directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Zoerner <SZOER...@de.ibm.com>
Subject Re: DirContext Search Error
Date Fri, 04 Nov 2005 12:35:34 GMT
Hi David!

Great to hear about your integration into the portal!

David Le Strat wrote:

> All,
>
> I am working on integration apacheDS with Jetspeed 2. I can create 
entries fine, but I am running into issue
> with the DirContext search.
>
> I obtain the following context using pretty much the
> default apacheds-server.xml
>
> env.put(Context.INITIAL_CONTEXT_FACTORY,
> "com.sun.jndi.ldap.LdapCtxFactory");
> env.put(Context.PROVIDER_URL,
> "ldap://localhost:10389/");
> env.put(Context.SECURITY_PRINCIPAL,
> "uid=admin,ou=system");
> env.put(Context.SECURITY_CREDENTIALS, rootPassword);
> env.put(Context.SECURITY_AUTHENTICATION, "simple");
> ctx = new InitialLdapContext(env, null);
>
> As you can see the default setting uses
> com.sun.jndi.ldap.LdapCtxFactory.
>
> I want to run the following search context query:
>
> SearchControls controls = new SearchControls(); 
controls.setSearchScope(SearchControls.SUBTREE_SCOPE);
> controls.setReturningObjFlag(true);
>
> NamingEnumeration searchResults = ((DirContext)
> ctx).search("", "(&(uid=1269495866)
> (objectclass=jetspeed-2-user))", controls );
>
> When doing so, I get the following error:
>
> org.apache.jetspeed.security.SecurityException:
> javax.naming.NamingException: [LDAP: error code 36 -
> failed on search operation]; remaining name ''


This problem does also occur if you use a normal LDAP client with your 
search criteria. Therefore it has nothing to do with your JNDI client. It 
fails to search the Root DSE with sub scope ...:

$ ldapsearch -D uid=admin,ou=system -w secret -b "" -s sub -p 10389 -h 
magritte (objectClass=*)"
ldap_search: No such object
ldap_search: additional info: failed on search operation

But if you use a suffix instead of the Root DSE ("") as a search base 
(option -b with this tool here), it works, for instance:

$ ldapsearch -D uid=admin,ou=system -w secret -b "ou=system" -s sub -p 
10389 -h magritte (objectClass=*)"
ou=system
ou=system
objectClass=organizationalUnit
objectClass=top

ou=configuration,ou=system
ou=configuration
objectClass=organizationalUnit
objectClass=top

...

It should therefore be possible to perform your search with either another 
JNDI provider URL, e.g. with your partition suffix included

env.put(Context.PROVIDER_URL, "ldap://localhost:10389/o=sevenSeas");

and/or other parameters for the search call

NamingEnumeration searchResults = ((DirContext) ctx).search("o=sevenSeas", 
"(&(uid=1269495866)...


It is still an open issue to me, whether we should allow searches within 
the Root DSE ("") with subtree scope, and include all partitions attached. 
Some LDAP servers allow that. But I hope you can continue your integration 
with the work around of specifying your search more detailed ...

Greetings from Hamburg,
    Stefan

Mime
View raw message