Mailing-List: contact commits-help@directory.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@directory.apache.org
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r486187 [7/49] - in /directory/trunks/triplesec: ./
 admin-api/
 admin-api/src/ admin-api/src/main/ admin-api/src/main/java/
 admin-api/src/main/java/org/ admin-api/src/main/java/org/safehaus/
 admin-api/src/main/java/org/safehaus/triplesec/ ad...
Date: Tue, 12 Dec 2006 15:24:14 -0000
To: commits@directory.apache.org
From: tbennett@apache.org
Message-Id: <20061212152439.4DDBF1A9829@eris.apache.org>

Added: directory/trunks/triplesec/admin-api/src/test/resources/server.ldif
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/test/resources/server.ldif?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/test/resources/server.ldif (added)
+++ directory/trunks/triplesec/admin-api/src/test/resources/server.ldif Tue Dec 12 07:23:31 2006
@@ -0,0 +1,485 @@
+#
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#  
+#    http://www.apache.org/licenses/LICENSE-2.0
+#  
+#  Unless required by applicable law or agreed to in writing,
+#  software distributed under the License is distributed on an
+#  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+#  KIND, either express or implied.  See the License for the
+#  specific language governing permissions and limitations
+#  under the License. 
+#  
+#   EXAMPLE.COM is freely and reserved for testing according to this RFC:
+#
+#   http://www.rfc-editor.org/rfc/rfc2606.txt
+#
+#
+
+#
+# This ACI allows brouse access to the root suffix and one level below that to anyone.
+# At this level there is nothing critical exposed.  Everything that matters is one or
+# more levels below this.
+#
+
+dn: cn=browseRootAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { maximum 1 }
+prescriptiveACI: { identificationTag "browseRoot", precedence 100, authenticationLevel none, itemOrUserFirst userFirst: { userClasses { allUsers }, userPermissions { { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse } } } } }
+
+dn: ou=Users, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Users
+
+#
+# This ACI allows users to modify a limited set of attributes in their own user
+# entry as well as read, compare those attributes.  The user's entry must be 
+# browseable and the DN must be returnable.
+#
+
+dn: cn=allowSelfModificationsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfModifications", precedence 14, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantModify, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {userPassword, krb5Key, givenName, cn, commonName, surName, sn, objectClass }}, grantsAndDenials { grantModify, grantAdd, grantRemove, grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+#
+# This ACI allows users to access a limited set of attributes in their own user
+# entry as well as compare those attributes.  The user's entry must be browseable 
+# and the DN must be returnable.
+#
+
+dn: cn=allowSelfAccessAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "allowSelfAccess", precedence 15, authenticationLevel simple, itemOrUserFirst userFirst: { userClasses { thisEntry }, userPermissions  {  { protectedItems {entry}, grantsAndDenials { grantReturnDN, grantBrowse, grantRead, grantDiscloseOnError } }, { protectedItems {allAttributeValues {uid, userPassword, givenName, cn, commonName, surName, sn, objectClass, creatorsName, modifiersName, createTimestamp, modifyTimestamp, krb5AccountDisabled, description, apacheSamType }}, grantsAndDenials { grantRead, grantDiscloseOnError, grantCompare } } } } }
+
+dn: ou=Groups, dc=example, dc=com
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
+
+dn: cn=superUsers, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: superUsers
+uniqueMember: uid=admin, ou=system
+
+dn: cn=userAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: userAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=applicationAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: applicationAdmin
+uniqueMember: uid=admin, ou=system
+
+dn: cn=groupAdmins, ou=Groups, dc=example, dc=com
+objectClass: top
+objectClass: groupOfUniqueNames
+cn: groupAdmin
+uniqueMember: uid=admin, ou=system
+
+#
+# This ACI allows members of the superUsers group to have full modify and read access
+# to the entire realm as does the system administrator principal: uid=admin, ou=system.
+#
+# The only thing these users cannot do is modify the system partition.  They are only
+# restricted to superUser rights within this realm partition
+#
+ 
+dn: cn=superUsersAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { }
+prescriptiveACI: { identificationTag "superUsersAci", precedence 20, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=superUsers,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+#
+# This ACI allows members of the userAdmin group to have full modify and read access
+# to user accounts besides their own.  Hence they can administer users in the system.
+#
+ 
+dn: cn=userAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=users", maximum 1 }
+prescriptiveACI: { identificationTag "userAdminsAci", precedence 16, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=userAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the applicationAdmin group to have full modify and read access
+# to all applications in the realm.  Adding users to this group is like a wild card for 
+# application access.
+#
+ 
+dn: cn=applicationAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=applications" }
+prescriptiveACI: { identificationTag "applicationAdminsAci", precedence 17, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=applicationAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+
+#
+# This ACI allows members of the groupAdmins group to have full modify and read access
+# to all groups in the realm other than the superUsers, userAdmins, groupAdmins, and the 
+# applicationAdmins groups.
+#
+# The rational behind this is to prevent these users from changing their or other
+# users' access rights for the entire system by modifying their membership in these 
+# groups. Making someone a groupAdmin should not open the door to their ability to
+# grant themselves or others system wide administrative abilities.
+#
+# Really the groupAdmins group is intended for users that have the ability to manage 
+# group membership in specific application administration groups and that's all.  
+# These types of admins should not have the right to promote others to system level
+# administrators or complete super users.
