drive on target server env.</li>
<br>
<li>Extract the zip. The location for archive can vary according to requirements. The location of package will be referred to as <em>FORTRESS_HOME</em> later on.</li>
@@ -411,7 +425,39 @@ The 'test-full' target may be re-run as often as necessary. After regressions t
</li>
</ol>
<hr>
-
+ <li>
+ <h3>Instructions to enable RBAC Accelerator Overlay in OpenLDAP and test Java-side bindings (optional)</h3>
+ <ol type="A">
+
+ <li>Edit file named 'build.properties' and enable RBAC accelerator by adding:
+ <br><pre><p style="font-family:monospace;color:blue;font-size:14px;">rbac.accelerator=true</p></pre>
+ </li>
+ <li>Save and exit the text file editor</li><br>
+ <li>Reinstall Symas OpenLDAP by running the <b>init-slapd</b> target described in <b>Section III: Instructions to run the Builder to Install Symas OpenLDAP, configure and load with seed data</b>
+ </li><br>
+
+ <li>Load necessary test data for unit tests:
+ <br><pre><p style="font-family:monospace;color:blue;font-size:14px;">./b.sh admin -Dparam1=ldap/setup/RbacAcceleratorTestUsers.xml</p></pre>
+ </li>
+ <li>Now you can run the rbac accelerator unit tests:
+ <br><pre><p style="font-family:monospace;color:blue;font-size:14px;">./b.sh test-accel</p></pre>
+ </li>
+ <li>Verify the <b>test-accel</b> target completed with no ant or junit errors</li><br>
+ <li>Reload necessary regression test data by running the <b>test-full</b> target described in <b>Section IV: Instructions to regression test Fortress and Symas OpenLDAP on target machine</b>
+ </li><br>
+ <li>Now you can run the rbac accelerator regression tests:
+ <br><pre><p style="font-family:monospace;color:blue;font-size:14px;">./b.sh test-full-accel</p></pre>
+ </li>
+ <li>Verify the <b>test-full-accel</b> target completed with no ant or junit errors</li><br>
+ <li>Check out the javadoc for learning about APIs supported within the RBAC accelerator:
+ <a href="./dist/docs/api/org/openldap/fortress/AccelMgr.html">Fortress Accelerator Client</a>
+ </li>
+ </ol>
+ <br>Note 1: The RBAC accelerator turns OpenLDAP into an RBAC Policy Decision Point (PDP) server. All state is maintained in OpenLDAP LMDB databases including session and audit trail.
+ <br><br>Note 2: The <b>slapd.conf</b> file contains the mappings for the new database backends. You can view this data using any LDAP browser.
+ <br><br>Note 3: Bindings for C and Python are being worked on and will be released soon.
+ <br><br>Note 4: <b>SessionPermissions</b> will be in future release as required by ANSI RBAC (INCITS 359) Core functionality.
+ <hr>
<li>
<h3>More Utilities</h3>
Other execution targets you may find useful:
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4d4a7d68/README.txt
----------------------------------------------------------------------
diff --git a/README.txt b/README.txt
index a02de53..2ae4437 100755
--- a/README.txt
+++ b/README.txt
@@ -550,4 +550,4 @@ a. from FORTRESS_HOME enter the following command:
>$ANT_HOME/bin/ant -buildfile getIvy.xml
- After the above commands are run (also assuming network is good), Apache Ivy library
- will downloaded into ANT_HOME/lib folder. Ivy is needed to build Fortress.
\ No newline at end of file
+ will downloaded into ANT_HOME/lib folder. Ivy is needed to build Fortress.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/4d4a7d68/ivy.xml
----------------------------------------------------------------------
diff --git a/ivy.xml b/ivy.xml
index 8effb51..863f4c8 100755
--- a/ivy.xml
+++ b/ivy.xml
@@ -60,18 +60,15 @@
</dependency>
<!-- Fortress core source is NOT dependent on Sentry, EnMasse or Commander artifacts rather they're required for its QUICKSTART demo apps: -->
-<!--<!–-->
- <!--<dependency org="org.openldap" name="sentry" rev="1.0-RC38" conf="default->master">-->
- <!--<artifact name="sentry" e:classifier="dist" type="jar"/>-->
- <!--</dependency>-->
-
- <!--<dependency org="org.openldap" name="enmasse" rev="1.0-RC38" conf="default->master">-->
- <!--<artifact name="enmasse" type="jar"/>-->
- <!--</dependency>-->
- <!--<dependency org="org.openldap" name="commander" rev="1.0-RC38" conf="default->master">-->
- <!--<artifact name="commander" type="jar"/>-->
- <!--</dependency>-->
-<!--–>-->
+ <dependency org="org.openldap" name="sentry" rev="1.0-RC38" conf="default->master">
+ <artifact name="sentry" e:classifier="dist" type="jar"/>
+ </dependency>
+ <dependency org="org.openldap" name="enmasse" rev="1.0-RC38" conf="default->master">
+ <artifact name="enmasse" type="jar"/>
+ </dependency>
+ <dependency org="org.openldap" name="commander" rev="1.0-RC38" conf="default->master">
+ <artifact name="commander" type="jar"/>
+ </dependency>
</dependencies>
</ivy-module>
[28/50] git commit: FC-141 - RC38 Release
Posted by el...@apache.org.
FC-141 - RC38 Release
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/d911e226
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/d911e226
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/d911e226
Branch: refs/heads/master
Commit: d911e2262c6cbb11e589b583b26f0f05eb6d0105
Parents: 8b569fc
Author: Shawn McKinney <sh...@jts.us>
Authored: Sat Jul 5 19:05:17 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Sat Jul 5 19:05:17 2014 -0500
----------------------------------------------------------------------
build.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/d911e226/build.xml
----------------------------------------------------------------------
diff --git a/build.xml b/build.xml
index c3dac56..d840de2 100644
--- a/build.xml
+++ b/build.xml
@@ -106,7 +106,7 @@
<!-- ########### Sentry manage & config properties ########################### -->
<property name="sentry" value="sentry"/>
<property name="sentry.dir" value="${basedir}/${sentry}-${version}"/>
- <property name="sentry.zip" value="${lib.dir}/${sentry}-${version}-dist.jar"/>
+ <property name="sentry.zip" value="${lib.dir}/${sentry}-${version}.jar"/>
<!-- ########### EnMasse manage & config properties ########################### -->
<property name="enmasse" value="enmasse"/>
[49/50] git commit: FC-151 - UnboundID SDK removal preparations
continue
Posted by el...@apache.org.
FC-151 - UnboundID SDK removal preparations continue
Project: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/repo
Commit: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/commit/39ac2790
Tree: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/tree/39ac2790
Diff: http://git-wip-us.apache.org/repos/asf/directory-fortress-core/diff/39ac2790
Branch: refs/heads/master
Commit: 39ac27903efe58ac6a5a8e259857eb091a5ab8cc
Parents: 6bf332f
Author: Shawn McKinney <sh...@jts.us>
Authored: Mon Oct 20 14:14:35 2014 -0500
Committer: Shawn McKinney <sh...@jts.us>
Committed: Mon Oct 20 14:14:35 2014 -0500
----------------------------------------------------------------------
.../org/openldap/fortress/GlobalErrIds.java | 5 +
.../openldap/fortress/SecurityException.java | 2 +
.../org/openldap/fortress/cfg/ConfigDAO.java | 103 ++++----
.../fortress/ldap/ApacheDsDataProvider.java | 121 ++++++++-
.../ldap/LdapClientTrustStoreManager.java | 246 +++++++++++++++++++
.../ldap/container/OrganizationalUnitDAO.java | 43 ++--
.../openldap/fortress/ldap/group/GroupDAO.java | 202 +++++++--------
.../fortress/ldap/suffix/SuffixDAO.java | 41 ++--
.../fortress/rbac/dao/apache/UserDAO.java | 12 +-
9 files changed, 569 insertions(+), 206 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/GlobalErrIds.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/GlobalErrIds.java b/src/main/java/org/openldap/fortress/GlobalErrIds.java
index 03d3055..6c116f5 100755
--- a/src/main/java/org/openldap/fortress/GlobalErrIds.java
+++ b/src/main/java/org/openldap/fortress/GlobalErrIds.java
@@ -166,6 +166,11 @@ public class GlobalErrIds
public final static int FT_APACHE_LDAP_POOL_INIT_FAILED = 135;
/**
+ * Cannot load JSSE TrustStore because the full-qualified input file name is null.
