You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by Anthony Dahanne <an...@gmail.com> on 2012/12/17 23:18:47 UTC
embedding ApacheDS for tests uisng NIS schema
Hello all,
Using ApacheDS for tests, I would like to simulate a scenario where the
user of our software authenticates/authorizes against a directory using the
NIS schema.
I'm using Apache DS 1.5.7 annotations, such as :
@RunWith(value = FrameworkRunner.class)
@CreateDS( allowAnonAccess=true, name="AddIT-class",
partitions =
{
@CreatePartition(
name = "mycompany",
suffix = "dc=mycompany,dc=com",
contextEntry = @ContextEntry(
entryLdif =
"dn: dc=mycompany,dc=com\n" +
"dc: mycompany\n" +
"objectClass: top\n" +
"objectClass: domain\n\n" ),
indexes =
{
@CreateIndex( attribute = "objectClass" ),
@CreateIndex( attribute = "dc" ),
@CreateIndex( attribute = "ou" )
} )
})
@CreateLdapServer(
transports =
{
@CreateTransport( protocol = "LDAP" )
})
@ApplyLdifs( {
// the users organizationalUnit
"dn: ou=users,dc=mycompany,dc=com",
"objectClass: organizationalUnit",
"objectClass: top",
"ou: users",
"description: Users",
// the groups organizationalUnit
"dn: ou=groups,dc=mycompany,dc=com",
"objectClass: organizationalUnit",
"objectClass: top",
"ou: groups",
"description: Groups",
// operators group
"dn: cn=operators,ou=groups,dc=mycompany,dc=com",
"objectClass: groupOfNames",
"objectClass: top",
"cn: operators",
"gidNumber: 43",
"description: Operators Group",
// admins group
"dn: cn=admins,ou=groups,dc=mycompany,dc=com",
"objectClass: groupOfNames",
"objectClass: top",
"cn: admins",
"gidNumber: 42",
"description: Operators Group",
etc....
See those latest groups, with gidNumber:xxx ?
well , apache ds refuses to create them with the error :
org.apache.directory.shared.ldap.exception.LdapSchemaViolationException:
ERR_279 Required attributes [2.5.4.31] not found within entry
cn=operators,ou=groups,dc=mycompany,dc=com
which is normal because by default the NIS schema is not loaded
I know that I need to set “m-disabled” attribute of the NIS schema to
FALSE; I already did using Apache Directory Studio once.
But how can I , using the annotations configuration, set this property to
false ?
Thanks a lot in advance for your answers !
Anthony
Re: embedding ApacheDS for tests uisng NIS schema
Posted by Anthony Dahanne <an...@gmail.com>.
@Kiran : great, that worked fine !
@Emmanuel : done : https://issues.apache.org/jira/browse/DIRSERVER-1784
Thanks again, the workaround is OK !
Regards,
Anthony
On Tue, Dec 18, 2012 at 5:22 AM, Jim Willeke <ji...@willeke.com> wrote:
> The rfc2307bis.schema defines posixGroup as an AUXILIARY ObjectClass to be
> added to an existing group entry.
>
> objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
> DESC 'Abstraction of a group of accounts'
> MUST gidNumber
> MAY ( userPassword $ memberUid $
> description ) )
>
>
> --
> -jim
> Jim Willeke
>
>
>
> On Tue, Dec 18, 2012 at 3:03 AM, Emmanuel Lécharny <elecharny@gmail.com
> >wrote:
>
> > Le 12/18/12 8:32 AM, Kiran Ayyagari a écrit :
> > > try it this way
> > >
> > > @Before
> > > // simplest way to enable a schema in embedded mode
> > > public void enableNis() throws Exception {
> > > if(!service.getSchemaManager().isEnabled( "nis" ))
> > > {
> > > service.getSchemaManager().enable( "nis" );
> > > }
> > > }
> > >
> > > //that will work just fine
> > > @Test
> > > @ApplyLdifs( {
> > > "dn: ou=groups,dc=mycompany,dc=com",
> > > "objectClass: organizationalUnit",
> > > "ou: groups",
> > > "description: Groups"
> > > }
> > > )
> > > public void authenticateAndAuthorizeFromDynamicGroup() throws
> > Exception {
> > > // operators group
> > > // this needs to be added manually instead of adding using
> > ApplyLdifs
> > > Entry entry = new DefaultEntry(
> > > "cn=operators,ou=groups,dc=mycompany,dc=com",
> > > "objectClass: posixGroup",
> > > "cn: operators",
> > > "gidNumber: 5000",
> > > "description: Operators Group",
> > > "objectClass: posixGroup",
> > > "cn: operators",
> > > "gidNumber: 5000",
> > > "description: Operators Group");
> > >
> > > LdapConnection connection = IntegrationUtils.getAdminConnection(
> > > service );
> > > connection.add( entry );
> > >
> > > assertTrue(connection.exists( entry.getDn() ));
> > > }
> > >
> > > for some reason not yet clear to me FrameworkRunner is failing while
> > adding
> > > the cn=operators entry when present in ApplyLdifs
> >
> > I'm wondering if the schemas should not be reloaded after having enabled
> > the NIS schema...