+#
+ 
+dn: cn=groupAdminsAci,dc=example,dc=com
+objectClass: top
+objectClass: subentry
+objectClass: accessControlSubentry
+subtreeSpecification: { base "ou=groups", specificExclusions { chopBefore: "cn=userAdmins", chopBefore: "cn=groupAdmins", chopBefore: "cn=applicationAdmins", chopBefore: "cn=superUsers" } }
+prescriptiveACI: { identificationTag "groupAdminsAci", precedence 18, authenticationLevel simple,  itemOrUserFirst userFirst: { userClasses { userGroup { "cn=groupAdmins,ou=groups,dc=example,dc=com" } }, userPermissions { { protectedItems {entry, allUserAttributeTypesAndValues},  grantsAndDenials { grantRead, grantReturnDN, grantBrowse, grantDiscloseOnError, grantCompare, grantAdd, grantRename, grantRemove, grantModify, grantImport, grantExport } } } } }
+
+dn: uid=akarasulu, ou=Users, dc=example,dc=com
+cn: Alex Karasulu
+sn: Karasulu
+givenname: Alex
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: extensibleObject
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Jacksonville
+uid: akarasulu
+krb5PrincipalName: akarasulu@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: akarasulu@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 666
+apacheSamType: 7
+safehausUid: akarasulu
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 27304238
+safehausSecret:: aaaabbbbccccdddd
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: maxwell
+
+dn: uid=lockedout, ou=Users, dc=example,dc=com
+cn: Risky
+sn: Lockedout
+givenname: Unlucky
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: DummyCity
+uid: lockedout
+krb5PrincipalName: lockedout@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: lockedout@example.com
+telephonenumber: +1 904 982 6882
+facsimiletelephonenumber: +1 904 982 6883
+roomnumber: 699
+safehausUid: lockedout
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 101347012
+safehausSecret:: (Q-H23BQ#SDsdkf3o&81923r
+safehausFailuresInEpoch: 20
+safehausResynchCount: -1
+safehausInfo: unlucky account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: asdfasdf
+
+dn: uid=erodriguez, ou=Users, dc=example,dc=com
+cn: Enrique Rodriguez
+sn: Rodriguez
+givenname: Enrique
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+objectclass: safehausProfile
+ou: Directory
+ou: Users
+l: Boston
+uid: erodriguez
+krb5PrincipalName: erodriguez@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+safehausUid: erodriguez
+safehausRealm: EXAMPLE.COM
+safehausLabel: example realm
+safehausFactor: 917483720127847
+safehausSecret:: xcJqp45S80e8fahs&@rq1I98awg8)^*
+safehausFailuresInEpoch: 0
+safehausResynchCount: -1
+safehausInfo: test account
+safehausTokenPin: 1234
+safehausNotifyBy: sms
+userpassword: noices
+
+dn: uid=krbtgt, ou=Users, dc=example,dc=com
+cn: Kerberos Server
+sn: Server
+givenname: Kerberos
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: krbtgt
+krb5PrincipalName: krbtgt/EXAMPLE.COM@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: kahuna
+
+dn: uid=hostssh, ou=Users, dc=example,dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: uidObject
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/www.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: uid=hostssh2, ou=Users, dc=example,dc=com
+cn: SSH Service
+sn: Service
+givenname: SSH
+objectclass: top
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: krb5Principal
+objectclass: krb5KDCEntry
+ou: Directory
+ou: Users
+l: Boston
+uid: hostssh
+krb5PrincipalName: host/kerberos.example.com@EXAMPLE.COM
+krb5KeyVersionNumber: 0
+mail: erodriguez@example.com
+telephonenumber: +1 408 555 9187
+facsimiletelephonenumber: +1 408 555 8473
+roomnumber: 667
+userpassword: randall
+
+dn: ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: organizationalunit
+ou: applications
+
+dn: appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyApplication
+appName: mockApplication
+userPassword:: dGVzdGluZw==
+
+dn: ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: permissions
+
+dn: permName=mockPerm0,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm0
+
+dn: permName=mockPerm1,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm1
+
+dn: permName=mockPerm2,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm2
+
+dn: permName=mockPerm3,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm3
+
+dn: permName=mockPerm4,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm4
+
+dn: permName=mockPerm5,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm5
+
+dn: permName=mockPerm6,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm6
+
+dn: permName=mockPerm7,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm7
+
+dn: permName=mockPerm8,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm8
+
+dn: permName=mockPerm9,ou=permissions,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyPermission
+permName: mockPerm9
+
+dn: ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: roles
+
+dn: roleName=mockRole0,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: policyRole
+objectClass: top
+roleName: mockRole0
+
+dn: roleName=mockRole1,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm0
+roleName: mockRole1
+
+dn: roleName=mockRole2,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm1
+roleName: mockRole2
+
+dn: roleName=mockRole3,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm3
+grants: mockPerm2
+roleName: mockRole3
+
+dn: roleName=mockRole4,ou=roles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyRole
+grants: mockPerm9
+grants: mockPerm7
+grants: mockPerm6
+grants: mockPerm5
+grants: mockPerm4
+roleName: mockRole4
+
+dn: ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: organizationalUnit
+ou: profiles
+
+dn: profileId=mockProfile0,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyProfile
+user: akarasulu
+profileId: mockProfile0
+
+dn: profileId=mockProfile1,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyProfile
+roles: mockRole2
+roles: mockRole1
+user: akarasulu
+profileId: mockProfile1
+
+dn: profileId=mockProfile2,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyProfile
+grants: mockPerm0
+roles: mockRole2
+user: akarasulu
+profileId: mockProfile2
+
+dn: profileId=mockProfile3,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyProfile
+grants: mockPerm7
+grants: mockPerm0
+roles: mockRole3
+user: akarasulu
+profileId: mockProfile3
+
+dn: profileId=mockProfile4,ou=profiles,appName=mockApplication,ou=applications,dc=example,dc=com
+objectClass: top
+objectClass: policyProfile
+denials: mockPerm7
+grants: mockPerm0
+roles: mockRole4
+roles: mockRole3
+user: akarasulu
+profileId: mockProfile4
+

Added: directory/trunks/triplesec/admin-api/src/test/resources/server.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/src/test/resources/server.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/src/test/resources/server.xml (added)
+++ directory/trunks/triplesec/admin-api/src/test/resources/server.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,250 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN"
+  "http://www.springframework.org/dtd/spring-beans.dtd">
+
+<beans>
+  <bean id="environment" class="org.springframework.beans.factory.config.PropertiesFactoryBean">
+    <property name="properties">
+      <props>
+        <prop key="java.naming.security.authentication">simple</prop>
+        <prop key="java.naming.security.principal">uid=admin,ou=system</prop>
+        <prop key="java.naming.security.credentials">secret</prop>
+        <prop key="java.naming.provider.url">dc=example,dc=com</prop>
+        <prop key="java.naming.factory.state">org.safehaus.triplesec.store.ProfileStateFactory</prop>
+        <prop key="java.naming.factory.object">org.safehaus.triplesec.store.ProfileObjectFactory</prop>
+
+        <prop key="kdc.primary.realm">EXAMPLE.COM</prop>
+        <prop key="kdc.principal">krbtgt/EXAMPLE.COM@EXAMPLE.COM</prop>
+        <prop key="kdc.encryption.types">des-cbc-md5 des3-cbc-sha1 des3-cbc-md5 des-cbc-md4 des-cbc-crc</prop>
+        <prop key="kdc.entryBaseDn">ou=users,dc=example,dc=com</prop>
+        <prop key="kdc.java.naming.security.credentials">secret</prop>
+
+        <prop key="changepw.entryBaseDn">ou=users,dc=example,dc=com</prop>
+        <prop key="changepw.java.naming.security.credentials">secret</prop>
+        <prop key="changepw.principal">kadmin/changepw@EXAMPLE.COM</prop>
+
+        <!-- All times are in minutes -->
+        <prop key="kdc.allowable.clockskew">5</prop>
+        <prop key="kdc.tgs.maximum.ticket.lifetime">1440</prop>
+        <prop key="kdc.tgs.maximum.renewable.lifetime">10080</prop>
+        <prop key="kdc.pa.enc.timestamp.required">true</prop>
+        <prop key="kdc.tgs.empty.addresses.allowed">true</prop>
+        <prop key="kdc.tgs.forwardable.allowed">true</prop>
+        <prop key="kdc.tgs.proxiable.allowed">true</prop>
+        <prop key="kdc.tgs.postdate.allowed">true</prop>
+        <prop key="kdc.tgs.renewable.allowed">true</prop>
+
+        <prop key="safehaus.entry.basedn">ou=Users,dc=example,dc=com</prop>
+        <prop key="safehaus.load.testdata">true</prop>