+ */
+ public final static int FT_CONFIG_JSSE_TRUSTSTORE_NULL = 136;
+
+ /**
* 1000's - User Entity Rule and LDAP Errors
*/
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/SecurityException.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/SecurityException.java b/src/main/java/org/openldap/fortress/SecurityException.java
index 80c467a..b39cb4e 100755
--- a/src/main/java/org/openldap/fortress/SecurityException.java
+++ b/src/main/java/org/openldap/fortress/SecurityException.java
@@ -69,6 +69,8 @@ package org.openldap.fortress;
* <li> <code>{@link GlobalErrIds#FT_CACHE_FLUSH_ERR} = 133;</code>
* <li> <code>{@link GlobalErrIds#FT_NULL_CACHE} = 134;</code>
* <li> <code>{@link GlobalErrIds#FT_APACHE_LDAP_POOL_INIT_FAILED} = 135;</code>
+ * <li> <code>{@link GlobalErrIds#FT_CONFIG_JSSE_TRUSTSTORE_NULL} = 136;</code>
+ *
* </ul>
* <h3>
* <p/>1000's - User Entity Rule and LDAP Errors
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/cfg/ConfigDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/cfg/ConfigDAO.java b/src/main/java/org/openldap/fortress/cfg/ConfigDAO.java
index 1565354..ca2d14b 100755
--- a/src/main/java/org/openldap/fortress/cfg/ConfigDAO.java
+++ b/src/main/java/org/openldap/fortress/cfg/ConfigDAO.java
@@ -16,8 +16,18 @@
package org.openldap.fortress.cfg;
+import java.util.ArrayList;
+import java.util.List;
import java.util.Properties;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.openldap.fortress.ldap.ApacheDsDataProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -26,17 +36,9 @@ import org.openldap.fortress.GlobalErrIds;
import org.openldap.fortress.GlobalIds;
import org.openldap.fortress.RemoveException;
import org.openldap.fortress.UpdateException;
-import org.openldap.fortress.ldap.UnboundIdDataProvider;
import org.openldap.fortress.util.attr.AttrHelper;
import org.openldap.fortress.util.attr.VUtil;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
-
-
/**
* This class provides data access for the standard ldap object device that has been extended to support name/value pairs.
* Fortress uses this data structure to store its remote cfg parameters.
@@ -72,7 +74,7 @@ import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
*
* @author Shawn McKinney
*/
-final class ConfigDAO extends UnboundIdDataProvider
+final class ConfigDAO extends ApacheDsDataProvider
{
private static final String CLS_NM = ConfigDAO.class.getName();
@@ -91,7 +93,6 @@ final class ConfigDAO extends UnboundIdDataProvider
GlobalIds.CN, GlobalIds.PROPS
};
-
/**
* Package private default constructor.
*/
@@ -99,7 +100,6 @@ final class ConfigDAO extends UnboundIdDataProvider
{
}
-
/**
* @param name
* @param props
@@ -109,33 +109,28 @@ final class ConfigDAO extends UnboundIdDataProvider
final Properties create( String name, Properties props )
throws org.openldap.fortress.CreateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( name );
LOG.info( "create dn [" + dn + "]" );
try
{
+ Entry myEntry = new DefaultEntry( dn );
+ myEntry.add( GlobalIds.OBJECT_CLASS, CONFIG_OBJ_CLASS );
ld = getAdminConnection();
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- attrs.add( createAttributes( GlobalIds.OBJECT_CLASS, CONFIG_OBJ_CLASS ) );
- attrs.add( createAttribute( GlobalIds.CN, name ) );
- loadProperties( props, attrs, GlobalIds.PROPS );
- LDAPEntry myEntry = new LDAPEntry( dn, attrs );
+ myEntry.add( GlobalIds.CN, name );
+ loadProperties( props, myEntry, GlobalIds.PROPS );
add( ld, myEntry );
}
- catch ( LDAPException e )
+ catch ( LdapEntryAlreadyExistsException e )
+ {
+ String warning = "create config dn [" + dn + "] caught LdapEntryAlreadyExistsException="
+ + e.getMessage() + " msg=" + e.getMessage();
+ throw new org.openldap.fortress.CreateException( GlobalErrIds.FT_CONFIG_ALREADY_EXISTS, warning );
+ }
+ catch ( LdapException e )
{
String error;
- if ( e.getLDAPResultCode() == LDAPException.ENTRY_ALREADY_EXISTS )
- {
- String warning = "create config dn [" + dn + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
- throw new org.openldap.fortress.CreateException( GlobalErrIds.FT_CONFIG_ALREADY_EXISTS, warning );
- }
- else
- {
- error = "create config dn [" + dn + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
- }
+ error = "create config dn [" + dn + "] caught LDAPException=" + e.getMessage();
LOG.error( error, e );
throw new org.openldap.fortress.CreateException( GlobalErrIds.FT_CONFIG_CREATE_FAILED, error );
}
@@ -156,26 +151,26 @@ final class ConfigDAO extends UnboundIdDataProvider
final Properties update( String name, Properties props )
throws org.openldap.fortress.UpdateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( name );
LOG.info( "update dn [" + dn + "]" );
try
{
- ld = getAdminConnection();
- LDAPModificationSet mods = new LDAPModificationSet();
- if ( org.openldap.fortress.util.attr.VUtil.isNotNullOrEmpty( props ) )
+ List<Modification> mods = new ArrayList<Modification>();
+ if ( VUtil.isNotNullOrEmpty( props ) )
{
loadProperties( props, mods, GlobalIds.PROPS, true );
}
+ ld = getAdminConnection();
if ( mods.size() > 0 )
{
+ ld = getAdminConnection();
modify( ld, dn, mods );
}
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "update dn [" + dn + "] caught LDAPException=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
+ String error = "update dn [" + dn + "] caught LDAPException=" + e.getMessage();
throw new org.openldap.fortress.UpdateException( GlobalErrIds.FT_CONFIG_UPDATE_FAILED, error );
}
finally
@@ -193,7 +188,7 @@ final class ConfigDAO extends UnboundIdDataProvider
final void remove( String name )
throws RemoveException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( name );
LOG.info( "remove dn [" + dn + "]" );
try
@@ -201,10 +196,9 @@ final class ConfigDAO extends UnboundIdDataProvider
ld = getAdminConnection();
delete( ld, dn );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "remove dn [" + dn + "] LDAPException=" + e.getLDAPResultCode() + " msg="
- + e.getMessage();
+ String error = "remove dn [" + dn + "] LDAPException=" + e.getMessage();
throw new org.openldap.fortress.RemoveException( GlobalErrIds.FT_CONFIG_DELETE_FAILED, error );
}
finally
@@ -223,26 +217,25 @@ final class ConfigDAO extends UnboundIdDataProvider
final Properties remove( String name, Properties props )
throws UpdateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( name );
LOG.info( "remove props dn [" + dn + "]" );
try
{
- ld = getAdminConnection();
- LDAPModificationSet mods = new LDAPModificationSet();
+ List<Modification> mods = new ArrayList<Modification>();
if ( VUtil.isNotNullOrEmpty( props ) )
