Hi Martin,

Sorry for not getting to this sooner...

On 7/23/07, Martin Alderson <Martin.Alderson@salfordsoftware.co.uk > wrote:
Hi all,

I'm looking for some advice on how to interact with an embedded ApacheDS server from a Quartz scheduled job.  This job will periodically add/modify an entry.

I had been using something like DirectoryService.getInstance().getConfiguration().getPartitionNexus().modify(...) but I need this operation to go through the interceptor chain.

Aye.  The best way to interact would be to actually get a JNDI context from inside the job
using the JNDI InitialContextFactory for the server's CoreContextFactory.  It's the proxy
objects that pipe calls in from the JNDI contexts into the InterceptorChain.

I think I need to get a JNDI context using (new InitialDirContext(env)) where env contains some credentials.  I guess I need the credentials of the admin user for this.  Is there any way for the server to know the operation is coming from the same process so it can automatically use the admin users credentials as stored in the directory?  If not how should I get the admin credentials?

Good question.  I don't think there is a way that the moment.  There has been some past
discussions about this but nothing conclusive.  Other services have the admin credentials
provided in their configuration which is bad bad and more bad.  We need to figure something
out here.  I'd be glad to help out on it but these next few days are going to be really hard
for me.

Thinking about it, I guess this is tied in to having the admin user credentials specified in the configuration file which also seems bad to me.  

Heh thinking the same here.

Couldn't this be scrapped and have a way to authenticate as the admin user automatically from within the same process?

Yeah this is something we need to do. I have not figured out any good means to do
this at the present moment.  I guess if we had the security manager stuff in place we could
find a way to determine if certain code can just run as admin.  The problem is that any
user can add a SP and execute it to gain admin access without using a security manager.

We have to figure something out here.  Sorry for not having a clear solution in mind.