+        <prop key="kerberos.sam.type.7">org.safehaus.triplesec.verifier.hotp.DefaultHotpSamVerifier</prop>
+      </props>
+    </property>
+  </bean>
+
+  <bean id="configuration" class="org.safehaus.triplesec.configuration.MutableTriplesecStartupConfiguration">
+    <property name="workingDirectory"><value>partitions</value></property>
+    <property name="allowAnonymousAccess"><value>false</value></property>
+    <property name="accessControlEnabled"><value>true</value></property>
+    <property name="ldapPort"><value>10389</value></property>
+    <property name="enableKerberos"><value>true</value></property>
+    <property name="enableNtp"><value>false</value></property>
+    <property name="enableChangePassword"><value>true</value></property>
+
+    <!-- Uncomment below to have the server load entries on startup!        -->
+    <!-- ldifDirectory property can point to a relative file, directory or  -->
+    <!-- can point to an absolute path to either using the URL path         -->
+    <!-- notation: i.e. file:///Users/jack/apacheds/ldifs                   -->
+
+    <!-- Entries will optionally be filtered using LdifLoadFilters in the   -->
+    <!-- order specified.  The included Krb5KdcEntryFilter will filter      -->
+    <!-- kerberos principals creating keys for them using their             -->
+    <!-- userPassword attribute if present.                                 -->
+
+    <!-- If missing the Triplesec server will use LDIF files under the conf -->
+    <!-- directory where it has been installed.                             -->
+
+    <!--
+    <property name="ldifDirectory">
+      <value>example.ldif</value>
+    </property>
+    -->
+    <property name="ldifFilters">
+      <list>
+        <bean class="org.apache.directory.server.protocol.shared.store.Krb5KdcEntryFilter"/>
+      </list>
+    </property>
+
+    <property name="activationConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.ActivationConfiguration">
+        <property name="enableDecoyMidlet"><value>true</value></property>
+        <property name="otpLength"><value>6</value></property>
+        <property name="midletNameAttribute"><value>midletNameAttribute</value></property>
+      </bean>  
+    </property>    
+    
+    <property name="smsConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.SmsConfiguration">
+        <property name="smsUsername"><value>hauskeys</value></property>
+        <property name="smsPassword"><value>secret</value></property>
+        <property name="smsAccountName"><value>demo</value></property>
+        <property name="smsTransportUrl"><value>http://www.nbroadcasting.com/customers/messages/Sender.asp</value></property>
+      </bean>  
+    </property>    
+    
+    <property name="smtpConfiguration">
+      <bean class="org.safehaus.triplesec.configuration.SmtpConfiguration">
+        <property name="smtpAuthenticate"><value>false</value></property>
+        <!-- uncomment and set above property if authentication is required by mail server
+             <property name="smtpUsername"><value>hauskeys</value></property>
+             <property name="smtpPassword"><value>secret</value></property>
+             -->
+             <property name="smtpHost"><value>localhost</value></property>
+             <property name="smtpSubject"><value>Triplesec Account Activated</value></property>
+             <property name="smtpFrom"><value>dev@safehaus.org</value></property>
+           </bean>  
+         </property>    
+         
+    <property name="contextPartitionConfigurations">
+      <set>
+        <ref bean="examplePartitionConfiguration"/>
+      </set>
+    </property>
+    <property name="bootstrapSchemas">
+      <set>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CorbaSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CoreSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CosineSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.ApacheSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.CollectiveSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.InetorgpersonSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.JavaSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.Krb5kdcSchema"/>
+        <bean class="org.apache.directory.server.core.schema.bootstrap.SystemSchema"/>
+        <bean class="org.safehaus.triplesec.store.schema.SafehausSchema"/>
+      </set>
+    </property>
+    
+    <property name="extendedOperationHandlers">
+      <list>
+        <bean class="org.apache.directory.server.ldap.support.extended.GracefulShutdownHandler"/>
+        <bean class="org.apache.directory.server.ldap.support.extended.LaunchDiagnosticUiHandler"/>
+      </list>
+    </property>  
+
+    <property name="interceptorConfigurations">
+      <list>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>normalizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.normalization.NormalizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authenticationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authn.AuthenticationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>referralService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.referral.ReferralService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>authorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authz.AuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>defaultAuthorizationService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.authz.DefaultAuthorizationService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>exceptionService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.exception.ExceptionService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>schemaService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.schema.SchemaService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>subentryService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.subtree.SubentryService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>operationalAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.operational.OperationalAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>collectiveAttributeService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.collective.CollectiveAttributeService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>eventService</value></property>
+          <property name="interceptor">
+            <bean class="org.apache.directory.server.core.event.EventService" />
+          </property>
+        </bean>
+        <bean class="org.apache.directory.server.core.configuration.MutableInterceptorConfiguration">
+          <property name="name"><value>policyProtectionService</value></property>
+          <property name="interceptor">
+            <bean class="org.safehaus.triplesec.store.interceptor.PolicyProtectionInterceptor" />
+          </property>
+        </bean>
+      </list>
+    </property>
+  </bean>
+  
+  <bean id="examplePartitionConfiguration" class="org.apache.directory.server.core.configuration.MutablePartitionConfiguration">
+    <property name="name"><value>example</value></property>
+    <property name="suffix"><value>dc=example,dc=com</value></property>
+    <property name="indexedAttributes">
+      <set>
+        <value>objectClass</value>
+        <value>ou</value>
+        <value>dc</value>
+        <value>uid</value>
+        <value>profileId</value>
+        <value>roles</value>
+        <value>grants</value>
+        <value>denials</value>
+        <value>krb5PrincipalName</value>
+      </set>
+    </property>
+    <property name="contextEntry">
+      <value>
+        objectClass: top
+        objectClass: domain
+        objectClass: extensibleObject
+        dc: example
+        administrativeRole: accessControlSpecificArea
+        administrativeRole: collectiveAttributeSpecificArea
+      </value>
+    </property>
+  </bean>
+
+  <bean class="org.springframework.beans.factory.config.CustomEditorConfigurer">
+    <property name="customEditors">
+      <map>
+        <entry key="javax.naming.directory.Attributes">
+          <bean class="org.apache.directory.server.core.configuration.AttributesPropertyEditor"/>
+        </entry>
+      </map>
+   </property>
+  </bean>
+</beans>

Added: directory/trunks/triplesec/admin-api/todo.txt
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/admin-api/todo.txt?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/admin-api/todo.txt (added)
+++ directory/trunks/triplesec/admin-api/todo.txt Tue Dec 12 07:23:31 2006
@@ -0,0 +1,3 @@
+need to:
+
+ o cleanup doco

Added: directory/trunks/triplesec/changelog/README.txt
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/README.txt?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/README.txt (added)
+++ directory/trunks/triplesec/changelog/README.txt Tue Dec 12 07:23:31 2006
@@ -0,0 +1,15 @@
+
+   Example: Interceptor 
+ Objective: Demonstrate ApacheDS embedded configuration with LDAP service,
+            extra partition, and a custom interceptor for a changelog/audit
+            trail. 