{
removeProperties( props, mods, GlobalIds.PROPS );
}
if ( mods.size() > 0 )
{
+ ld = getAdminConnection();
modify( ld, dn, mods );
}
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "remove props dn [" + dn + "] caught LDAPException=" + e.getLDAPResultCode()
- + " msg=" + e.getMessage();
+ String error = "remove props dn [" + dn + "] caught LDAPException=" + e.getMessage();
throw new org.openldap.fortress.UpdateException( GlobalErrIds.FT_CONFIG_DELETE_PROPS_FAILED, error );
}
finally
@@ -262,23 +255,23 @@ final class ConfigDAO extends UnboundIdDataProvider
throws FinderException
{
Properties props = null;
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( name );
LOG.info( "getConfig dn [" + dn + "]" );
try
{
ld = getAdminConnection();
- LDAPEntry findEntry = read( ld, dn, CONFIG_ATRS );
+ Entry findEntry = read( ld, dn, CONFIG_ATRS );
props = AttrHelper.getProperties( getAttributes( findEntry, GlobalIds.PROPS ) );
}
- catch ( LDAPException e )
+ catch ( LdapNoSuchObjectException e )
{
- if ( e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT )
- {
- String warning = "getConfig COULD NOT FIND ENTRY for dn [" + dn + "]";
- throw new org.openldap.fortress.FinderException( GlobalErrIds.FT_CONFIG_NOT_FOUND, warning );
- }
- String error = "getConfig dn [" + dn + "] LEXCD=" + e.getLDAPResultCode() + " LEXMSG=" + e;
+ String warning = "getConfig COULD NOT FIND ENTRY for dn [" + dn + "]";
+ throw new FinderException( GlobalErrIds.USER_NOT_FOUND, warning );
+ }
+ catch ( LdapException e )
+ {
+ String error = "getConfig dn [" + dn + "] caught LdapException=" + e.getMessage();
throw new FinderException( GlobalErrIds.FT_CONFIG_READ_FAILED, error );
}
finally
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
index 1400370..aee62b4 100644
--- a/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
+++ b/src/main/java/org/openldap/fortress/ldap/ApacheDsDataProvider.java
@@ -68,7 +68,8 @@ import org.openldap.fortress.util.crypto.EncryptUtil;
import org.openldap.fortress.util.time.CUtil;
import org.openldap.fortress.util.time.Constraint;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModification;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
@@ -84,6 +85,10 @@ import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModification;
*/
public abstract class ApacheDsDataProvider
{
+ // Logging
+ private static final String CLS_NM = ApacheDsDataProvider.class.getName();
+ private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
+
private static final int MAX_DEPTH = 100;
private static final LdapCounters counters = new LdapCounters();
private static final String LDAP_HOST = "host";
@@ -93,6 +98,40 @@ public abstract class ApacheDsDataProvider
private static final String LDAP_ADMIN_POOL_UID = "admin.user";
private static final String LDAP_ADMIN_POOL_PW = "admin.pw";
+ // Used for TLS/SSL client-side configs:
+ private static final String ENABLE_LDAP_SSL = "enable.ldap.ssl";
+ private static final String ENABLE_LDAP_SSL_DEBUG = "enable.ldap.ssl.debug";
+ private static final String TRUST_STORE = Config.getProperty( "trust.store" );
+ private static final String TRUST_STORE_PW = Config.getProperty( "trust.store.password" );
+ private static final boolean IS_SSL = (
+ Config.getProperty( ENABLE_LDAP_SSL ) != null &&
+ Config.getProperty( ENABLE_LDAP_SSL ).equalsIgnoreCase( "true" ) &&
+ TRUST_STORE != null &&
+ TRUST_STORE_PW != null );
+
+ private static final String SET_TRUST_STORE_PROP = "trust.store.set.prop";
+ private static final boolean IS_SET_TRUST_STORE_PROP = (
+ IS_SSL &&
+ Config.getProperty( SET_TRUST_STORE_PROP ) != null &&
+ Config.getProperty( SET_TRUST_STORE_PROP ).equalsIgnoreCase( "true" ));
+
+ private static final boolean IS_SSL_DEBUG = ( ( Config.getProperty( ENABLE_LDAP_SSL_DEBUG ) != null ) && ( Config
+ .getProperty( ENABLE_LDAP_SSL_DEBUG ).equalsIgnoreCase( "true" ) ) );
+
+ static
+ {
+ if(IS_SET_TRUST_STORE_PROP)
+ {
+ LOG.info( "Set JSSE truststore properties:");
+ LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
+ LOG.info( "javax.net.debug: " + new Boolean( IS_SSL_DEBUG ).toString());
+ System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
+ System.setProperty( "javax.net.debug", new Boolean( IS_SSL_DEBUG ).toString() );
+ }
+ }
+
+
/**
* The Admin connection pool
*/
@@ -115,11 +154,29 @@ public abstract class ApacheDsDataProvider
int min = Config.getInt( LDAP_ADMIN_POOL_MIN, 1 );
int max = Config.getInt( LDAP_ADMIN_POOL_MAX, 10 );
+ if(IS_SET_TRUST_STORE_PROP)
+ {
+ LOG.info( "Set JSSE truststore properties in Apache LDAP client:");
+ LOG.info( "javax.net.ssl.trustStore: " + TRUST_STORE );
+ LOG.info( "javax.net.debug: " + new Boolean( IS_SSL_DEBUG ).toString());
+ System.setProperty( "javax.net.ssl.trustStore", TRUST_STORE );
+ System.setProperty( "javax.net.ssl.trustStorePassword", TRUST_STORE_PW );
+ System.setProperty( "javax.net.debug", new Boolean( IS_SSL_DEBUG ).toString() );
+ }
+
LdapConnectionConfig config = new LdapConnectionConfig();
config.setLdapHost( host );
config.setLdapPort( port );
config.setName( Config.getProperty( LDAP_ADMIN_POOL_UID, "" ) );
+ // added by smckinney for TLS/SSL config:
+ config.setUseSsl( IS_SSL );
+ //config.setTrustManagers( new NoVerificationTrustManager() );
+
+ config.setTrustManagers( new LdapClientTrustStoreManager(
+ TRUST_STORE,
+ TRUST_STORE_PW.toCharArray() , null, true ) );
+
String adminPw = null;
if ( EncryptUtil.isEnabled() )
@@ -921,7 +978,7 @@ public abstract class ApacheDsDataProvider
{
if ( list != null && list.size() > 0 )
{
- entry.add( attrName, list.toArray( new String[] {} ) );
+ entry.add( attrName, list.toArray( new String[]{} ) );
}
}
@@ -1028,11 +1085,28 @@ public abstract class ApacheDsDataProvider
* @param props contains {@link java.util.Properties} targeted for updating in ldap.
* @param mods ldap modification set containing name-value pairs in raw ldap format.
* @param attrName contains the name of the ldap attribute to be updated.
- * @param replace boolean variable, if set to true use {@link LDAPModification#REPLACE} else {@link
- * LDAPModification#ADD}.
+ * @param replace boolean variable, if set to true use {@link ModificationOperation#REPLACE_ATTRIBUTE} else {@link
+ * ModificationOperation#ADD_ATTRIBUTE}.
*/
protected void loadProperties( Properties props, List<Modification> mods, String attrName, boolean replace )
{
+ loadProperties( props, mods, attrName, replace, GlobalIds.PROP_SEP );
+ }
+
+
+ /**
+ * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap
+ * modification set in preparation for ldap modify.
