directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Xu Yaning (JIRA)" <>
Subject [jira] [Commented] (DIRKRB-303) Define Ldap schema for LdapBackendIdentity
Date Thu, 18 Jun 2015 06:57:01 GMT


Xu Yaning commented on DIRKRB-303:

Thanks Kiran for your advice. I've use {{krb5KeyVersionNumber}} to store {{keyVersion}}. A
solution is to store both {{keyVersion}} and {{krb5kvno}} in {{krb5KeyVersionNumber}}. Another
question is, I've tried to use {{createTimestamp}}, however, when I try to get the attribute,
it returns {{null}}. The code is as follows.
 protected KrbIdentity doAddIdentity(KrbIdentity identity) {
        String principalName = identity.getPrincipalName();
        String[] names = principalName.split("@");
        String uid = names[0];
        Entry entry = new DefaultEntry();
        KeysInfo keysInfo = new KeysInfo(identity);
        try {
            Dn dn = new Dn(new Rdn("uid", uid), new Dn(BASE_DN));
            entry.add("objectClass", "top", "person", "inetOrgPerson", "krb5principal", "krb5kdcentry");
            entry.add("cn", names[0]);
            entry.add( "sn", names[0]);
            entry.add(KerberosAttribute.KRB5_KEY_AT, keysInfo.getKeys());//keyData stored
in krb5Key
            entry.add( "krb5EncryptionType", keysInfo.getEtypes());
            entry.add("givenName", keysInfo.getKvnos());//kvno stored in attribute givenName
            entry.add( KerberosAttribute.KRB5_PRINCIPAL_NAME_AT, principalName);
            entry.add( KerberosAttribute.KRB5_KEY_VERSION_NUMBER_AT, identity.getKeyVersion()
+ "");
            entry.add( "krb5KDCFlags", "" + identity.getKdcFlags());
            entry.add( KerberosAttribute.KRB5_ACCOUNT_DISABLED_AT, "" + identity.isDisabled());
            // createTime stored in krb5ValidStart attribute
            entry.add( "createTimestamp",
            entry.add(KerberosAttribute.KRB5_ACCOUNT_LOCKEDOUT_AT, "" + identity.isLocked());
            entry.add( KerberosAttribute.KRB5_ACCOUNT_EXPIRATION_TIME_AT,
            System.out.println(connection.lookup(dn).get("createTimestamp"));//return null
        } catch (LdapInvalidDnException e) {
        } catch (LdapException e) {
        } catch (Exception e) {
        return identity;
Is there something I need to do to solve this?

> Define Ldap schema for LdapBackendIdentity
> ------------------------------------------
>                 Key: DIRKRB-303
>                 URL:
>             Project: Directory Kerberos
>          Issue Type: New Feature
>            Reporter: Xu Yaning
> Since there are some attributes the built-in shema in ApacheDS doesn't support. It's
better to define a new schema for Kerby.

This message was sent by Atlassian JIRA

View raw message