directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David R Robison <drrobi...@openroadsconsulting.com>
Subject Re: Problems setting up ApacheDS 1.5.4 as a Kerberos Server
Date Mon, 23 Feb 2009 21:21:20 GMT
I modified the KerberosProtocolHandler to test if the "codec" filter was
previously added to the filter chain:

    public void sessionCreated( IoSession session ) throws Exception
    {
        if ( log.isDebugEnabled() )
        {
            log.debug( "{} CREATED:  {}", session.getRemoteAddress(),
session.getTransportMetadata() );
        }

        if ( session.getTransportMetadata().isConnectionless() )
        {
            if (session.getFilterChain().get("codec") == null)
session.getFilterChain().addFirst( "codec",
                new ProtocolCodecFilter(
KerberosUdpProtocolCodecFactory.getInstance() ) );
        }
        else
        {
            if (session.getFilterChain().get("codec") == null)
session.getFilterChain().addFirst( "codec",
                new ProtocolCodecFilter(
KerberosTcpProtocolCodecFactory.getInstance() ) );
        }
    }

Not I get a new error:

[16:03:34] WARN
[org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler]
- Client not found in Kerberos database (6)
org.apache.directory.server.kerberos.shared.exceptions.KerberosException:
Client not found in Kerberos database
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:747)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getClientEntry(AuthenticationService.java:152)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.execute(AuthenticationService.java:103)
    at
org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:156)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:722)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:48)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:802)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter$ProtocolDecoderOutputImpl.flush(ProtocolCodecFilter.java:392)
    at
org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:228)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:48)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:802)
    at
org.apache.mina.core.filterchain.IoFilterAdapter.messageReceived(IoFilterAdapter.java:120)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
    at
org.apache.mina.core.filterchain.DefaultIoFilterChain.fireMessageReceived(DefaultIoFilterChain.java:426)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.readHandle(AbstractPollingConnectionlessIoAcceptor.java:417)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.processReadySessions(AbstractPollingConnectionlessIoAcceptor.java:388)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor.access$600(AbstractPollingConnectionlessIoAcceptor.java:57)
    at
org.apache.mina.core.polling.AbstractPollingConnectionlessIoAcceptor$Acceptor.run(AbstractPollingConnectionlessIoAcceptor.java:341)
    at
org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:65)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown
Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: org.apache.directory.shared.ldap.NotImplementedException: N
O T   I M P L E M E N T E D   Y E T !
    at
org.apache.directory.server.kerberos.shared.store.DirectoryPrincipalStore.getPrincipal(DirectoryPrincipalStore.java:95)
    at
org.apache.directory.server.kerberos.kdc.authentication.AuthenticationService.getEntry(AuthenticationService.java:743)
    ... 23 more

Does this mean that the Kerberos servier in 1.5.5-SNAPSHOT is not
presently implemented? Am I out of luck at this point?
Thanks, David

David R Robison wrote:
> I'm also getting this error:
> java.lang.ClassCastException: 
> org.apache.mina.core.buffer.SimpleBufferAllocator$SimpleBuffer cannot 
> be cast to 
> org.apache.directory.server.kerberos.shared.messages.KdcRequest
>    at 
> org.apache.directory.server.kerberos.protocol.KerberosProtocolHandler.messageReceived(KerberosProtocolHandler.java:140)

>
> Any thoughts? David
>
> David R Robison wrote:
>> I'm now getting a new error:
>>
>> java.lang.IllegalArgumentException: Other filter is using the same 
>> name 'codec'
>>
>> It looks like both the KdcServer and KerberosProtocolHandler classes 
>> define that codec. Should it only be done in one place?
>> David
>>
>> David R Robison wrote:
>>> Well, I finally got the kdcServer to startup, I'm proceeding with 
>>> testing against it. The problem was that the kdcServer element in 
>>> the server.xml file needed id="kdcServer"
>>> David
>>>
>>> David R Robison wrote:
>>>> I have. I also tried to give the kdcServer an Id and reference it 
>>>> in the apacheDS element:
>>>>
>>>>  <kdcServer id="kdcServer">
>>>>    <tcpTransport>
>>>>      <tcpTransport port="88" nbThreads="4" backLog="50"/>
>>>>    </tcpTransport>
>>>>    <udpTransport>
>>>>      <udpTransport port="88" nbThreads="4" backLog="50"/>
>>>>    </udpTransport>
>>>>    <directoryService>#directoryService</directoryService>
>>>>  </kdcServer>
>>>> ...
>>>>  <apacheDS id="apacheDS"
>>>>            synchPeriodMillis="15000"
>>>>            allowAnonymousAccess="false">
>>>>
>>>>    <directoryService>#directoryService</directoryService>
>>>>    <ldapService>#ldapService</ldapService>
>>>>    <ldapsService>#ldapsService</ldapsService>
>>>>    <kdcServer>#kdcServer</kdcServer>
>>>>          <!-- We load the orci root context entry here -->
>>>>    
>>>> <ldifDirectory>../instances/default/conf/orciRoot.ldif</ldifDirectory>
>>>>  </apacheDS>
>>>>
>>>> but then it complains that the kdcServer is not a valid property of 
>>>> the apacheDS element. My guess is that the kdcServer needs to be 
>>>> references somewhere else, but I'm not sure where. David
>>>>
>>>> Emmanuel Lecharny wrote:
>>>>> On Mon, Feb 23, 2009 at 5:11 PM, David R Robison
>>>>> <drrobison@openroadsconsulting.com> wrote:
>>>>>  
>>>>>> I copied the following files to the lib directory of the DS 
>>>>>> install and
>>>>>> restarted the server.
>>>>>> bcprov-ext-jdk16-141.jar
>>>>>> bcprov-jdk16-141.jar
>>>>>> Things seem to run OK, but the Kerberos server still does not 
>>>>>> seem to want
>>>>>> to start up. Here is the log.
>>>>>>     
>>>>>
>>>>> Have you uncommented the kerberos part in the server.xml file ?
>>>>>
>>>>>   <!--
>>>>>   +============================================================+
>>>>>   | Kerberos server configuration                              |
>>>>>   +============================================================+
>>>>>   -->
>>>>>   <!--  missing atou=users,dc=example,dc=com
>>>>> <--------------------- here, remove the starting comment
>>>>>   <kdcServer>
>>>>>     <tcpTransport>
>>>>>       <tcpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>>     </tcpTransport>
>>>>>     <udpTransport>
>>>>>       <udpTransport port="60088" nbThreads="4" backLog="50"/>
>>>>>     </udpTransport>
>>>>>     <directoryService>#directoryService</directoryService>
>>>>>   </kdcServer>
>>>>> -->
>>>>>
>>>>> I must tell you that the Kerberos server is really in an hazardous
>>>>> state, atm. It _may_ work, but there are no guarantee :/
>>>>>
>>>>>   
>>>>
>>>
>>
>

-- 

David R Robison
Open Roads Consulting, Inc.
103 Watson Road, Chesapeake, VA 23320
phone: (757) 546-3401
e-mail: drrobison@openroadsconsulting.com
web: http://openroadsconsulting.com
blog: http://therobe.blogspot.com
book: http://www.xulonpress.com/book_detail.php?id=2579

This e-mail communication (including any attachments) may contain 
confidential and/or privileged material intended solely for the 
individual or entity to which it is addressed.  If you are not the 
intended recipient, you should immediately stop reading this message and 
delete it from all computers that it resides on. Any unauthorized 
reading, distribution, copying or other use of this communication (or 
its attachments) is strictly prohibited.  If you have received this 
communication in error, please notify us immediately.









Mime
View raw message