> >
> > Anthony, I suggest you fill a JIRA asking for the creation of a special
> > annotation, solthing like @EnableSchema( <list of schema to enable> ) ad
> > @DisableSchema( <List of schema to disable> ).
> >
> > That could be useful.
> >
> > We will continue to investigate the reason the NIS schema is not enabled.
> >
> >
> >
> > --
> > Regards,
> > Cordialement,
> > Emmanuel Lécharny
> > www.iktek.com
> >
> >
>
Re: embedding ApacheDS for tests uisng NIS schema
Posted by Jim Willeke <ji...@willeke.com>.
The rfc2307bis.schema defines posixGroup as an AUXILIARY ObjectClass to be
added to an existing group entry.
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY
DESC 'Abstraction of a group of accounts'
MUST gidNumber
MAY ( userPassword $ memberUid $
description ) )
--
-jim
Jim Willeke
On Tue, Dec 18, 2012 at 3:03 AM, Emmanuel Lécharny <el...@gmail.com>wrote:
> Le 12/18/12 8:32 AM, Kiran Ayyagari a écrit :
> > try it this way
> >
> > @Before
> > // simplest way to enable a schema in embedded mode
> > public void enableNis() throws Exception {
> > if(!service.getSchemaManager().isEnabled( "nis" ))
> > {
> > service.getSchemaManager().enable( "nis" );
> > }
> > }
> >
> > //that will work just fine
> > @Test
> > @ApplyLdifs( {
> > "dn: ou=groups,dc=mycompany,dc=com",
> > "objectClass: organizationalUnit",
> > "ou: groups",
> > "description: Groups"
> > }
> > )
> > public void authenticateAndAuthorizeFromDynamicGroup() throws
> Exception {
> > // operators group
> > // this needs to be added manually instead of adding using
> ApplyLdifs
> > Entry entry = new DefaultEntry(
> > "cn=operators,ou=groups,dc=mycompany,dc=com",
> > "objectClass: posixGroup",
> > "cn: operators",
> > "gidNumber: 5000",
> > "description: Operators Group",
> > "objectClass: posixGroup",
> > "cn: operators",
> > "gidNumber: 5000",
> > "description: Operators Group");
> >
> > LdapConnection connection = IntegrationUtils.getAdminConnection(
> > service );
> > connection.add( entry );
> >
> > assertTrue(connection.exists( entry.getDn() ));
> > }
> >
> > for some reason not yet clear to me FrameworkRunner is failing while
> adding
> > the cn=operators entry when present in ApplyLdifs
>
> I'm wondering if the schemas should not be reloaded after having enabled
> the NIS schema...
>
> Anthony, I suggest you fill a JIRA asking for the creation of a special
> annotation, solthing like @EnableSchema( <list of schema to enable> ) ad
> @DisableSchema( <List of schema to disable> ).
>
> That could be useful.
>
> We will continue to investigate the reason the NIS schema is not enabled.
>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>
Re: embedding ApacheDS for tests uisng NIS schema
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 12/18/12 8:32 AM, Kiran Ayyagari a écrit :
> try it this way
>
> @Before
> // simplest way to enable a schema in embedded mode
> public void enableNis() throws Exception {
> if(!service.getSchemaManager().isEnabled( "nis" ))
> {
> service.getSchemaManager().enable( "nis" );
> }
> }
>
> //that will work just fine
> @Test
> @ApplyLdifs( {
> "dn: ou=groups,dc=mycompany,dc=com",
> "objectClass: organizationalUnit",
> "ou: groups",
> "description: Groups"
> }
> )
> public void authenticateAndAuthorizeFromDynamicGroup() throws Exception {
> // operators group
> // this needs to be added manually instead of adding using ApplyLdifs
> Entry entry = new DefaultEntry(
> "cn=operators,ou=groups,dc=mycompany,dc=com",
> "objectClass: posixGroup",
> "cn: operators",
> "gidNumber: 5000",
> "description: Operators Group",
> "objectClass: posixGroup",
> "cn: operators",
> "gidNumber: 5000",
> "description: Operators Group");
>
> LdapConnection connection = IntegrationUtils.getAdminConnection(
> service );
> connection.add( entry );
>
> assertTrue(connection.exists( entry.getDn() ));
> }
>
> for some reason not yet clear to me FrameworkRunner is failing while adding
> the cn=operators entry when present in ApplyLdifs
I'm wondering if the schemas should not be reloaded after having enabled
the NIS schema...
