directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alex Karasulu" <akaras...@apache.org>
Subject Re: 1.5.2 ApacheDS() loadLdifs Problem
Date Fri, 21 Dec 2007 16:15:04 GMT
There was another thread on exactly this problem.  I recommend you proceed
like so for now:

(1) get a handle on the DirectoryService
(2) access the attributeType registry via directoryService.getRegistries
().getAttributeTypeRegistry()
(3) from the attribute type registry access the normalizer map
getNormalizerMap() or something like that
(4) feed this into the dn.normalize() method of the dn you feed into
LdapPrincipal

The reason for all this is that a normalized DN is required in the
LdapPrincipal so the server can properly check and compare DNs for various
housekeeping operations and things like authorization and authentication.
If the DN is not normalized then these operations will not correctly
evaluate.  This is why an exception is thrown to stop unsuspecting users.

We do need to figure out a better way to handle this but until then this
sequence above should work.

Alex

On Dec 21, 2007 6:26 AM, <Simon.Temple@saaconsultants.com> wrote:

>  Update:
>
> Changing the code to this seems to work:
>
>  LdapDN dn = new LdapDN();
>  dn.add( ServerDNConstants.ADMIN_SYSTEM_DN );
>  LdapPrincipal admin = new LdapPrincipal( dn, AuthenticationLevel.STRONG);
> this is because the empty constructor sets isNormailized to true!
>
> This smells like a work-around not a fix... anyone care to comment?
>
> Thanks
>
> - SimonT
>
> *21 December 2007 10:52
> To: dev@directory.apache.org
> cc:
> From: Simon.Temple@saaconsultants.com
> Subject: 1.5.2 ApacheDS() loadLdifs Problem*
>
> Hi
>
> I can't start a 1.5.2 server via the ApacheDS class:
>
> LdapPrincipal admin = new LdapPrincipal( new LdapDN(
> ServerDNConstants.ADMIN_SYSTEM_DN ), AuthenticationLevel.STRONG );
>
> java.lang.IllegalStateException: Names used for principals must be
> normalized!
>  at org.apache.directory.server.core.authn.LdapPrincipal.<init>(
> LdapPrincipal.java:72)
>  at org.apache.directory.server.configuration.ApacheDS.loadLdifs(
> ApacheDS.java:321)
>  at org.apache.directory.server.configuration.ApacheDS.startup(
> ApacheDS.java:95)
>
> Will it work if the code is changed to use
> ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED?
>
>
> - SimonT
>

Mime
View raw message