+  To Build: mvn compile
+    To Run: mvn test
+   Summary: The purpose of this demolet is to show how custom interceptors 
+            can be used in apacheds by building a custom interceptor for 
+            keeping a change log.
+      Tips: This is a cumulative example and requires all the other examples
+            except for the kerberos example.  Take a look inside server-work
+            to see the changes.log file for this interceptor.  Tail -f the
+            file and start changing the directory.
+

Added: directory/trunks/triplesec/changelog/pom.xml
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/pom.xml?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/pom.xml (added)
+++ directory/trunks/triplesec/changelog/pom.xml Tue Dec 12 07:23:31 2006
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!--
+
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements.  See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership.  The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License.  You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied.  See the License for the
+  specific language governing permissions and limitations
+  under the License.
+
+-->
+
+<project>
+  <parent>
+    <groupId>org.safehaus.triplesec</groupId>
+    <artifactId>build</artifactId>
+    <version>1.0-SNAPSHOT</version>
+  </parent>
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>triplesec-changelog</artifactId>
+  <name>TripleSec Changelog Subsystem</name>
+  <packaging>jar</packaging>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-core</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>org.apache.directory.server</groupId>
+      <artifactId>apacheds-server-jndi</artifactId>
+      <version>1.0-SNAPSHOT</version>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>nlog4j</artifactId>
+      <version>1.2.25</version>
+    </dependency>
+  </dependencies>
+
+  <!-- <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-antrun-plugin</artifactId>
+        <executions>
+          <execution>
+            <phase>test</phase>
+            <configuration>
+              <tasks>
+                <java fork="true"
+                      classname="org.safehaus.triplesec.changelog.LdapChangeLogApplication">
+                  <classpath>
+                    <path refid="maven.compile.classpath"/>
+                    <path refid="maven.test.classpath"/>
+                    <path refid="maven.dependency.classpath"/>
+                  </classpath>
+                </java>
+              </tasks>
+            </configuration>
+            <goals>
+              <goal>run</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
+    </plugins>
+  </build> -->
+
+</project>

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/interceptor/ChangelogService.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/interceptor/ChangelogService.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/interceptor/ChangelogService.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/interceptor/ChangelogService.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,506 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.interceptor;
+
+
+import java.sql.Connection;
+import java.sql.DriverManager;
+import java.sql.PreparedStatement;
+import java.sql.SQLException;
+import java.sql.Timestamp;
+import java.util.Date;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Properties;
+
+import javax.naming.NamingException;
+import javax.naming.directory.Attributes;
+import javax.naming.directory.ModificationItem;
+
+import org.apache.directory.server.core.DirectoryServiceConfiguration;
+import org.apache.directory.server.core.configuration.InterceptorConfiguration;
+import org.apache.directory.server.core.interceptor.BaseInterceptor;
+import org.apache.directory.server.core.interceptor.NextInterceptor;
+import org.apache.directory.server.core.invocation.InvocationStack;
+import org.apache.directory.server.core.jndi.ServerContext;
+import org.apache.directory.server.core.schema.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.name.LdapDN;
+import org.apache.directory.shared.ldap.util.DateUtils;
+import org.apache.directory.shared.ldap.util.NamespaceTools;
+import org.safehaus.triplesec.changelog.beta.model.AddChangeEvent;
+import org.safehaus.triplesec.changelog.beta.model.ChangeEvent;
+import org.safehaus.triplesec.changelog.beta.model.DeleteChangeEvent;
+import org.safehaus.triplesec.changelog.beta.model.ModifyChangeEvent;
+import org.safehaus.triplesec.changelog.beta.model.ModifyDnChangeEvent;
+import org.safehaus.triplesec.changelog.beta.model.ModifyRdnChangeEvent;
+import org.safehaus.triplesec.changelog.beta.model.StringAttribute;
+import org.safehaus.triplesec.changelog.beta.support.AttributeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+
+/**
+ * An interceptor which maintains a change log as it intercepts changes to the
+ * directory. It maintains an embedded DB for writing Changelog Event records.
+ * 
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public class ChangelogService extends BaseInterceptor implements Runnable
+{
+    
+    private static final Logger log = LoggerFactory.getLogger( ChangelogService.class );
+
+    private static String dbProtocol = "jdbc:derby:";
+
+    private static String dbName = "changelogDb";
+
+    private static String dbTable = "changelogTable";
+
+    private static String dbUserName = "user1";
+
+    private static String dbPassword = "user1";
+
+    /** the single db connection */
+    private Connection conn = null;
+
+    /** queue of changelog events awaiting serialization to the db */
+    private LinkedList queue = new LinkedList();
+
+    /** a handle on the attributeType registry to determine the binary nature of attributes */
+    private AttributeTypeRegistry registry = null;
+
+    /** determines if this service has been activated */
+    private boolean isActive = false;
+
+    /** thread used to asynchronously write change logs to db */
+    private Thread writer = null;
+    
+    /** time to wait before automatically waking up the writer thread */
+    private static final long WAIT_TIMEOUT_MILLIS = 1000;
+
+
+    // -----------------------------------------------------------------------
+    // Overridden init() and destroy() methods
+    // -----------------------------------------------------------------------
+
+    public void init( DirectoryServiceConfiguration dsConfig, InterceptorConfiguration iConfig ) throws NamingException
+    {
+        super.init( dsConfig, iConfig );
+
+        // Initialize the DB backend for logging
+        initDb();
+
+        // Get a handle on the attribute registry to check if attributes are binary
+        registry = dsConfig.getGlobalRegistries().getAttributeTypeRegistry();
+
+        log.info( "# -----------------------------------------------------------------------------" );
+        log.info( "# Initializing changelog service: " + DateUtils.getGeneralizedTime() );
+        log.info( "# -----------------------------------------------------------------------------" );
+
+        writer = new Thread( this );
+        isActive = true;
+        writer.start();
+    }
+
+
+    public void destroy()
+    {
+        // Gracefully stop writer thread and push remaining enqueued buffers ourselves
+        isActive = false;
+        do
+        {
+            // Let's notify the writer thread to make it die faster
+            synchronized ( queue )
+            {
+                queue.notifyAll();
+            }
+
+            // Sleep tiny bit waiting for the writer to die
+            try
+            {
+                Thread.sleep( 50 );
+            }
