There was another thread on exactly this problem. I recommend you proceed like so for now:
(1) get a handle on the DirectoryService
(2) access the attributeType registry via directoryService.getRegistries().getAttributeTypeRegistry()
(3) from the attribute type registry access the normalizer map getNormalizerMap() or something like that
(4) feed this into the dn.normalize() method of the dn you feed into LdapPrincipal
The reason for all this is that a normalized DN is required in the LdapPrincipal so the server can properly check and compare DNs for various housekeeping operations and things like authorization and authentication. If the DN is not normalized then these operations will not correctly evaluate. This is why an exception is thrown to stop unsuspecting users.
We do need to figure out a better way to handle this but until then this sequence above should work.
Update:Changing the code to this seems to work:LdapDN dn = new LdapDN();
dn.add( ServerDNConstants.ADMIN_SYSTEM_DN );
LdapPrincipal admin = new LdapPrincipal( dn, AuthenticationLevel.STRONG );this is because the empty constructor sets isNormailized to true!This smells like a work-around not a fix... anyone care to comment?Thanks- SimonTHiI can't start a 1.5.2 server via the ApacheDS class:LdapPrincipal admin = new LdapPrincipal( new LdapDN( ServerDNConstants.ADMIN_SYSTEM_DN ), AuthenticationLevel.STRONG );java.lang.IllegalStateException: Names used for principals must be normalized!
at org.apache.directory.server.configuration.ApacheDS.startup(ApacheDS.java:95)Will it work if the code is changed to use ServerDNConstants.ADMIN_SYSTEM_DN_NORMALIZED?- SimonT