directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Suriarachchi <amilasuriarach...@gmail.com>
Subject Re: persisting subentries
Date Wed, 03 Mar 2010 11:07:01 GMT
On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <ersin.er@gmail.com> wrote:

> If the partition has not been appropriately initialized during startup, the
> subentryCache may not have been filled up with existing subentries'
> information. So trying to remove an non-existent entry from the cache can
> result in NPE.
>
> However I am not sure as I do not know exactly which like is the 599th one.
>
> If I am correct you need to solve the problem of partition initialization
> first. This may not be really directly related to Subentries or Access
> Control Subsystem.
>

if I create a partition programatically, does ApacheDS suppose to save the
partition and make
that available at the re start of the server?

thanks,
Amila.

>
> On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> amilasuriarachchi@gmail.com> wrote:
>
> > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <elecharny@gmail.com
> > >wrote:
> >
> > > Can you try to call the DirectoryService sync() method before closing
> the
> > > server ? Data are flushed on disk every 15 secondes by defaultn that
> > could
> > > explain why you don't get your data persisted (this is configured, and
> if
> > > you set the default value to 0, everything is flushed immediately, at
> the
> > > price of a slower server)
> >
> >
> > I set the sync time to 0. but still have the problem.
> >
> > As I can see this entry is can be seen if I access it with
> >
> > ServerEntry adminACLEntry =
> > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> >
> > but for some reason it seems to be not working.
> >
> > If I try to delete it, it gives a null pointer exception here.
> > (SubEntryInterceptor.java 599)
> >
> >  if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> >        {
> >            SubtreeSpecification ss = subentryCache.removeSubentry(
> > name.toNormName() ).getSubtreeSpecification();
> >            next.delete( opContext );
> >
> > at this point subentryCache is empty.
> >
> > thanks,
> > Amila.
> >
> >
> >
> > >
> > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > >
> > >> hi all,
> > >>
> > >> In our code we programatically add partitions to embeded Apache DS
> > server
> > >> with the following code
> > >>
> > >> JdbmPartition partition = addNewPartition(tenant);
> > >>
> > >>         try {
> > >>             this.directoryService.addPartition(partition);
> > >>             try {
> > >>
> > >>
> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > >>             } catch (Exception e) {
> > >>                 LdapDN tenantdn = new
> > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > >>                 ServerEntry tenantEntry =
> > >> this.directoryService.newEntry(tenantdn);
> > >>                 tenantEntry.add("objectClass", "top", "organization",
> > >> "extensibleObject");
> > >>                 tenantEntry.add("o", tenant.getDomain());
> > >>                 tenantEntry.add("manager", "uid=" +
> > tenant.getAdminName()
> > >> +
> > >> "," + partition.getSuffix());
> > >>                 tenantEntry.add("administrativeRole",
> > >> "accessControlSpecificArea");
> > >>
> > >>
> > this.directoryService.getAdminSession().add(tenantEntry);
> > >>
> > >>                 addAdminACLEntry(tenant, partition.getSuffix());
> > >>                 addAdmin(tenant, partition.getSuffix());
> > >>
> > >>                 LdapDN usersdn = new LdapDN("ou=users," +
> > >> partition.getSuffixDn());
> > >>                 ServerEntry usersEntry =
> > >> this.directoryService.newEntry(usersdn);
> > >>                 usersEntry.add("objectClass", "organizationalUnit",
> > >> "top");
> > >>                 usersEntry.add("ou", "users");
> > >>
> > >>
> this.directoryService.getAdminSession().add(usersEntry);
> > >>
> > >>             }
> > >>         } catch (Exception e) {
> > >>             throw new UserStoreException("Could not add the partition
> ",
> > >> e);
> > >>         }
> > >>         return tenant.getId();
> > >>
> > >> addAdminACLEntry method looks like this,
> > >>
> > >>  private void addAdminACLEntry(Tenant tenant, String tenantSufix)
> throws
> > >> Exception {
> > >>         //add the permission entry
> > >>         LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> > >> tenantSufix);
> > >>         ServerEntry adminACLEntry =
> > >> directoryService.newEntry(adminACLEntrydn);
> > >>         adminACLEntry.add("objectClass", "accessControlSubentry",
> > >> "subentry", "top");
> > >>         adminACLEntry.add("cn", "adminACLEntry");
> > >>         adminACLEntry.add("prescriptiveACI", "{ identificationTag
> > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
> > >>                 "itemOrUserFirst userFirst: { userClasses { name {
> > \"uid="
> > >> +
> > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > >>                 "userPermissions { { protectedItems { entry,
> > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> > >> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
> > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > >> grantExport, grantDiscloseOnError } } } } }");
> > >>         adminACLEntry.add("subtreeSpecification", "{ }");
> > >>
> > >>         directoryService.getAdminSession().add(adminACLEntry);
> > >>     }
> > >>
> > >> this adminACLEntry is used to give the access rights to admin user to
> > >> other
> > >> entries in the partition.
> > >>
> > >> Every thing works fine. i.e. when I log in as the partition admin user
> I
> > >> can
> > >> see the other entries of the partition.
> > >>
> > >> If I stop the Embeded server and start it then the newly added
> partition
> > >> is
> > >> not visible. This can be fixed by adding the partition again
> > >>
> > >> i.e.
> > >>
> > >>  public void addPartitionToTenant(Tenant tenant) throws
> > UserStoreException
> > >> {
> > >>         try {
> > >>
> this.directoryService.addPartition(addNewPartition(tenant));
> > >>             this.directoryService.sync();
> > >>         } catch (Exception e) {
> > >>             throw new UserStoreException("Can not add the new
> partition
> > ",
> > >> e);
> > >>         }
> > >>     }
> > >>
> > >> but after this when I log in as the admin user I can't see the other
> > >> entries. However this entry is exists in the Adminsession.
> > >>
> > >> i.e
> > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > >>             LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
> > >> tenantSufix);
> > >>             ServerEntry adminACLEntry =
> > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > >>
> > >> returns the correct an entry for adminACLEntry. however I can not
> delete
> > >> this entry and if I tried so it gives a null pointer exception.
> > >>
> > >> i.e.
> > >> at
> > >>
> > >>
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > >>     at
> > >>
> > >>
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > >>     at
> > >>
> > >>
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > >>     at
> > >>
> > >>
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > >>
> > >> Does ApacheDS persists accessControlSubentries ?
> > >>
> > >> Do I have to set any other attribute in order to do so?
> > >>
> > >> thanks,
> > >> Amila.
> > >>
> > >>
> > >>
> > >>
> > >
> > >
> > > --
> > > Regards,
> > > Cordialement,
> > > Emmanuel L├ęcharny
> > > www.nextury.com
> > >
> > >
> > >
> >
> >
> > --
> > Amila Suriarachchi
> > WSO2 Inc.
> > blog: http://amilachinthaka.blogspot.com/
> >
>
>
>
> --
> Ersin ER
> http://www.ersiner.net
>



-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message