+            catch ( InterruptedException e )
+            {
+                log.error( "Failed to sleep while waiting for writer to die", e );
+            }
+        }
+        while ( writer.isAlive() );
+
+        // Ok lock down queue and start draining it
+        synchronized ( queue )
+        {
+            while ( ! queue.isEmpty() )
+            {
+                ChangeEvent changeEvent = ( ChangeEvent ) queue.getFirst();
+                if ( changeEvent != null )
+                {
+                    writeChangeEventToDb( changeEvent );
+                }
+            }
+        }
+
+        shutdownDb();
+
+        log.info( "# -----------------------------------------------------------------------------" );
+        log.info( "# Deactivating changelog service: " + DateUtils.getGeneralizedTime() );
+        log.info( "# -----------------------------------------------------------------------------" );
+
+        super.destroy();
+    }
+
+
+    // -----------------------------------------------------------------------
+    // Implementation for Runnable.run() for writer Thread
+    // -----------------------------------------------------------------------
+
+    public void run()
+    {
+        while ( isActive )
+        {
+            ChangeEvent changeEvent = null;
+
+            // Grab semphore to queue and dequeue from it
+            synchronized ( queue )
+            {
+                try
+                {
+                    queue.wait( WAIT_TIMEOUT_MILLIS );
+                }
+                catch ( InterruptedException e )
+                {
+                    log.error( "Failed to to wait() on queue", e );
+                }
+
+                // replacing following jdk 1.5 poll() function with equivalent 1.4 functions
+                // changeEvent = ( ChangeEvent ) queue.poll();
+                if ( queue.size() == 0 )
+                {
+                    changeEvent = null;
+                }
+                else
+                {
+                    changeEvent = ( ChangeEvent ) queue.removeFirst();
+                }
+
+                queue.notifyAll();
+            }
+
+            // Do writing outside of synch block to allow other threads to enqueue
+            if ( changeEvent != null )
+            {
+                writeChangeEventToDb( changeEvent );
+            }
+        }
+    }
+
+
+    // -----------------------------------------------------------------------
+    // Overridden (only change inducing) intercepted methods
+    // -----------------------------------------------------------------------
+
+    public void add( NextInterceptor next, LdapDN nDn, Attributes entry ) throws NamingException
+    {
+        next.add( nDn, entry );
+
+        if ( ! isActive )
+        {
+            return;
+        }
+
+        AddChangeEvent changeEvent = new AddChangeEvent( 0, nDn.getUpName(), getPrincipalName(), 
+            new Date(), AttributeUtils.attributesToStringAttributeList( entry, registry ) );
+        
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }
+    }
+
+
+    public void delete( NextInterceptor next, LdapDN nDn ) throws NamingException
+    {
+        next.delete( nDn );
+
+        if ( ! isActive )
+        {
+            return;
+        }
+
+        DeleteChangeEvent changeEvent = new DeleteChangeEvent( 0, nDn.toString(), getPrincipalName(), new Date() ); 
+        
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }
+    }
+
+
+    public void modify( NextInterceptor next, LdapDN nDn, int modOp, Attributes mods ) throws NamingException
+    {
+        /**
+         * TODO: We need to deep copy here (before invoking the next
+         * interceptor) attributes that are being deleted or replaced. They
+         * should be gathered from the DIT while we do not have them passed
+         * here. BTW, logging this detailed information can also be necessary
+         * for "rollback support".
+         * 
+         * This issue is also valid for other similar operations.
+         */
+
+        next.modify( nDn, modOp, mods );
+
+        if ( ! isActive )
+        {
+            return;
+        }
+        
+        List strAttributes = AttributeUtils.attributesToStringAttributeList( mods, registry );
+        ModifyChangeEvent changeEvent = new ModifyChangeEvent( 0, nDn.toString(), getPrincipalName(), new Date() );
+        changeEvent.addModificationAttributes( modOp, strAttributes );
+        
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }
+
+    }
+
+
+    public void modify( NextInterceptor next, LdapDN nDn, ModificationItem[] mods ) throws NamingException
+    {
+
+        next.modify( nDn, mods );
+
+        if ( ! isActive )
+        {
+            return;
+        }
+
+        ModifyChangeEvent changeEvent = new ModifyChangeEvent( 0, nDn.toString(), getPrincipalName(), new Date() );
+        
+        for (int i = 0; i < mods.length; i++ )
+        {
+            StringAttribute strAttribute = AttributeUtils.attributeToStringAttribute( mods[i].getAttribute(), registry );
+            changeEvent.addModificationAttribute( mods[i].getModificationOp(), strAttribute );
+        }
+
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }
+    }
+    
+    
+    public void modifyRn( NextInterceptor next, LdapDN name, String newRn, boolean deleteOldRn ) throws NamingException
+    {
+        
+        next.modifyRn( name, newRn, deleteOldRn );
+        
+        if ( ! isActive )
+        {
+            return;
+        }
+        
+        ModifyRdnChangeEvent changeEvent = new ModifyRdnChangeEvent( 
+            0,
+            name.toString(), 
+            getPrincipalName(), 
+            new Date(), 
+            newRn, 
+            deleteOldRn);
+
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }       
+        
+    }
+    
+    
+    public void move( NextInterceptor next, LdapDN oldName, LdapDN newParentName, String newRn, boolean deleteOldRn ) throws NamingException
+    {
+        
+        next.move( oldName, newParentName, newRn, deleteOldRn );
+
+        if ( ! isActive )
+        {
+            return;
+        }
+
+        String newDn = newRn + "," + newParentName;
+        ModifyDnChangeEvent changeEvent = new ModifyDnChangeEvent( 
+            0,
+            oldName.toString(), 
+            getPrincipalName(), 
+            new Date(), 
+            newDn, 
+            deleteOldRn );
+
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }
+        
+    }
+      
+    
+    public void move( NextInterceptor next, LdapDN oldName, LdapDN newParentName ) throws NamingException
+    {
+        next.move( oldName, newParentName );
+        
+        if ( ! isActive )
+        {
+            return;
+        }
+        
+        String newDn = NamespaceTools.getRdn( oldName.toString() ) + "," + newParentName;
+        ModifyDnChangeEvent changeEvent = new ModifyDnChangeEvent( 
+            0,
+            oldName.toString(), 
+            getPrincipalName(), 
+            new Date(), 
+            newDn, 
+            false );
+        
+        // Enqueue the buffer onto a queue that is emptied by another thread asynchronously.
+        synchronized ( queue )
+        {
+            queue.addLast( changeEvent );
+            queue.notifyAll();
+        }
+    }
+     
+
+    // -----------------------------------------------------------------------
+    // Private utility methods used by interceptor methods
+    // -----------------------------------------------------------------------
+
+    /**
+     * Gets the DN of the user currently bound to the server executing this
+     * operation. If the user is anonymous "" is returned.