Anthony, I suggest you fill a JIRA asking for the creation of a special
annotation, solthing like @EnableSchema( <list of schema to enable> ) ad
@DisableSchema( <List of schema to disable> ).
That could be useful.
We will continue to investigate the reason the NIS schema is not enabled.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
Re: embedding ApacheDS for tests uisng NIS schema
Posted by Kiran Ayyagari <ka...@apache.org>.
try it this way
@Before
// simplest way to enable a schema in embedded mode
public void enableNis() throws Exception {
if(!service.getSchemaManager().isEnabled( "nis" ))
{
service.getSchemaManager().enable( "nis" );
}
}
//that will work just fine
@Test
@ApplyLdifs( {
"dn: ou=groups,dc=mycompany,dc=com",
"objectClass: organizationalUnit",
"ou: groups",
"description: Groups"
}
)
public void authenticateAndAuthorizeFromDynamicGroup() throws Exception {
// operators group
// this needs to be added manually instead of adding using ApplyLdifs
Entry entry = new DefaultEntry(
"cn=operators,ou=groups,dc=mycompany,dc=com",
"objectClass: posixGroup",
"cn: operators",
"gidNumber: 5000",
"description: Operators Group",
"objectClass: posixGroup",
"cn: operators",
"gidNumber: 5000",
"description: Operators Group");
LdapConnection connection = IntegrationUtils.getAdminConnection(
service );
connection.add( entry );
assertTrue(connection.exists( entry.getDn() ));
}
for some reason not yet clear to me FrameworkRunner is failing while adding
the cn=operators entry when present in ApplyLdifs
On Tue, Dec 18, 2012 at 10:24 AM, Anthony Dahanne <anthony.dahanne@gmail.com
> wrote:
> Hello Emmanuel,
> Thanks a lot for your answer !
> Unfortunately, I now encounter new issues...
>
> I had to switch to Apache DS 2.0.0-M8 to compile AND I had to add
> apacheds-jdbm 2.0.0-M3 for runtime
>
> <dependency>
> <groupId>org.apache.directory.server</groupId>
> <artifactId>apacheds-server-integ</artifactId>
> <version>${apacheds-server.version}</version>
> <scope>test</scope>
> </dependency>
> <dependency>
> <groupId>org.apache.directory.server</groupId>
> <artifactId>apacheds-core-integ</artifactId>
> <version>${apacheds-server.version}</version>
> <scope>test</scope>
> </dependency>
> <dependency>
> <groupId>org.apache.directory.server</groupId>
> <artifactId>apacheds-jdbm</artifactId>
> <version>2.0.0-M3</version>
> <scope>test</scope>
> </dependency>
>
> to compile the snippet you gave me :
>
> // The shared LDAP connection
> private static LdapConnection connection;
>
> @Before
> public void enableNis() throws Exception
> {
>
> connection = IntegrationUtils.getAdminConnection(
> getService());
>
> Entry nisEntry = connection.lookup( "cn=nis,ou=schema" );
>
> boolean isNisDisabled = nisEntry.contains( "m-disabled", "TRUE" );
>
> // if nis is disabled then enable it
> if ( isNisDisabled )
> {
> connection.modify( "cn=nis,ou=schema", new
> DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
> "m-disabled", "TRUE" ) );
> }
> }
>
> and I had to change the @BeforeClass into a @Before (non static method),
> otherwise the getService() would always return null.
>
> Then, I could verify in the log the NIS schema was enabled :
> @Test
> public void authenticateAndAuthorizeFromDynamicGroup() throws Exception {
>
>
> Entry nisEntry = connection.lookup( "cn=nis,ou=schema" );
>
> boolean isNisDisabled = nisEntry.contains( "m-disabled", "TRUE" );
>
> System.out.println("Nis is disabled : "+isNisDisabled);
> etc...
>
> would print false (and true if I remove the snippet)
>
> but...