+ *
+ * @param props contains {@link java.util.Properties} targeted for updating in ldap.
+ * @param mods ldap modification set containing name-value pairs in raw ldap format.
+ * @param attrName contains the name of the ldap attribute to be updated.
+ * @param replace boolean variable, if set to true use {@link ModificationOperation#REPLACE_ATTRIBUTE} else {@link
+ * ModificationOperation#ADD_ATTRIBUTE}.
+ * @param separator contains the char value used to separate name and value in ldap raw format.
+ */
+ protected void loadProperties( Properties props, List<Modification> mods, String attrName, boolean replace, char separator )
+ {
if ( props != null && props.size() > 0 )
{
if ( replace )
@@ -1046,7 +1120,7 @@ public abstract class ApacheDsDataProvider
String val = props.getProperty( key );
// This LDAP attr is stored as a name-value pair separated by a ':'.
mods.add( new DefaultModification( ModificationOperation.ADD_ATTRIBUTE, attrName,
- key + GlobalIds.PROP_SEP + val ) );
+ key + separator + val ) );
}
}
}
@@ -1113,6 +1187,43 @@ public abstract class ApacheDsDataProvider
/**
+ * Given a collection of {@link java.util.Properties}, convert to raw data name-value format and load into ldap modification set in preparation for ldap add.
+ *
+ * @param props contains {@link java.util.Properties} targeted for adding to ldap.
+ * @param entry contains ldap entry to push attrs into.
+ * @param attrName contains the name of the ldap attribute to be added.
+ * @param separator contains the char value used to separate name and value in ldap raw format.
+ * @throws LdapException
+ */
+ protected void loadProperties( Properties props, Entry entry, String attrName, char separator ) throws LdapException
+ {
+ if ( props != null && props.size() > 0 )
+ {
+ Attribute attr = null;
+ for ( Enumeration e = props.propertyNames(); e.hasMoreElements(); )
+ {
+ // This LDAP attr is stored as a name-value pair separated by a ':'.
+ String key = ( String ) e.nextElement();
+ String val = props.getProperty( key );
+ String prop = key + separator + val;
+ if ( attr == null )
+ {
+ attr = new DefaultAttribute( attrName );
+ }
+ else
+ {
+ attr.add( prop );
+ }
+ }
+ if ( attr != null )
+ {
+ entry.add( attr );
+ }
+ }
+ }
+
+
+ /**
* @param value
* @param validLen
* @return String containing encoded data.
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/ldap/LdapClientTrustStoreManager.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/LdapClientTrustStoreManager.java b/src/main/java/org/openldap/fortress/ldap/LdapClientTrustStoreManager.java
new file mode 100644
index 0000000..e7631c8
--- /dev/null
+++ b/src/main/java/org/openldap/fortress/ldap/LdapClientTrustStoreManager.java
@@ -0,0 +1,246 @@
+/*
+ * This work is part of OpenLDAP Software <http://www.openldap.org/>.
+ *
+ * Copyright 1998-2014 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * <http://www.OpenLDAP.org/license.html>.
+ */
+package org.openldap.fortress.ldap;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.Serializable;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
+import java.util.Date;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.net.ssl.X509TrustManager;
+
+import org.openldap.fortress.CfgRuntimeException;
+import org.openldap.fortress.GlobalErrIds;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Implement the X509TrustManager interface which will be used during JSSE truststore manager initialization for LDAP
+ * client-to-server communications over TLS/SSL.
+ * It is used during certificate validation operations within JSSE.
+ * <p/>
+ * Note: This class allows self-signed certificates to pass the validation checks.
+ *
+ * @author Shawn McKinney
+ */
+public final class LdapClientTrustStoreManager implements X509TrustManager, Serializable
+{
+ // Logging
+ private static final String CLS_NM = LdapClientTrustStoreManager.class.getName();
+ private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
+
+ // Config variables
+ private final boolean isExamineValidityDates;
+ private final char[] trustStorePw;
+ private final String trustStoreFile;
+ private final String trustStoreFormat;
+
+ /**
+ * Constructor used by connection configuration utility to load trust store manager.
+ *
+ * @param trustStoreFile contains fully qualified name of trust store file.
+ * @param trustStorePw contains the password for trust store
+ * @param trustStoreFormat contains the format for trust store
+ * @param isExamineValidity boolean var determines if certificate will be examined for valid dates on load.
+ */
+ public LdapClientTrustStoreManager( final String trustStoreFile, final char[] trustStorePw,
+ final String trustStoreFormat, final boolean isExamineValidity )
+ {
+ if ( trustStoreFile == null )
+ {
+ // Cannot continue, throw an unchecked exception:
+ throw new CfgRuntimeException( GlobalErrIds.FT_CONFIG_JSSE_TRUSTSTORE_NULL,
+ "FortressTrustStoreManager constructor : input file name is null" );
+ }
+ // contains the fully-qualified file name of a valid JSSE TrustStore on local file system:
+ this.trustStoreFile = trustStoreFile;
+ // the password to the JSSE TrustStore:
+ this.trustStorePw = trustStorePw;
+ // If true, verify the current date is within the validity period for every certificate in the TrustStore:
+ this.isExamineValidityDates = isExamineValidity;
+ if ( trustStoreFormat == null )
+ {
+ this.trustStoreFormat = KeyStore.getDefaultType();
+ }
+ else
+ {
+ this.trustStoreFormat = trustStoreFormat;
+ }
+ }
+
+ /**
+ * Determine if client certificate is to be trusted.
+ *
+ * @param x509Chain
+ * @param authNType
+ * @throws CertificateException
+ */
+ public synchronized void checkClientTrusted( final X509Certificate[] x509Chain,
+ final String authNType ) throws CertificateException
+ {
+ // For each certificate in the chain, check validity:
+ for ( final X509TrustManager trustMgr : getTrustManagers( x509Chain ) )
+ {
+ trustMgr.checkClientTrusted( x509Chain, authNType );
+ }
+ }
+
+ /**
+ * Determine if server certificate is to be trusted.
+ *
+ * @param x509Chain
+ * @param authNType
+ * @throws CertificateException
+ */
+ public synchronized void checkServerTrusted( final X509Certificate[] x509Chain, final String authNType ) throws
+ CertificateException
+ {
+ for ( final X509TrustManager trustManager : getTrustManagers( x509Chain ) )
+ {
+ trustManager.checkServerTrusted( x509Chain, authNType );
+ }
+ }
+
+ /**
+ * Return the list of accepted issuers for this trust manager.
+ *
+ * @return array of accepted issuers
+ */
+ public synchronized X509Certificate[] getAcceptedIssuers()
+ {
+ return new X509Certificate[0];
+ }
+
+ /**
+ * Return array of trust managers to caller. Will verify that current date is within certs validity period.
+ *
+ * @param x509Chain contains input X.509 certificate chain.
+ * @return array of X.509 trust managers.
+ * @throws CertificateException if trustStoreFile instance variable is null.
+ */
+ private synchronized X509TrustManager[] getTrustManagers( final X509Certificate[] x509Chain ) throws
+ CertificateException
+ {
+ // If true, verify the current date is within each certificates validity period.
+ if ( isExamineValidityDates )
+ {
+ final Date currentDate = new Date();
+ for ( final X509Certificate x509Cert : x509Chain )
+ {
+ x509Cert.checkValidity( currentDate );
+ }
+ }
+ // The trustStoreFile should contain the fully-qualified name of a Java TrustStore on local file system.
+ final File trustStoreFile = new File( this.trustStoreFile );
+ if ( !trustStoreFile.exists() )
+ {
+ throw new CertificateException( "FortressTrustStoreManager.getTrustManagers : file not found" );
+ }
+ return loadTrustManagers( getTrustStore() );
+ }
+
+ /**
+ * Return an array of X.509 TrustManagers.