+     * 
+     * @return the DN of the user executing the current intercepted operation
+     * @throws NamingException
+     *             if we cannot access the interceptor stack
+     */
+    private String getPrincipalName() throws NamingException
+    {
+        
+        ServerContext ctx = ( ServerContext ) InvocationStack.getInstance().peek().getCaller();
+        return ctx.getPrincipal().getName();
+        
+    }
+    
+
+    // -----------------------------------------------------------------------
+    // Private utility methods for DB access
+    // -----------------------------------------------------------------------
+
+    private void initDb() throws NamingException
+    {
+
+        Properties props = new Properties();
+        props.put( "user", dbUserName );
+        props.put( "password", dbPassword );
+
+        try
+        {
+            conn = DriverManager.getConnection( dbProtocol + dbName, props );
+        }
+        catch ( SQLException e )
+        {
+            NamingException ne = new NamingException();
+            ne.setRootCause( e );
+            throw ne;
+        }
+
+    }
+
+
+    private void writeChangeEventToDb( ChangeEvent changeEvent )
+    {
+        
+        PreparedStatement insertStatement = null;
+
+        try
+        {
+            insertStatement = conn.prepareStatement( "insert into " + dbTable + " values (DEFAULT, ?, ?, ?, ?, ?)" );
+            insertStatement.setInt( 1, changeEvent.getEventType() );
+            insertStatement.setString( 2, changeEvent.getAffectedEntryName() );
+            insertStatement.setString( 3, changeEvent.getPrincipalName() );
+            insertStatement.setTimestamp( 4, new Timestamp( changeEvent.getEventTime().getTime() ) );
+            insertStatement.setString( 5, changeEvent.getEventMessage() );
+            insertStatement.execute();
+        }
+        catch ( SQLException e )
+        {
+            log.error( "Failed to create the record insertion SQL prepared statement: " + e );
+        }
+        finally
+        {
+            if ( insertStatement != null )
+            {
+                try
+                {
+                    insertStatement.close();
+                }
+                catch ( SQLException e )
+                {
+                    e.printStackTrace();
+                }
+            }
+        }
+    }
+
+    private void shutdownDb()
+    {
+        
+        if ( conn == null )
+        {
+            return;
+        }
+
+        try
+        {
+            conn.close();
+        }
+        catch ( SQLException e )
+        {
+            log.error( "Cannot close DB connection: " + e );
+            e.printStackTrace();
+        }
+
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/AddChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/AddChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/AddChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/AddChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,62 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+
+import org.safehaus.triplesec.changelog.beta.support.ChangeEventType;
+
+/**
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public class AddChangeEvent extends BaseChangeEvent
+{
+    private List attributes = new ArrayList();
+
+    public AddChangeEvent( int id, String affectedEntryName, String changeEventPrincipal, Date changeEventTime )
+    {
+        super( id, ChangeEventType.ADD_CHANGE_EVENT, affectedEntryName, changeEventPrincipal, changeEventTime );
+    }
+    
+    public AddChangeEvent( int id, String affectedEntryName, String changeEventPrincipal, Date changeEventTime, List attributes )
+    {
+        super( id, ChangeEventType.ADD_CHANGE_EVENT, affectedEntryName, changeEventPrincipal, changeEventTime );
+        addAttributes( attributes );
+    }
+
+    public String getEventMessage()
+    {
+        return attributes.toString();
+    }
+    
+    public void addAttributes( List attributes )
+    {
+        this.attributes.addAll( attributes );
+    }
+    
+    public List getAttributes()
+    {
+        return attributes;
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/BaseChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/BaseChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/BaseChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/BaseChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,120 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.Date;
+
+import org.safehaus.triplesec.changelog.beta.support.ChangeEventType;
+
+/**
+ * A base implementation for {@link org.safehaus.triplesec.changelog.beta.model.ChangeEvent}
+ * 
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public class BaseChangeEvent implements ChangeEvent
+{
+    private int id;
+    private int changeEventType;
+    private String affectedEntryName;
+    private String changeEventPrincipal;
+    private Date changeEventTime;
+
+
+    public BaseChangeEvent( int id, int changeEventType, String affectedEntryName, String changeEventPrincipal, Date changeEventTime)
+    {
+        this.id = id;
+        this.changeEventType = changeEventType;
+        this.affectedEntryName = affectedEntryName;
+        this.changeEventPrincipal = changeEventPrincipal;
+        this.changeEventTime = changeEventTime;
+    }
+
+
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.ChangeEvent#getEventMessage()
+     */
+    public String getEventMessage()
+    {
+        return "";
+    }
+
+
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.ChangeEvent#getEventTime()
+     */
+    public Date getEventTime()
+    {
+        return changeEventTime;
+    }
+
+
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.ChangeEvent#getEventType()
+     */
+    public int getEventType()
+    {
+        return changeEventType;
+    }
+    
+    
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.ChangeEvent#getNameOfAffectedEntry()
+     */
+    public String getAffectedEntryName()
+    {
+        return affectedEntryName;
+    }
+
+
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.ChangeEvent#getPrincipleName()
+     */
+    public String getPrincipalName()
+    {
+        return changeEventPrincipal;
+    }
+
+
+    public String getEventTypeName()
+    {
+        return ChangeEventType.getChangeEventTypeNameByIntEnum( getEventType() );
+    }
+
+
+    public int getEventId()
+    {
+        return id;
+    }
+
+
+    public String getAffectedEntryShortName()
+    {
+        if ( affectedEntryName.length() > 40  )
+        {
+            return affectedEntryName.subSequence(0, 35).toString() + "...";    
+        }
+        else
+        {
+            return affectedEntryName;
+        }
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,90 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.Date;
+
+/**
+ * Represents a change-type LDAP operation with invocation time and
+ * principle.
+ * 
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public interface ChangeEvent
+{
+    /**
+     * Returns the unique id of the change event.
+     * 
+     * @return The unique id of the change event
+     */
+    public int getEventId();
+    
+    
+    /**
+     * Returns the type of the change event as an integer.
+     * 
+     * @return The type of the change event as an integer
+     */
+    public int getEventType();
+    
+    /**
+     * Returns the type of the change event as a string.
+     * 
+     * @return The type of the change event as a string
+     */
+    public String getEventTypeName();
+    
+    /**
+     * Returns the distinguished name of the entry being affected.
+     * 
+     * @return The distinguished name of the entry being affected
+     */
+    public String getAffectedEntryName();
+    
+    /**
+     * Returns a short form of the distinguished name of the entry being affected.
+     * 
+     * @return A short for of the distinguished name of the entry being affected
+     */
+    public String getAffectedEntryShortName();
+    
+    /**
+     * Returns a detailed message about the change event.
+     * 
+     * @return Detailed message about the change event
+     */
+    public String getEventMessage();
+    
+    /**
+     * Returns the time when the change event generated.
+     * 
+     * @return The time when the change event generated
+     */
+    public Date getEventTime();
+    
+    /**
+     * Returns the name of the principle caused the change event
+     * to be generated because of operation it invoked.
