directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adi Pinhasi <adipinh...@gmail.com>
Subject Configure embedded apacheDS to write logs
Date Wed, 07 Nov 2012 07:08:14 GMT
Hi guys,

I'm using an ancient apacheDS 1.02 embedded in my java app and it works
just great.
Lately, some external 3rd party app which tries to run a search on all the
dir root context is hung.
I'm trying to see what's going on on the ldap server side, so I looked for
the logs, but there none.
I'm setting the working directory via
cfg.setWorkingDirectory("some-directory") and apacheDS created the "system"
dir underneath
but no other dirs and no log files seen.
How can I configure it to write logs?

My code:

public class DirectoryServer implements Runnable {

    public static final String MONITOR_CONTEXT = "DirectoryServer";
    public static final int DIRECTORY_SERVER_PORT = 389;

    public static final String ENV_SRVR_PROVIDER_URL = "";
    public static final String ENV_SRVR_CONTEXT_FACTORY =
"org.apache.directory.server.jndi.ServerContextFactory";
    public static final String ENV_CLIENT_PROVIDER_BASE_URL =
"ldap://ldap-server/";
    public static final String ENV_CLIENT_PROVIDER_ANUSERS_URL =
"ldap://ldap-server/ou=anUsers,ou=system";
    public static final String ENV_CLIENT_CONTEXT_FACTORY =
"com.sun.jndi.ldap.LdapCtxFactory";
    public static final String ENV_SECURITY_PRINCIPAL =
"uid=admin,ou=system";
    public static final String ENV_SECURITY_CREDENTIALS = "secret";
    public static final String ENV_SECURITY_AUTHENTICATION = "simple";

    public static final String USERS_CONTEXT = "ou=anUsers,ou=system";

    public static final String UID_ATTR = "uid";
    public static final String UNAME_ATTR = "cn";
    public static final String SNAME_ATTR = "sn";
    public static final String PSWD_ATTR = "userPassword";
    public static final String ENTITY_TYPE_ATTR = "employeeType";
    public static final String ENTITY_ID_ATTR = "employeeNumber";
    public static final String SHOW_DATA_FROM_DATE_ATTR =
"departmentNumber";

    private boolean shutdownRequested;


    public static void main(String[] args) {
        DirectoryServer ds = new DirectoryServer();
        MessageCenter.listen(MessageCenter.DIRECTORY_SERVER_LISTENER_PORT,
ds);
        new Thread(ds).start();
    }

    private Hashtable createEnv() {
        Hashtable env = new Properties();
        env.put(Context.PROVIDER_URL, ENV_SRVR_PROVIDER_URL);
        env.put(Context.INITIAL_CONTEXT_FACTORY, ENV_SRVR_CONTEXT_FACTORY);
        env.put(Context.SECURITY_PRINCIPAL, ENV_SECURITY_PRINCIPAL);
        env.put(Context.SECURITY_CREDENTIALS, ENV_SECURITY_CREDENTIALS);
        env.put(Context.SECURITY_AUTHENTICATION,
ENV_SECURITY_AUTHENTICATION);
        return env;
    }

    /**
     * Starts up down the embedded ApacheDS server
     */
    private DirectoryServer() {
        try {
            String dsDir = Profiler.getSingleton().getString("State.Root")
+ File.separator + "directory-server";
            File workingDir = new File(dsDir);

            MutableServerStartupConfiguration cfg = new
MutableServerStartupConfiguration();
            cfg.setWorkingDirectory(workingDir);
            cfg.setEnableNetworking(true);
            cfg.setLdapPort(DIRECTORY_SERVER_PORT);
            cfg.setAllowAnonymousAccess(false);
            cfg.setAccessControlEnabled(true);
            cfg.setEnableChangePassword(true);

            // Start the Server
            Hashtable env = createEnv();
            env.putAll(cfg.toJndiEnvironment());
            DirContext initialDirContext = new InitialDirContext(env);

            // Get a reference to the anUsers context. If not exist, create
it:
            BasicAttributes ouAttrs = new BasicAttributes(true);
            Attribute ouObjClassAttr = new BasicAttribute("objectClass");
            ouObjClassAttr.add("organizationalUnit");
            ouObjClassAttr.add("top");
            ouAttrs.put(ouObjClassAttr);
            DirContext anUsersContext;
            try {
                anUsersContext =
(DirContext)initialDirContext.createSubcontext(USERS_CONTEXT, ouAttrs);
            }catch (LdapNameAlreadyBoundException e) {
                // The anUsers subcontext already exists (server started
from cache): get a refernce to the context
                anUsersContext =
(DirContext)initialDirContext.lookup(USERS_CONTEXT);
            }

            // To enable search permission to all users, we create an
Adminsitartive area and a subEntry
            // inside the anUsers context:

            // Lookup the administrativeRole specifically since it is
operational
            Attributes ap = anUsersContext.getAttributes( "", new String[]
{ "administrativeRole" } );
            Attribute administrativeRole = ap.get( "administrativeRole" );

