directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Suriarachchi <amilasuriarach...@gmail.com>
Subject persisting subentries
Date Wed, 03 Mar 2010 09:31:42 GMT
hi all,

In our code we programatically add partitions to embeded Apache DS server
with the following code

JdbmPartition partition = addNewPartition(tenant);

        try {
            this.directoryService.addPartition(partition);
            try {

this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
            } catch (Exception e) {
                LdapDN tenantdn = new
LdapDN(getTenantSuffix(tenant.getDomain()));
                ServerEntry tenantEntry =
this.directoryService.newEntry(tenantdn);
                tenantEntry.add("objectClass", "top", "organization",
"extensibleObject");
                tenantEntry.add("o", tenant.getDomain());
                tenantEntry.add("manager", "uid=" + tenant.getAdminName() +
"," + partition.getSuffix());
                tenantEntry.add("administrativeRole",
"accessControlSpecificArea");

                this.directoryService.getAdminSession().add(tenantEntry);

                addAdminACLEntry(tenant, partition.getSuffix());
                addAdmin(tenant, partition.getSuffix());

                LdapDN usersdn = new LdapDN("ou=users," +
partition.getSuffixDn());
                ServerEntry usersEntry =
this.directoryService.newEntry(usersdn);
                usersEntry.add("objectClass", "organizationalUnit", "top");
                usersEntry.add("ou", "users");

                this.directoryService.getAdminSession().add(usersEntry);

            }
        } catch (Exception e) {
            throw new UserStoreException("Could not add the partition ", e);
        }
        return tenant.getId();

addAdminACLEntry method looks like this,

 private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
Exception {
        //add the permission entry
        LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
tenantSufix);
        ServerEntry adminACLEntry =
directoryService.newEntry(adminACLEntrydn);
        adminACLEntry.add("objectClass", "accessControlSubentry",
"subentry", "top");
        adminACLEntry.add("cn", "adminACLEntry");
        adminACLEntry.add("prescriptiveACI", "{ identificationTag
\"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
                "itemOrUserFirst userFirst: { userClasses { name { \"uid=" +
tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
                "userPermissions { { protectedItems { entry,
allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
grantExport, grantDiscloseOnError } } } } }");
        adminACLEntry.add("subtreeSpecification", "{ }");

        directoryService.getAdminSession().add(adminACLEntry);
    }

this adminACLEntry is used to give the access rights to admin user to other
entries in the partition.

Every thing works fine. i.e. when I log in as the partition admin user I can
see the other entries of the partition.

If I stop the Embeded server and start it then the newly added partition is
not visible. This can be fixed by adding the partition again

i.e.

 public void addPartitionToTenant(Tenant tenant) throws UserStoreException {
        try {
            this.directoryService.addPartition(addNewPartition(tenant));
            this.directoryService.sync();
        } catch (Exception e) {
            throw new UserStoreException("Can not add the new partition ",
e);
        }
    }

but after this when I log in as the admin user I can't see the other
entries. However this entry is exists in the Adminsession.

i.e
String tenantSufix = getTenantSuffix(tenant.getDomain());
            LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
tenantSufix);
            ServerEntry adminACLEntry =
this.directoryService.getAdminSession().lookup(adminACLEntrydn);

returns the correct an entry for adminACLEntry. however I can not delete
this entry and if I tried so it gives a null pointer exception.

i.e.
at
org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
    at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
    at
org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
    at
org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)

Does ApacheDS persists accessControlSubentries ?

Do I have to set any other attribute in order to do so?

thanks,
Amila.


-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message