+ *
+ * @param trustStore handle to input trustStore
+ * @return array of trust managers
+ * @throws CertificateException if problem occurs during TrustManager initialization.
+ */
+ private X509TrustManager[] loadTrustManagers( final KeyStore trustStore ) throws CertificateException
+ {
+ final X509TrustManager[] x509TrustManagers;
+ try
+ {
+ final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( TrustManagerFactory
+ .getDefaultAlgorithm() );
+ trustManagerFactory.init( trustStore );
+ final TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+ x509TrustManagers = new X509TrustManager[trustManagers.length];
+ for ( int i = 0; i < trustManagers.length; i++ )
+ {
+ x509TrustManagers[i] = ( X509TrustManager ) trustManagers[i];
+ }
+ }
+ catch ( NoSuchAlgorithmException e )
+ {
+ throw new CertificateException( "FortressTrustStoreManager.loadTrustManagers caught " +
+ "NoSuchAlgorithmException", e );
+ }
+ catch ( KeyStoreException e )
+ {
+ throw new CertificateException( "FortressTrustStoreManager.loadTrustManagers caught KeyStoreException", e );
+ }
+ return x509TrustManagers;
+ }
+
+ /**
+ * Load the TrustStore file into JSSE KeyStore instance.
+ *
+ * @return instance of JSSE KeyStore containing the LDAP Client's TrustStore file info. *
+ * @throws CertificateException if cannot process file load.
+ */
+ private KeyStore getTrustStore() throws CertificateException
+ {
+ final KeyStore trustStore;
+ try
+ {
+ trustStore = KeyStore.getInstance( trustStoreFormat );
+ }
+ catch ( KeyStoreException e )
+ {
+ throw new CertificateException( "FortressTrustStoreManager.getTrustManagers caught KeyStoreException", e );
+ }
+ FileInputStream trustStoreInputStream = null;
+ try
+ {
+ trustStoreInputStream = new FileInputStream( trustStoreFile );
+ trustStore.load( trustStoreInputStream, trustStorePw );
+ }
+ catch ( NoSuchAlgorithmException e )
+ {
+ throw new CertificateException( "FortressTrustStoreManager.getTrustManagers caught " +
+ "NoSuchAlgorithmException", e );
+ }
+ catch ( IOException e )
+ {
+ throw new CertificateException( "FortressTrustStoreManager.getTrustManagers caught KeyStoreException", e );
+ }
+ finally
+ {
+ // Close the input stream.
+ if ( trustStoreInputStream != null )
+ {
+ try
+ {
+ trustStoreInputStream.close();
+ }
+ catch ( IOException e )
+ {
+ // Eat this ioexception because it shouldn't be a problem, but log just in case:
+ LOG.warn( "FortressTrustStoreManager.getTrustManagers finally block on input stream close " +
+ "operation caught IOException=" + e.getMessage() );
+ }
+ }
+ }
+ return trustStore;
+ }
+}
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/ldap/container/OrganizationalUnitDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/container/OrganizationalUnitDAO.java b/src/main/java/org/openldap/fortress/ldap/container/OrganizationalUnitDAO.java
index 88b2faf..af6e94c 100755
--- a/src/main/java/org/openldap/fortress/ldap/container/OrganizationalUnitDAO.java
+++ b/src/main/java/org/openldap/fortress/ldap/container/OrganizationalUnitDAO.java
@@ -16,19 +16,18 @@
package org.openldap.fortress.ldap.container;
+import org.apache.directory.api.ldap.model.cursor.CursorException;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.openldap.fortress.ldap.ApacheDsDataProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-
import org.openldap.fortress.GlobalErrIds;
import org.openldap.fortress.GlobalIds;
-import org.openldap.fortress.ldap.UnboundIdDataProvider;
import org.openldap.fortress.util.attr.VUtil;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
-
/**
* This class provides data access for the standard ldap object class Organizational Unit. This
@@ -58,7 +57,7 @@ import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
*
* @author Shawn McKinney
*/
-final class OrganizationalUnitDAO extends UnboundIdDataProvider
+final class OrganizationalUnitDAO extends ApacheDsDataProvider
{
private static final String CLS_NM = OrganizationalUnitDAO.class.getName();
private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
@@ -90,7 +89,7 @@ final class OrganizationalUnitDAO extends UnboundIdDataProvider
final void create( OrganizationalUnit oe )
throws org.openldap.fortress.CreateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = GlobalIds.OU + "=" + oe.getName() + ",";
if ( VUtil.isNotNullOrEmpty( oe.getParent() ) )
nodeDn += GlobalIds.OU + "=" + oe.getParent() + ",";
@@ -98,19 +97,17 @@ final class OrganizationalUnitDAO extends UnboundIdDataProvider
try
{
LOG.info( "create container dn [" + nodeDn + "]" );
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- attrs.add( createAttributes( GlobalIds.OBJECT_CLASS,
- ORGUNIT_OBJ_CLASS ) );
- attrs.add( createAttribute( GlobalIds.OU, oe.getName() ) );
- attrs.add( createAttribute( GlobalIds.DESC, oe.getDescription() ) );
- LDAPEntry myEntry = new LDAPEntry( nodeDn, attrs );
+ Entry myEntry = new DefaultEntry( nodeDn );
+ myEntry.add( GlobalIds.OBJECT_CLASS, ORGUNIT_OBJ_CLASS );
+ myEntry.add( GlobalIds.OU, oe.getName() );
+ myEntry.add( GlobalIds.DESC, oe.getDescription() );
ld = getAdminConnection();
add( ld, myEntry );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
String error = "create container node dn [" + nodeDn + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
+ + e.getMessage();
throw new org.openldap.fortress.CreateException( GlobalErrIds.CNTR_CREATE_FAILED, error, e );
}
finally
@@ -127,7 +124,7 @@ final class OrganizationalUnitDAO extends UnboundIdDataProvider
final void remove( OrganizationalUnit oe )
throws org.openldap.fortress.RemoveException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = GlobalIds.OU + "=" + oe.getName() + ",";
if ( VUtil.isNotNullOrEmpty( oe.getParent() ) )
nodeDn += GlobalIds.OU + "=" + oe.getParent() + ",";
@@ -139,10 +136,16 @@ final class OrganizationalUnitDAO extends UnboundIdDataProvider
ld = getAdminConnection();
deleteRecursive( ld, nodeDn );
}
- catch ( LDAPException e )
+ catch ( CursorException e )
+ {
+ String error = "remove container node dn [" + nodeDn + "] caught CursorException="
+ + e.getMessage();
+ throw new org.openldap.fortress.RemoveException( GlobalErrIds.CNTR_DELETE_FAILED, error, e );
+ }
+ catch ( LdapException e )
{
String error = "remove container node dn [" + nodeDn + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
+ + e.getMessage();
throw new org.openldap.fortress.RemoveException( GlobalErrIds.CNTR_DELETE_FAILED, error, e );
}
finally
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/ldap/group/GroupDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/group/GroupDAO.java b/src/main/java/org/openldap/fortress/ldap/group/GroupDAO.java
index 6c82f74..74fd6d2 100755
--- a/src/main/java/org/openldap/fortress/ldap/group/GroupDAO.java
+++ b/src/main/java/org/openldap/fortress/ldap/group/GroupDAO.java
@@ -16,14 +16,23 @@
package org.openldap.fortress.ldap.group;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttribute;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModification;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPModificationSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPSearchResults;
+import org.apache.directory.api.ldap.model.cursor.CursorException;
+import org.apache.directory.api.ldap.model.cursor.SearchCursor;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.DefaultModification;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.entry.Modification;
+import org.apache.directory.api.ldap.model.entry.ModificationOperation;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.exception.LdapInvalidAttributeValueException;
+import org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.ldap.client.api.LdapConnection;
import org.openldap.fortress.FinderException;
import org.openldap.fortress.ObjectFactory;
import org.openldap.fortress.UpdateException;
import org.openldap.fortress.cfg.Config;
+import org.openldap.fortress.ldap.ApacheDsDataProvider;
import org.openldap.fortress.rbac.User;
import org.openldap.fortress.util.attr.AttrHelper;
import org.slf4j.Logger;
@@ -33,17 +42,10 @@ import org.openldap.fortress.CreateException;
import org.openldap.fortress.GlobalErrIds;
import org.openldap.fortress.GlobalIds;
import org.openldap.fortress.RemoveException;
-import org.openldap.fortress.ldap.UnboundIdDataProvider;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
import org.openldap.fortress.util.attr.VUtil;
import java.util.ArrayList;
import java.util.List;
-import java.util.Properties;
/**
* Contains the Group node for LDAP Directory Information Tree.