> I now have this error
>
> Caused by: org.apache.directory.shared.ldap.model.exception.LdapException:
> ERR_04269 ATTRIBUTE_TYPE for OID gidnumber does not exist!
>
>
> , whenever I add this ldif (in the applyldif annotation) :
>
> "dn: cn=operators,ou=groups,dc=mycompany,dc=com",
> "objectClass: posixGroup",
> "cn: operators",
> "gidNumber: 5000",
> "description: Operators Group",
>
> I have copied my test in a pastebin :
> http://pastebin.com/BXNP8muU
>
> I have tried several combinations, but whenever I try to load an ldif with
> gidNumber, it fails...
>
> Thanks again for your help,
> Regards,
> Anthony
>
>
>
> On Mon, Dec 17, 2012 at 5:49 PM, Emmanuel Lécharny <elecharny@gmail.com
> >wrote:
>
> > @ApplyLdifs( {
> > // the users organizationalUnit
> > "dn: ou=users,dc=mycompany,dc=com",
> > "objectClass: organizationalUnit",
> > "objectClass: top",
> > "ou: users",
> > "description: Users",
> >
> > // the groups organizationalUnit
> > "dn: ou=groups,dc=mycompany,dc=com",
> > "objectClass: organizationalUnit",
> > "objectClass: top",
> > "ou: groups",
> > "description: Groups" })
>
--
Kiran Ayyagari
http://keydap.com
Re: embedding ApacheDS for tests uisng NIS schema
Posted by Anthony Dahanne <an...@gmail.com>.
Hello Emmanuel,
Thanks a lot for your answer !
Unfortunately, I now encounter new issues...
I had to switch to Apache DS 2.0.0-M8 to compile AND I had to add
apacheds-jdbm 2.0.0-M3 for runtime
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-server-integ</artifactId>
<version>${apacheds-server.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-core-integ</artifactId>
<version>${apacheds-server.version}</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.apache.directory.server</groupId>
<artifactId>apacheds-jdbm</artifactId>
<version>2.0.0-M3</version>
<scope>test</scope>
</dependency>
to compile the snippet you gave me :
// The shared LDAP connection
private static LdapConnection connection;
@Before
public void enableNis() throws Exception
{
connection = IntegrationUtils.getAdminConnection(
getService());
Entry nisEntry = connection.lookup( "cn=nis,ou=schema" );
boolean isNisDisabled = nisEntry.contains( "m-disabled", "TRUE" );
// if nis is disabled then enable it
if ( isNisDisabled )
{
connection.modify( "cn=nis,ou=schema", new
DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
"m-disabled", "TRUE" ) );
}
}
and I had to change the @BeforeClass into a @Before (non static method),
otherwise the getService() would always return null.
Then, I could verify in the log the NIS schema was enabled :
@Test
public void authenticateAndAuthorizeFromDynamicGroup() throws Exception {
Entry nisEntry = connection.lookup( "cn=nis,ou=schema" );
boolean isNisDisabled = nisEntry.contains( "m-disabled", "TRUE" );
System.out.println("Nis is disabled : "+isNisDisabled);
etc...
would print false (and true if I remove the snippet)
but...
I now have this error
Caused by: org.apache.directory.shared.ldap.model.exception.LdapException:
ERR_04269 ATTRIBUTE_TYPE for OID gidnumber does not exist!
, whenever I add this ldif (in the applyldif annotation) :
"dn: cn=operators,ou=groups,dc=mycompany,dc=com",
"objectClass: posixGroup",
"cn: operators",
"gidNumber: 5000",
"description: Operators Group",
I have copied my test in a pastebin :
http://pastebin.com/BXNP8muU
I have tried several combinations, but whenever I try to load an ldif with
gidNumber, it fails...
Thanks again for your help,
Regards,
Anthony
On Mon, Dec 17, 2012 at 5:49 PM, Emmanuel Lécharny <el...@gmail.com>wrote:
> @ApplyLdifs( {
> // the users organizationalUnit
> "dn: ou=users,dc=mycompany,dc=com",
> "objectClass: organizationalUnit",
> "objectClass: top",
> "ou: users",
> "description: Users",
>
> // the groups organizationalUnit
> "dn: ou=groups,dc=mycompany,dc=com",
> "objectClass: organizationalUnit",
> "objectClass: top",
> "ou: groups",
> "description: Groups" })
Re: embedding ApacheDS for tests uisng NIS schema
Posted by Emmanuel Lécharny <el...@gmail.com>.