            // If it does not exist or has no ACSA value then add the
attribute
            if ( administrativeRole == null || !
administrativeRole.contains( "accessControlSpecificArea" ) ) {
              Attributes changes = new BasicAttributes(
"administrativeRole", "accessControlSpecificArea", true );
              anUsersContext.modifyAttributes( "",
DirContext.ADD_ATTRIBUTE, changes );
            }

            // now add the A/C subentry below "ou=anUser,ou=system":
            Attributes subentry = new BasicAttributes( UNAME_ATTR,
"enableSearchForAllUsers", true );
            Attribute objectClass = new BasicAttribute( "objectClass" );
            subentry.put( objectClass );
            objectClass.add( "top" );
            objectClass.add( "subentry" );
            objectClass.add( "accessControlSubentry" );
            subentry.put( "subtreeSpecification", "{}" );
            subentry.put( "prescriptiveACI",
                          "{ \n" +
                          "  identificationTag
\"enableSearchForAllUsers\",\n" +
                          "  precedence 14,\n" +
                          "  authenticationLevel simple,\n" +
                          "  itemOrUserFirst userFirst: \n" +
                          "  { \n" +
                          "    userClasses { allUsers }, \n" +
//                          "    userClasses { userGroup {
\"ou=anUsers,ou=system\" } }, \n" +
                          "    userPermissions \n" +
                          "    { \n" +
                          "      {\n" +
                          "        protectedItems {entry,
allUserAttributeTypesAndValues}, \n" +
                          "        grantsAndDenials { grantRead,
grantReturnDN, grantBrowse } \n" +
                          "      }\n" +
                          "    } \n" +
                          "  } \n" +
                          "}" );
            try {
                anUsersContext.createSubcontext(
UNAME_ATTR+"=enableSearchForAllUsers", subentry );
            }catch (LdapNameAlreadyBoundException e) {
                // The enableSearch subentry already exists (server started
from cache): Do nothing
            }


            // Get all users from db and update the server:
            ArrayList<UserProperties> allUsers = GetAllUsers.getUsers();
            for (UserProperties user : allUsers) {
                if (user.status == an.manage.BaseEntity.STATUS_VALID) {
                    // We have a valid user. Rebind it to server. If
already exists, it will be
                    // updated. If not, it will be added.

                    BasicAttributes attributes = new BasicAttributes(true);

                    Attribute objClassAttr = new
BasicAttribute("objectClass");
                    objClassAttr.add("inetOrgPerson");
                    objClassAttr.add("organizationalPerson");
                    objClassAttr.add("top");

                    Attribute uidAttr = new BasicAttribute(UID_ATTR);
                    uidAttr.add(user.name);
                    Attribute cnAttr = new BasicAttribute(UNAME_ATTR);
                    cnAttr.add(user.name);
                    Attribute snAttr = new BasicAttribute(SNAME_ATTR);
                    snAttr.add(user.surname);
                    Attribute userPsswdAttr = new BasicAttribute(PSWD_ATTR);
                    userPsswdAttr.add(user.password);
                    Attribute entityTypeAttr = new
BasicAttribute(ENTITY_TYPE_ATTR);
                    entityTypeAttr.add(user.entityType);
                    Attribute entityIdAttr = new
BasicAttribute(ENTITY_ID_ATTR);
                    entityIdAttr.add(user.entityId);
                    Attribute showDataFromDateAttr = new
BasicAttribute(SHOW_DATA_FROM_DATE_ATTR);
                    showDataFromDateAttr.add(user.showDataFromDate);

                    attributes.put(objClassAttr);
                    attributes.put(uidAttr);
                    attributes.put(cnAttr);
                    attributes.put(snAttr);
                    attributes.put(userPsswdAttr);
                    attributes.put(entityIdAttr);
                    attributes.put(entityTypeAttr);
                    attributes.put(showDataFromDateAttr);

                    try {
                        anUsersContext.rebind(UNAME_ATTR+'='+user.name,
null, attributes);
                    }catch (LdapNameNotFoundException e) {
                        anUsersContext.bind(UNAME_ATTR+'='+user.name, null,
attributes);
                    } catch (NamingException e) {
                        Monitor.log(MONITOR_CONTEXT, Monitor.ERROR, "Could
not bind user: "+user.name);
                        Monitor.log(MONITOR_CONTEXT, Monitor.ERROR, e);
                    }
                }
                else {
                    // We have a deleted user. Unbind it from server. If
exists, it will be removed.
                    // If not (shouldn't happen) the exception is caught
and we keep on going.
                    try {
                        anUsersContext.unbind(UNAME_ATTR+'='+user.name);
                    }catch (NameNotFoundException e) {
                        Monitor.log(MONITOR_CONTEXT, Monitor.ERROR, "Could
not unbind invalid user - "+user.name+ " - from server. User wasn't in
server!");
                        Monitor.log(MONITOR_CONTEXT, Monitor.ERROR, e);
                    }
                }
            }


        } catch (Exception e) {
            Monitor.log(MONITOR_CONTEXT, Monitor.ERROR, "Exception while
starting Directory Server:");
            Monitor.log(MONITOR_CONTEXT, Monitor.ERROR, e);
            throw new RuntimeException(e);
        }
    }



Thanks!

Adi

Mime
View raw message