@@ -51,7 +53,7 @@ import java.util.Properties;
*
* @author Shawn McKinney
*/
-final class GroupDAO extends UnboundIdDataProvider
+final class GroupDAO extends ApacheDsDataProvider
{
private static final String CLS_NM = GroupDAO.class.getName();
private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
@@ -79,30 +81,27 @@ final class GroupDAO extends UnboundIdDataProvider
*/
final Group create( Group group ) throws org.openldap.fortress.CreateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( group.getName(), group.getContextId() );
try
{
LOG.debug( "create group dn {[]}", nodeDn );
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- attrs.add( createAttributes( GlobalIds.OBJECT_CLASS, GROUP_OBJ_CLASS ) );
- attrs.add( createAttribute( GlobalIds.CN, group.getName() ) );
- attrs.add( createAttribute( GROUP_PROTOCOL_ATTR_IMPL, group.getProtocol() ) );
- loadAttrs( group.getMembers(), attrs, MEMBER );
- loadProperties( group.getProperties(), attrs, GROUP_PROPERTY_ATTR_IMPL, '=' );
+ Entry myEntry = new DefaultEntry( nodeDn );
+ myEntry.add( GlobalIds.OBJECT_CLASS, GROUP_OBJ_CLASS );
+ myEntry.add( GlobalIds.CN , group.getName() );
+ myEntry.add( GROUP_PROTOCOL_ATTR_IMPL, group.getProtocol() );
+ loadAttrs( group.getMembers(), myEntry, MEMBER );
+ loadProperties( group.getProperties(), myEntry, GROUP_PROPERTY_ATTR_IMPL, '=' );
if ( VUtil.isNotNullOrEmpty( group.getDescription() ) )
{
- attrs.add( createAttribute( GlobalIds.DESC, group.getDescription() ) );
+ myEntry.add( GlobalIds.DESC, group.getDescription() );
}
-
- LDAPEntry myEntry = new LDAPEntry( nodeDn, attrs );
ld = getAdminConnection();
add( ld, myEntry );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "create group node dn [" + nodeDn + "] caught LDAPException=" + e.getLDAPResultCode() + " " +
- "msg=" + e.getMessage();
+ String error = "create group node dn [" + nodeDn + "] caught LDAPException=" + e.getMessage();
throw new CreateException( GlobalErrIds.GROUP_ADD_FAILED, error, e );
}
finally
@@ -120,39 +119,33 @@ final class GroupDAO extends UnboundIdDataProvider
*/
final Group update( Group group ) throws org.openldap.fortress.FinderException, org.openldap.fortress.UpdateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( group.getName(), group.getContextId() );
try
{
LOG.debug( "update group dn {[]}", nodeDn );
- LDAPModificationSet mods = new LDAPModificationSet();
+ List<Modification> mods = new ArrayList<Modification>();
if ( VUtil.isNotNullOrEmpty( group.getDescription() ) )
{
- LDAPAttribute desc = new LDAPAttribute( GlobalIds.DESC, group.getDescription() );
- mods.add( LDAPModification.REPLACE, desc );
+ mods.add( new DefaultModification(
+ ModificationOperation.REPLACE_ATTRIBUTE, GlobalIds.DESC, group.getDescription() ) );
}
if ( VUtil.isNotNullOrEmpty( group.getProtocol() ) )
{
- LDAPAttribute protocol = new LDAPAttribute( GROUP_PROTOCOL_ATTR_IMPL, group.getProtocol() );
- mods.add( LDAPModification.REPLACE, protocol );
- }
-/*
- loadAttrs( group.getMembers(), mods, MEMBER, false );
- if ( VUtil.isNotNullOrEmpty( group.getProperties() ) )
- {
- loadProperties( group.getProperties(), mods, GROUP_PROPERTY_ATTR_IMPL, '=', false );
+ mods.add( new DefaultModification(
+ ModificationOperation.REPLACE_ATTRIBUTE, GROUP_PROTOCOL_ATTR_IMPL, group.getProtocol() ) );
}
-*/
+ loadAttrs( group.getMembers(), mods, MEMBER );
+ loadProperties( group.getProperties(), mods, GROUP_PROPERTY_ATTR_IMPL, true, '=' );
if ( mods.size() > 0 )
{
ld = getAdminConnection();
modify( ld, nodeDn, mods, group );
}
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "update group node dn [" + nodeDn + "] caught LDAPException=" + e.getLDAPResultCode() + " " +
- "msg=" + e.getMessage();
+ String error = "update group node dn [" + nodeDn + "] caught LDAPException=" + e.getMessage();
throw new UpdateException( GlobalErrIds.GROUP_UPDATE_FAILED, error, e );
}
finally
@@ -164,21 +157,20 @@ final class GroupDAO extends UnboundIdDataProvider
final Group add( Group group, String key, String value ) throws org.openldap.fortress.FinderException, org.openldap.fortress.CreateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( group.getName(), group.getContextId() );
try
{
LOG.debug( "add group property dn {[]}, key {[]}, value {[]}", nodeDn, key, value );
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute prop = new LDAPAttribute( GROUP_PROPERTY_ATTR_IMPL, key + "=" + value );
- mods.add( LDAPModification.ADD, prop );
+ List<Modification> mods = new ArrayList<Modification>();
+ mods.add( new DefaultModification(
+ ModificationOperation.ADD_ATTRIBUTE, GROUP_PROPERTY_ATTR_IMPL, key + "=" + value ) );
ld = getAdminConnection();
modify( ld, nodeDn, mods, group );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "update group property node dn [" + nodeDn + "] caught LDAPException=" + e.getLDAPResultCode() + " " +
- "msg=" + e.getMessage();
+ String error = "update group property node dn [" + nodeDn + "] caught LDAPException=" + e.getMessage();
throw new CreateException( GlobalErrIds.GROUP_ADD_PROPERTY_FAILED, error, e );
}
finally
@@ -190,21 +182,20 @@ final class GroupDAO extends UnboundIdDataProvider
final Group delete( Group group, String key, String value ) throws org.openldap.fortress.FinderException, org.openldap.fortress.RemoveException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( group.getName(), group.getContextId() );
try
{
LOG.debug( "delete group property dn {[]}, key {[]}, value {[]}", nodeDn, key, value );
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute prop = new LDAPAttribute( GROUP_PROPERTY_ATTR_IMPL, key + "=" + value );
- mods.add( LDAPModification.DELETE, prop );
+ List<Modification> mods = new ArrayList<Modification>();
+ mods.add( new DefaultModification(
+ ModificationOperation.REMOVE_ATTRIBUTE, GROUP_PROPERTY_ATTR_IMPL, key + "=" + value ) );
ld = getAdminConnection();
modify( ld, nodeDn, mods, group );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
- String error = "delete group property node dn [" + nodeDn + "] caught LDAPException=" + e.getLDAPResultCode() + " " +
- "msg=" + e.getMessage();
+ String error = "delete group property node dn [" + nodeDn + "] caught LDAPException=" + e.getMessage();
throw new RemoveException( GlobalErrIds.GROUP_DELETE_PROPERTY_FAILED, error, e );
}
finally
@@ -223,7 +214,7 @@ final class GroupDAO extends UnboundIdDataProvider
*/
final Group remove( Group group ) throws org.openldap.fortress.RemoveException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( group.getName(), group.getContextId() );