+     * 
+     * @return The name of the principle in effect
+     */
+    public String getPrincipalName();
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/DeleteChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/DeleteChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/DeleteChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/DeleteChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,44 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.Date;
+
+import org.safehaus.triplesec.changelog.beta.support.ChangeEventType;
+
+/**
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public class DeleteChangeEvent extends BaseChangeEvent
+{
+
+    public DeleteChangeEvent( int id, String affectedEntryName, String changeEventPrincipal, Date changeEventTime )
+    {
+        super( id, ChangeEventType.DELETE_CHANGE_EVENT, affectedEntryName, changeEventPrincipal, changeEventTime );
+    }
+        
+
+    public String getEventMessage()
+    {
+        return getAffectedEntryName();
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,140 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import org.safehaus.triplesec.changelog.beta.support.AttributeModificationType;
+import org.safehaus.triplesec.changelog.beta.support.ChangeEventType;
+
+/**
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public class ModifyChangeEvent extends BaseChangeEvent
+{
+    private List addedAttributes = new ArrayList();
+    private List removedAttributes = new ArrayList();
+    private List replacedAttributes = new ArrayList();
+    private Map modifications = new HashMap();
+    
+    /** Refecence types used for as keys for the attribute modification map */
+    private static Integer ADD_ATTRIBUTE_MODIFICATION_OBJECT = new Integer( AttributeModificationType.ADD_ATTRIBUTE_MODIFICATION );
+    private static Integer REMOVE_ATTRIBUTE_MODIFICATION_OBJECT = new Integer( AttributeModificationType.REMOVE_ATTRIBUTE_MODIFICATION );
+    private static Integer REPLACE_ATTRIBUTE_MODIFICATION_OBJECT = new Integer( AttributeModificationType.REPLACE_ATTRIBUTE_MODIFICATION );
+
+    public ModifyChangeEvent( int id, String affectedEntryName, String changeEventPrincipal, Date changeEventTime )
+    {
+        super( id, ChangeEventType.MODIFY_CHANGE_EVENT, affectedEntryName, changeEventPrincipal, changeEventTime );
+        
+        modifications.put( ADD_ATTRIBUTE_MODIFICATION_OBJECT, addedAttributes );
+        modifications.put( REMOVE_ATTRIBUTE_MODIFICATION_OBJECT, removedAttributes );
+        modifications.put( REPLACE_ATTRIBUTE_MODIFICATION_OBJECT, replacedAttributes );
+    }
+    
+    public void addModificationAttribute( int modType, StringAttribute attribute )
+    {
+        switch ( modType )
+        {
+            case AttributeModificationType.ADD_ATTRIBUTE_MODIFICATION:
+                addedAttributes.add( attribute );
+                break;
+            case AttributeModificationType.REMOVE_ATTRIBUTE_MODIFICATION:
+                removedAttributes.add( attribute );
+                break;
+            case AttributeModificationType.REPLACE_ATTRIBUTE_MODIFICATION:
+                replacedAttributes.add( attribute );
+                break;
+            default:
+                throw new IllegalArgumentException( "Unmatched Attribute Modification Type: " + modType );
+        }
+    }
+    
+    public void addModificationAttributes( int modType, List stringAttributes )
+    {
+        Iterator it = stringAttributes.iterator();
+        while ( it.hasNext() )
+        {
+            addModificationAttribute( modType, (StringAttribute) it.next() );
+        }
+    }
+    
+    public List getAddedAttributes()
+    {
+        return addedAttributes;
+    }
+    
+    public List getRemovedAttributes()
+    {
+        return removedAttributes;
+    }
+    
+    public List getReplacedAttributes()
+    {
+        return replacedAttributes;
+    }
+    
+    public boolean anyAddedAttributeExists()
+    {
+        return addedAttributes.size() > 0;
+    }
+    
+    public boolean anyRemovedAttributeExists()
+    {
+        return removedAttributes.size() > 0;
+    }
+    
+    public boolean anyReplacedAttributeExists()
+    {
+        return replacedAttributes.size() > 0;
+    }
+
+    public String getEventMessage()
+    {
+        StringBuffer buffer = new StringBuffer();
+        
+        if ( anyAddedAttributeExists() )
+        {
+            buffer.append( "added:: " );
+            buffer.append( getAddedAttributes().toString() );
+            buffer.append( "\n" );
+        }
+        if ( anyRemovedAttributeExists() )
+        {
+            buffer.append( "removed:: " );
+            buffer.append( getRemovedAttributes().toString() );
+            buffer.append( "\n" );
+        }
+        if ( anyReplacedAttributeExists() )
+        {
+            buffer.append( "replaced:: " );
+            buffer.append( getReplacedAttributes().toString() );
+            buffer.append( "\n" );
+        }
+        
+        return buffer.toString();
+    }
+    
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyDnChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyDnChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyDnChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyDnChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,70 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.Date;
+
+import org.safehaus.triplesec.changelog.beta.support.ChangeEventType;
+
+/**
+ * @author ersin
+ *
+ */
+public class ModifyDnChangeEvent extends BaseChangeEvent
+{
+    private String newDn;
+    private boolean deleteOldRdn;
+    
+    
+    public ModifyDnChangeEvent( int id, String affectedEntryName, String changeEventPrincipal, Date changeEventTime, String newDn, boolean deleteOldRdn )
+    {
+        super( id, ChangeEventType.MODDN_CHANGE_EVENT, affectedEntryName, changeEventPrincipal, changeEventTime );
+        this.newDn = newDn;
+        this.deleteOldRdn = deleteOldRdn;
+    }
+    
+
+    /**
+     * @return Returns the deleteOldRdn.
+     */
+    public boolean isDeleteOldRdn()
+    {
+        return deleteOldRdn;
+    }
+
+
+    /**
+     * @return Returns the newDn.
+     */
+    public String getNewDn()
+    {
+        return newDn;
+    }
+
+
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.BaseChangeEvent#getEventMessage()
+     */
+    public String getEventMessage()
+    {
+        return "dn moved to " + newDn;
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyRdnChangeEvent.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyRdnChangeEvent.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyRdnChangeEvent.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/ModifyRdnChangeEvent.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,70 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.Date;
+
+import org.safehaus.triplesec.changelog.beta.support.ChangeEventType;
+
+/**
+ * @author ersin
+ *
+ */
+public class ModifyRdnChangeEvent extends BaseChangeEvent
+{
+    private String newRdn;
+    private boolean deleteOldRdn;
+    
+    
+    public ModifyRdnChangeEvent( int id, String affectedEntryName, String changeEventPrincipal, Date changeEventTime, String newRdn, boolean deleteOldRdn )
+    {
+        super( id, ChangeEventType.MODRDN_CHANGE_EVENT, affectedEntryName, changeEventPrincipal, changeEventTime );
+        this.newRdn = newRdn;
+        this.deleteOldRdn = deleteOldRdn;
+    }
+    
+
+    /**
+     * @return Returns the deleteOldRdn.
+     */
+    public boolean isDeleteOldRdn()
+    {
+        return deleteOldRdn;
+    }
+
+
+    /**
+     * @return Returns the newRdn.
