directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Suriarachchi <amilasuriarach...@gmail.com>
Subject Re: persisting subentries
Date Wed, 03 Mar 2010 10:03:23 GMT
On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <elecharny@gmail.com>wrote:

> Can you try to call the DirectoryService sync() method before closing the
> server ? Data are flushed on disk every 15 secondes by defaultn that could
> explain why you don't get your data persisted (this is configured, and if
> you set the default value to 0, everything is flushed immediately, at the
> price of a slower server)


I set the sync time to 0. but still have the problem.

As I can see this entry is can be seen if I access it with

ServerEntry adminACLEntry =
this.directoryService.getAdminSession().lookup(adminACLEntrydn);

but for some reason it seems to be not working.

If I try to delete it, it gives a null pointer exception here.
(SubEntryInterceptor.java 599)

 if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
        {
            SubtreeSpecification ss = subentryCache.removeSubentry(
name.toNormName() ).getSubtreeSpecification();
            next.delete( opContext );

at this point subentryCache is empty.

thanks,
Amila.



>
> On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
>
>> hi all,
>>
>> In our code we programatically add partitions to embeded Apache DS server
>> with the following code
>>
>> JdbmPartition partition = addNewPartition(tenant);
>>
>>         try {
>>             this.directoryService.addPartition(partition);
>>             try {
>>
>> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
>>             } catch (Exception e) {
>>                 LdapDN tenantdn = new
>> LdapDN(getTenantSuffix(tenant.getDomain()));
>>                 ServerEntry tenantEntry =
>> this.directoryService.newEntry(tenantdn);
>>                 tenantEntry.add("objectClass", "top", "organization",
>> "extensibleObject");
>>                 tenantEntry.add("o", tenant.getDomain());
>>                 tenantEntry.add("manager", "uid=" + tenant.getAdminName()
>> +
>> "," + partition.getSuffix());
>>                 tenantEntry.add("administrativeRole",
>> "accessControlSpecificArea");
>>
>>                 this.directoryService.getAdminSession().add(tenantEntry);
>>
>>                 addAdminACLEntry(tenant, partition.getSuffix());
>>                 addAdmin(tenant, partition.getSuffix());
>>
>>                 LdapDN usersdn = new LdapDN("ou=users," +
>> partition.getSuffixDn());
>>                 ServerEntry usersEntry =
>> this.directoryService.newEntry(usersdn);
>>                 usersEntry.add("objectClass", "organizationalUnit",
>> "top");
>>                 usersEntry.add("ou", "users");
>>
>>                 this.directoryService.getAdminSession().add(usersEntry);
>>
>>             }
>>         } catch (Exception e) {
>>             throw new UserStoreException("Could not add the partition ",
>> e);
>>         }
>>         return tenant.getId();
>>
>> addAdminACLEntry method looks like this,
>>
>>  private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
>> Exception {
>>         //add the permission entry
>>         LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
>> tenantSufix);
>>         ServerEntry adminACLEntry =
>> directoryService.newEntry(adminACLEntrydn);
>>         adminACLEntry.add("objectClass", "accessControlSubentry",
>> "subentry", "top");
>>         adminACLEntry.add("cn", "adminACLEntry");
>>         adminACLEntry.add("prescriptiveACI", "{ identificationTag
>> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
>>                 "itemOrUserFirst userFirst: { userClasses { name { \"uid="
>> +
>> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
>>                 "userPermissions { { protectedItems { entry,
>> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
>> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
>> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
>> grantExport, grantDiscloseOnError } } } } }");
>>         adminACLEntry.add("subtreeSpecification", "{ }");
>>
>>         directoryService.getAdminSession().add(adminACLEntry);
>>     }
>>
>> this adminACLEntry is used to give the access rights to admin user to
>> other
>> entries in the partition.
>>
>> Every thing works fine. i.e. when I log in as the partition admin user I
>> can
>> see the other entries of the partition.
>>
>> If I stop the Embeded server and start it then the newly added partition
>> is
>> not visible. This can be fixed by adding the partition again
>>
>> i.e.
>>
>>  public void addPartitionToTenant(Tenant tenant) throws UserStoreException
>> {
>>         try {
>>             this.directoryService.addPartition(addNewPartition(tenant));
>>             this.directoryService.sync();
>>         } catch (Exception e) {
>>             throw new UserStoreException("Can not add the new partition ",
>> e);
>>         }
>>     }
>>
>> but after this when I log in as the admin user I can't see the other
>> entries. However this entry is exists in the Adminsession.
>>
>> i.e
>> String tenantSufix = getTenantSuffix(tenant.getDomain());
>>             LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
>> tenantSufix);
>>             ServerEntry adminACLEntry =
>> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
>>
>> returns the correct an entry for adminACLEntry. however I can not delete
>> this entry and if I tried so it gives a null pointer exception.
>>
>> i.e.
>> at
>>
>> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
>>     at
>>
>> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>>     at
>>
>> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
>>     at
>>
>> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>>
>> Does ApacheDS persists accessControlSubentries ?
>>
>> Do I have to set any other attribute in order to do so?
>>
>> thanks,
>> Amila.
>>
>>
>>
>>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel L├ęcharny
> www.nextury.com
>
>
>


-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message