LOG.debug( "remove group dn {[]}", nodeDn );
try
@@ -231,10 +222,15 @@ final class GroupDAO extends UnboundIdDataProvider
ld = getAdminConnection();
deleteRecursive( ld, nodeDn );
}
- catch ( LDAPException e )
+ catch ( CursorException e )
{
- String error = "remove group node dn [" + nodeDn + "] caught LDAPException=" + e.getLDAPResultCode() + " " +
- "msg=" + e.getMessage();
+ String error = "remove group node dn [" + nodeDn + "] caught CursorException="
+ + e.getMessage();
+ throw new org.openldap.fortress.RemoveException( GlobalErrIds.GROUP_DELETE_FAILED, error, e );
+ }
+ catch ( LdapException e )
+ {
+ String error = "remove group node dn [" + nodeDn + "] caught LDAPException=" + e.getMessage();
throw new RemoveException( GlobalErrIds.GROUP_DELETE_FAILED, error, e );
}
finally
@@ -253,21 +249,21 @@ final class GroupDAO extends UnboundIdDataProvider
*/
final Group assign( Group entity, String userDn ) throws org.openldap.fortress.FinderException, UpdateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( entity.getName(), entity.getContextId() );
LOG.debug( "assign group property dn {[]}, member dn {[]}", dn, userDn );
try
{
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute member = new LDAPAttribute( MEMBER, userDn );
- mods.add( LDAPModification.ADD, member );
+ List<Modification> mods = new ArrayList<Modification>();
+ mods.add( new DefaultModification(
+ ModificationOperation.ADD_ATTRIBUTE, MEMBER, userDn ) );
ld = getAdminConnection();
modify( ld, dn, mods, entity );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
String error = "assign group name [" + entity.getName() + "] user dn [" + userDn + "] caught " +
- "LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage();
+ "LDAPException=" + e.getMessage();
throw new UpdateException( GlobalErrIds.GROUP_USER_ASSIGN_FAILED, error, e );
}
finally
@@ -286,21 +282,22 @@ final class GroupDAO extends UnboundIdDataProvider
*/
final Group deassign( Group entity, String userDn ) throws org.openldap.fortress.FinderException, UpdateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( entity.getName(), entity.getContextId() );
LOG.debug( "deassign group property dn {[]}, member dn {[]}", dn, userDn );
try
{
- LDAPModificationSet mods = new LDAPModificationSet();
- LDAPAttribute member = new LDAPAttribute( MEMBER, userDn );
- mods.add( LDAPModification.DELETE, member );
+ List<Modification> mods = new ArrayList<Modification>();
+ mods.add( new DefaultModification(
+ ModificationOperation.REMOVE_ATTRIBUTE, MEMBER, userDn ) );
+
ld = getAdminConnection();
modify( ld, dn, mods, entity );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
String error = "deassign group name [" + entity.getName() + "] user dn [" + userDn + "] caught " +
- "LDAPException=" + e.getLDAPResultCode() + " msg=" + e.getMessage();
+ "LDAPException=" + e.getMessage();
throw new UpdateException( GlobalErrIds.GROUP_USER_DEASSIGN_FAILED, error, e );
}
finally
@@ -319,12 +316,12 @@ final class GroupDAO extends UnboundIdDataProvider
final Group get( Group group ) throws FinderException
{
Group entity = null;
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String dn = getDn( group.getName(), group.getContextId() );
try
{
ld = getAdminConnection();
- LDAPEntry findEntry = read( ld, dn, GROUP_ATRS );
+ Entry findEntry = read( ld, dn, GROUP_ATRS );
entity = unloadLdapEntry( findEntry, 0 );
if ( entity == null )
{
@@ -332,14 +329,14 @@ final class GroupDAO extends UnboundIdDataProvider
throw new FinderException( GlobalErrIds.GROUP_NOT_FOUND, warning );
}
}
- catch ( LDAPException e )
+ catch ( LdapNoSuchObjectException e )
{
- if ( e.getLDAPResultCode() == LDAPException.NO_SUCH_OBJECT )
- {
- String warning = "read Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
- throw new FinderException( GlobalErrIds.GROUP_NOT_FOUND, warning );
- }
- String error = "read dn [" + dn + "] LEXCD=" + e.getLDAPResultCode() + " LEXMSG=" + e;
+ String warning = "read Obj COULD NOT FIND ENTRY for dn [" + dn + "]";
+ throw new FinderException( GlobalErrIds.GROUP_NOT_FOUND, warning );
+ }
+ catch ( LdapException e )
+ {
+ String error = "read dn [" + dn + "] LdapException=" + e.getMessage();
throw new FinderException( GlobalErrIds.GROUP_READ_FAILED, error, e );
}
finally
@@ -358,8 +355,8 @@ final class GroupDAO extends UnboundIdDataProvider
final List<Group> find( Group group ) throws FinderException
{
List<Group> groupList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
+ LdapConnection ld = null;
+ SearchCursor searchResults;
String groupRoot = getRootDn( group.getContextId(), GlobalIds.GROUP_ROOT );
String filter = null;
try
@@ -367,18 +364,22 @@ final class GroupDAO extends UnboundIdDataProvider
String searchVal = encodeSafeText( group.getName(), GlobalIds.ROLE_LEN );
filter = GlobalIds.FILTER_PREFIX + GROUP_OBJECT_CLASS_IMPL + ")(" + GlobalIds.CN + "=" + searchVal + "*))";
ld = getAdminConnection();
- searchResults = search( ld, groupRoot, LDAPConnection.SCOPE_ONE, filter, GROUP_ATRS, false,
+ searchResults = search( ld, groupRoot, SearchScope.ONELEVEL, filter, GROUP_ATRS, false,
GlobalIds.BATCH_SIZE );
long sequence = 0;
- while ( searchResults.hasMoreElements() )
+ while ( searchResults.next() )
{
- groupList.add( unloadLdapEntry( searchResults.next(), sequence++ ) );
+ groupList.add( unloadLdapEntry( searchResults.getEntry(), sequence++ ) );
}
}
- catch ( LDAPException e )
+ catch ( CursorException e )
{
- String error = "find filter [" + filter + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e
- .getMessage();
+ String error = "find filter [" + filter + "] caught CursorException=" + e.getMessage();
+ throw new FinderException( GlobalErrIds.GROUP_SEARCH_FAILED, error, e );
+ }
+ catch ( LdapException e )
+ {
+ String error = "find filter [" + filter + "] caught LDAPException=" + e.getMessage();
throw new FinderException( GlobalErrIds.GROUP_SEARCH_FAILED, error, e );
}
finally
@@ -397,8 +398,8 @@ final class GroupDAO extends UnboundIdDataProvider
final List<Group> find( User user ) throws FinderException
{
List<Group> groupList = new ArrayList<>();
- LDAPConnection ld = null;
- LDAPSearchResults searchResults;
+ LdapConnection ld = null;
+ SearchCursor searchResults;
String groupRoot = getRootDn( user.getContextId(), GlobalIds.GROUP_ROOT );
String filter = null;
try
@@ -406,18 +407,22 @@ final class GroupDAO extends UnboundIdDataProvider
String searchVal = encodeSafeText( user.getUserId(), GlobalIds.USERID_LEN );
filter = GlobalIds.FILTER_PREFIX + GROUP_OBJECT_CLASS_IMPL + ")(" + MEMBER + "=" + user.getDn() + "))";
ld = getAdminConnection();