Le 12/17/12 11:18 PM, Anthony Dahanne a écrit :
> Hello all,
> Using ApacheDS for tests, I would like to simulate a scenario where the
> user of our software authenticates/authorizes against a directory using the
> NIS schema.
> I'm using Apache DS 1.5.7 annotations, such as :
>
> @RunWith(value = FrameworkRunner.class)
> @CreateDS( allowAnonAccess=true, name="AddIT-class",
> partitions =
> {
> @CreatePartition(
> name = "mycompany",
> suffix = "dc=mycompany,dc=com",
> contextEntry = @ContextEntry(
> entryLdif =
> "dn: dc=mycompany,dc=com\n" +
> "dc: mycompany\n" +
> "objectClass: top\n" +
> "objectClass: domain\n\n" ),
> indexes =
> {
> @CreateIndex( attribute = "objectClass" ),
> @CreateIndex( attribute = "dc" ),
> @CreateIndex( attribute = "ou" )
> } )
> })
> @CreateLdapServer(
> transports =
> {
> @CreateTransport( protocol = "LDAP" )
> })
> @ApplyLdifs( {
> // the users organizationalUnit
> "dn: ou=users,dc=mycompany,dc=com",
> "objectClass: organizationalUnit",
> "objectClass: top",
> "ou: users",
> "description: Users",
>
> // the groups organizationalUnit
> "dn: ou=groups,dc=mycompany,dc=com",
> "objectClass: organizationalUnit",
> "objectClass: top",
> "ou: groups",
> "description: Groups",
>
>
> // operators group
> "dn: cn=operators,ou=groups,dc=mycompany,dc=com",
> "objectClass: groupOfNames",
> "objectClass: top",
> "cn: operators",
> "gidNumber: 43",
> "description: Operators Group",
>
>
> // admins group
> "dn: cn=admins,ou=groups,dc=mycompany,dc=com",
> "objectClass: groupOfNames",
> "objectClass: top",
> "cn: admins",
> "gidNumber: 42",
> "description: Operators Group",
> etc....
>
>
> See those latest groups, with gidNumber:xxx ?
> well , apache ds refuses to create them with the error :
>
> org.apache.directory.shared.ldap.exception.LdapSchemaViolationException:
> ERR_279 Required attributes [2.5.4.31] not found within entry
> cn=operators,ou=groups,dc=mycompany,dc=com
>
> which is normal because by default the NIS schema is not loaded
> I know that I need to set “m-disabled” attribute of the NIS schema to
> FALSE; I already did using Apache Directory Studio once.
> But how can I , using the annotations configuration, set this property to
> false ?
Sadly, you can't. But you are not necessarily in a dead end here.
You can still inject the @ApplyLdif on a method, instead of inject it at
the class level. That let you enable the NS partition in a @BeforeClass
method.
Something like :
@RunWith(value = FrameworkRunner.class)
@CreateDS( allowAnonAccess=true, name="AddIT-class",
partitions =
{
@CreatePartition(
name = "mycompany",
suffix = "dc=mycompany,dc=com",
contextEntry = @ContextEntry(
entryLdif =
"dn: dc=mycompany,dc=com\n" +
"dc: mycompany\n" +
"objectClass: top\n" +
"objectClass: domain\n\n" ),
indexes =
{
@CreateIndex( attribute = "objectClass" ),
@CreateIndex( attribute = "dc" ),
@CreateIndex( attribute = "ou" )
} )
})
@CreateLdapServer(
transports =
{
@CreateTransport( protocol = "LDAP" )
})
public class MyTest
{
@BeforeClass
static public void enableNis() throws Exception
{
connection = IntegrationUtils.getAdminConnection(
getService() );
Entry nisEntry = connection.lookup( "cn=nis,ou=schema" );
boolean isNisDisabled = nisEntry.contains( "m-disabled",
"TRUE" );
// if nis is disabled then enable it
if ( isNisDisabled )
{
connection.modify( "cn=nis,ou=schema", new
DefaultModification( ModificationOperation.REMOVE_ATTRIBUTE,
"m-disabled", "TRUE" ) );
}
}
@ApplyLdifs( {
// the users organizationalUnit
"dn: ou=users,dc=mycompany,dc=com",
"objectClass: organizationalUnit",
"objectClass: top",
"ou: users",
"description: Users",
// the groups organizationalUnit
"dn: ou=groups,dc=mycompany,dc=com",
"objectClass: organizationalUnit",
"objectClass: top",
"ou: groups",
"description: Groups" })
@Test
public void myTest()
{
blah...
That should work.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com