+     */
+    public String getNewRdn()
+    {
+        return newRdn;
+    }
+
+
+    /* (non-Javadoc)
+     * @see org.safehaus.triplesec.changelog.model.BaseChangeEvent#getEventMessage()
+     */
+    public String getEventMessage()
+    {
+        return "rdn moved to " + newRdn;
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/StringAttribute.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/StringAttribute.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/StringAttribute.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/model/StringAttribute.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,93 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.model;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public class StringAttribute
+{
+    private String id;
+    private List values = new ArrayList();
+    
+    public StringAttribute( String id )
+    {
+        this.id = id;
+    }
+    
+    public StringAttribute( String id, String value )
+    {
+        this( id );
+        addValue( value );
+    }
+    
+    public StringAttribute( String id, List values )
+    {
+        this( id );
+        addValues( values );
+    }
+    
+
+    public String getId()
+    {
+        return id;
+    }
+
+
+    public List getValues()
+    {
+        return values;
+    }
+
+
+    public void addValue( String value )
+    {
+        values.add( value );
+    }
+
+
+    public void addValues( List values )
+    {
+        // TODO: Need some safity check here
+        values.addAll( values );
+    }
+    
+    public String toString()
+    {
+        StringBuffer buffer = new StringBuffer();
+        Iterator it = values.iterator();
+        
+        while ( it.hasNext() )
+        {
+            buffer.append( id );
+            buffer.append( ": " );
+            buffer.append( it.next() );
+            buffer.append( ", " );
+        }
+        
+        return buffer.toString();
+    }
+
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeModificationType.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeModificationType.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeModificationType.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeModificationType.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,72 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.support;
+
+import javax.naming.directory.DirContext;
+
+/**
+ * @author <a href="mailto:ersiner@safehaus.org">Ersin Er</a>
+ * @author <a href="mailto:akarasulu@safehaus.org">Alex Karasulu</a>
+ */
+public abstract class AttributeModificationType
+{
+	public static final int ADD_ATTRIBUTE_MODIFICATION = DirContext.ADD_ATTRIBUTE;
+	public static final int REMOVE_ATTRIBUTE_MODIFICATION = DirContext.REMOVE_ATTRIBUTE;
+	public static final int REPLACE_ATTRIBUTE_MODIFICATION = DirContext.REPLACE_ATTRIBUTE;
+
+	public static String getAttributeModificationTypeNameByIntEnum( int intType )
+	{
+		switch ( intType )
+		{
+			case ADD_ATTRIBUTE_MODIFICATION:
+				return "add";
+			case REMOVE_ATTRIBUTE_MODIFICATION:
+				return "remove";
+			case REPLACE_ATTRIBUTE_MODIFICATION:
+				return "replace";
+			default:
+                throw new IllegalArgumentException( "Unmatched Attribute Modification Type: " + intType );
+        }
+	}
+    
+	public static int getIntEnumAttributeModicafitionTypeByName( String name )
+    {
+        if ( name.equals( "add" ) )
+        {
+            return ADD_ATTRIBUTE_MODIFICATION;
+        }
+        else if ( name.equals( "remove" ) )
+        {
+            return REMOVE_ATTRIBUTE_MODIFICATION;
+        }
+        else if ( name.equals( "replace" ) )
+        {
+            return REPLACE_ATTRIBUTE_MODIFICATION;
+        }
+        else
+        {
+            throw new IllegalArgumentException( "Unmatched Attribute Modification Type Name: " + name );
+        }
+    }
+    
+    private AttributeModificationType()
+    {
+    }
+}

Added: directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeUtils.java
URL: http://svn.apache.org/viewvc/directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeUtils.java?view=auto&rev=486187
==============================================================================
--- directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeUtils.java (added)
+++ directory/trunks/triplesec/changelog/src/main/java/org/safehaus/triplesec/changelog/beta/support/AttributeUtils.java Tue Dec 12 07:23:31 2006
@@ -0,0 +1,101 @@
+/*
+ *  Licensed to the Apache Software Foundation (ASF) under one
+ *  or more contributor license agreements.  See the NOTICE file
+ *  distributed with this work for additional information
+ *  regarding copyright ownership.  The ASF licenses this file
+ *  to you under the Apache License, Version 2.0 (the
+ *  "License"); you may not use this file except in compliance
+ *  with the License.  You may obtain a copy of the License at
+ *  
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *  
+ *  Unless required by applicable law or agreed to in writing,
+ *  software distributed under the License is distributed on an
+ *  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ *  KIND, either express or implied.  See the License for the
+ *  specific language governing permissions and limitations
+ *  under the License. 
+ *  
+ */
+package org.safehaus.triplesec.changelog.beta.support;
+
+import java.io.UnsupportedEncodingException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.naming.NamingEnumeration;
+import javax.naming.NamingException;
+import javax.naming.directory.Attribute;
+import javax.naming.directory.Attributes;
+
+import org.apache.directory.server.core.schema.AttributeTypeRegistry;
+import org.apache.directory.shared.ldap.util.Base64;
+import org.safehaus.triplesec.changelog.beta.model.StringAttribute;
+
+public class AttributeUtils
+{
+    
+    public static List attributesToStringAttributeList( Attributes attributes, AttributeTypeRegistry registry ) throws NamingException
+    {
+        List stringAttributes = new ArrayList();
+        NamingEnumeration attributeEnum = attributes.getAll();
+
+        while ( attributeEnum.hasMore() )
+        {            
+            StringAttribute strAttribute = attributeToStringAttribute( (Attribute) attributeEnum.next(), registry );
+            stringAttributes.add( strAttribute );
+        }
+        return stringAttributes;
+        
+    }
+
+
+    public static StringAttribute attributeToStringAttribute( Attribute attr, AttributeTypeRegistry registry ) throws NamingException
+    {
+        
+        String id = ( String ) attr.getID();
+        int size = attr.size();
+        
+        boolean isBinary = ! registry.lookup( id ).getSyntax().isHumanReadible();
+        
+        StringAttribute strAttribute = new StringAttribute( id );
+
+        if ( isBinary )
+        {
+            for ( int ii = 0; ii < size; ii++ )
+            {
+                Object value = attr.get( ii );
+                String encoded;
+                if ( value instanceof String )
+                {
+                    encoded = ( String ) value;
+                    try
+                    {
+                        encoded = new String( Base64.encode( encoded.getBytes( "UTF-8" ) ) );
+                    }
+                    catch ( UnsupportedEncodingException e )
+                    {
+                        //log.error( "Cannot convert to UTF-8: " + encoded, e );
+                    }
+                }
+                else
+                {
+                    encoded = new String( Base64.encode( ( byte[] ) attr.get( ii ) ) );
+                }
+                strAttribute.addValue( encoded );
+            }
+        }
+        else
+        {
+            for ( int ii = 0; ii < size; ii++ )
+            {
+                strAttribute.addValue( (String) attr.get( ii ) );
+            }
+        }
+
+        return strAttribute;
+        
+    }
+
+
+}