- searchResults = search( ld, groupRoot, LDAPConnection.SCOPE_ONE, filter, GROUP_ATRS, false,
+ searchResults = search( ld, groupRoot, SearchScope.ONELEVEL, filter, GROUP_ATRS, false,
GlobalIds.BATCH_SIZE );
long sequence = 0;
- while ( searchResults.hasMoreElements() )
+ while ( searchResults.next() )
{
- groupList.add( unloadLdapEntry( searchResults.next(), sequence++ ) );
+ groupList.add( unloadLdapEntry( searchResults.getEntry(), sequence++ ) );
}
}
- catch ( LDAPException e )
+ catch ( CursorException e )
+ {
+ String error = "find filter [" + filter + "] caught CursorException=" + e.getMessage();
+ throw new FinderException( GlobalErrIds.GROUP_SEARCH_FAILED, error, e );
+ }
+ catch ( LdapException e )
{
- String error = "find filter [" + filter + "] caught LDAPException=" + e.getLDAPResultCode() + " msg=" + e
- .getMessage();
+ String error = "find filter [" + filter + "] caught LDAPException=" + e.getMessage();
throw new FinderException( GlobalErrIds.GROUP_SEARCH_FAILED, error, e );
}
finally
@@ -431,9 +436,10 @@ final class GroupDAO extends UnboundIdDataProvider
* @param le
* @param sequence
* @return
- * @throws LDAPException
+ * @throws LdapException
*/
- private Group unloadLdapEntry( LDAPEntry le, long sequence )
+ private Group unloadLdapEntry( Entry le, long sequence )
+ throws LdapInvalidAttributeValueException
{
Group entity = new ObjectFactory().createGroup();
entity.setName( getAttribute( le, GlobalIds.CN ) );
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/ldap/suffix/SuffixDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/ldap/suffix/SuffixDAO.java b/src/main/java/org/openldap/fortress/ldap/suffix/SuffixDAO.java
index c1aa67a..770f2e1 100755
--- a/src/main/java/org/openldap/fortress/ldap/suffix/SuffixDAO.java
+++ b/src/main/java/org/openldap/fortress/ldap/suffix/SuffixDAO.java
@@ -16,6 +16,12 @@
package org.openldap.fortress.ldap.suffix;
+import org.apache.directory.api.ldap.model.cursor.CursorException;
+import org.apache.directory.api.ldap.model.entry.DefaultEntry;
+import org.apache.directory.api.ldap.model.entry.Entry;
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.openldap.fortress.ldap.ApacheDsDataProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -23,12 +29,6 @@ import org.openldap.fortress.CreateException;
import org.openldap.fortress.GlobalErrIds;
import org.openldap.fortress.GlobalIds;
import org.openldap.fortress.RemoveException;
-import org.openldap.fortress.ldap.UnboundIdDataProvider;
-
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPAttributeSet;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPConnection;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPEntry;
-import com.unboundid.ldap.sdk.migrate.ldapjdk.LDAPException;
import org.openldap.fortress.util.attr.VUtil;
@@ -61,7 +61,7 @@ import org.openldap.fortress.util.attr.VUtil;
*
* @author Shawn McKinney
*/
-final class SuffixDAO extends UnboundIdDataProvider
+final class SuffixDAO extends ApacheDsDataProvider
{
private static final String CLS_NM = SuffixDAO.class.getName();
private static final Logger LOG = LoggerFactory.getLogger( CLS_NM );
@@ -88,23 +88,22 @@ final class SuffixDAO extends UnboundIdDataProvider
final void create( Suffix se )
throws org.openldap.fortress.CreateException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( se );
try
{
LOG.info( "create suffix dn [" + nodeDn + "]" );
- LDAPAttributeSet attrs = new LDAPAttributeSet();
- attrs.add( createAttributes( GlobalIds.OBJECT_CLASS, SUFFIX_OBJ_CLASS ) );
- attrs.add( createAttribute( DC, se.getName() ) );
- attrs.add( createAttribute( O, se.getDescription() ) );
- LDAPEntry myEntry = new LDAPEntry( nodeDn, attrs );
+ Entry myEntry = new DefaultEntry( nodeDn );
+ myEntry.add( GlobalIds.OBJECT_CLASS, SUFFIX_OBJ_CLASS );
+ myEntry.add( DC, se.getName() );
+ myEntry.add( O, se.getDescription() );
ld = getAdminConnection();
add( ld, myEntry );
}
- catch ( LDAPException e )
+ catch ( LdapException e )
{
String error = "create container node dn [" + nodeDn + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
+ + e.getMessage();
throw new CreateException( GlobalErrIds.SUFX_CREATE_FAILED, error, e );
}
finally
@@ -129,7 +128,7 @@ final class SuffixDAO extends UnboundIdDataProvider
final void remove( Suffix se )
throws org.openldap.fortress.RemoveException
{
- LDAPConnection ld = null;
+ LdapConnection ld = null;
String nodeDn = getDn( se );
LOG.info( "remove suffix dn [" + nodeDn + "]" );
try
@@ -137,10 +136,16 @@ final class SuffixDAO extends UnboundIdDataProvider
ld = getAdminConnection();
deleteRecursive( ld, nodeDn );
}
- catch ( LDAPException e )
+ catch ( CursorException e )
+ {
+ String error = "remove suffix node dn [" + nodeDn + "] caught CursorException="
+ + e.getMessage();
+ throw new org.openldap.fortress.RemoveException( GlobalErrIds.SUFX_DELETE_FAILED, error, e );
+ }
+ catch ( LdapException e )
{
String error = "remove suffix node dn [" + nodeDn + "] caught LDAPException="
- + e.getLDAPResultCode() + " msg=" + e.getMessage();
+ + e.getMessage();
throw new RemoveException( GlobalErrIds.SUFX_DELETE_FAILED, error, e );
}
finally
http://git-wip-us.apache.org/repos/asf/directory-fortress-core/blob/39ac2790/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
----------------------------------------------------------------------
diff --git a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
index cf6e233..2f3a6d1 100755
--- a/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
+++ b/src/main/java/org/openldap/fortress/rbac/dao/apache/UserDAO.java
@@ -381,19 +381,11 @@ public final class UserDAO extends ApacheDsDataProvider implements org.openldap.
myEntry.add( EMPLOYEE_TYPE, entity.getEmployeeType() );
}
- // These are multi-valued attributes, use the util function to load:
- // These items are optional. The utility function will return quietly if no items are loaded into collection:
+ // These are multi-valued attributes, use the util function to load.
+ // These items are optional. The utility function will return quietly if item list is empty:
loadAttrs( entity.getPhones(), myEntry, TELEPHONE_NUMBER );
loadAttrs( entity.getMobiles(), myEntry, MOBILE );
loadAttrs( entity.getEmails(), myEntry, MAIL );
-/*
- myEntry.add( TELEPHONE_NUMBER, entity.getPhones().toArray( new String[]
- {} ) );
- myEntry.add( MOBILE, entity.getMobiles().toArray( new String[]
- {} ) );
- myEntry.add( MAIL, entity.getEmails().toArray( new String[]
- {} ) );
-*/
// The following attributes are optional:
if ( VUtil.isNotNullOrEmpty( entity.isSystem() ) )