directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Amila Suriarachchi <amilasuriarach...@gmail.com>
Subject Re: persisting subentries
Date Fri, 05 Mar 2010 05:51:29 GMT
hi,

I used the following code to initialise the interceptors and it worked fine.

List<Interceptor> interceptors = this.directoryService.getInterceptors();
            for (Interceptor interceptor : interceptors) {
                interceptor.init(this.directoryService);
            }

thanks a lot.

Amila.

On Wed, Mar 3, 2010 at 5:01 PM, Ersin Er <ersin.er@gmail.com> wrote:

> If I am not mistaken, ApacheDS cannot lookup for exising partitions during
> startup. You need to specify even existing partitions as a configuration
> parameter. That's why such a section exists in server.xml. In case of
> embedding I guess you need to add the partition on each startup. Adding a
> partition means making the server aware of it. After adding it you can
> check
> whether the root entry exists and also add it if necessary (which means the
> partition is being created for the first time).
>
> BTW, both the partition and the interceptor chain needs to be initialized
> correctly and also the chain should include Subentry and ACI Authorization
> interceptors in your case.
>
> On Wed, Mar 3, 2010 at 13:07, Amila Suriarachchi <
> amilasuriarachchi@gmail.com> wrote:
>
> > On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <ersin.er@gmail.com> wrote:
> >
> > > If the partition has not been appropriately initialized during startup,
> > the
> > > subentryCache may not have been filled up with existing subentries'
> > > information. So trying to remove an non-existent entry from the cache
> can
> > > result in NPE.
> > >
> > > However I am not sure as I do not know exactly which like is the 599th
> > one.
> > >
> > > If I am correct you need to solve the problem of partition
> initialization
> > > first. This may not be really directly related to Subentries or Access
> > > Control Subsystem.
> > >
> >
> > if I create a partition programatically, does ApacheDS suppose to save
> the
> > partition and make
> > that available at the re start of the server?
> >
> > thanks,
> > Amila.
> >
> > >
> > > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> > > amilasuriarachchi@gmail.com> wrote:
> > >
> > > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <
> elecharny@gmail.com
> > > > >wrote:
> > > >
> > > > > Can you try to call the DirectoryService sync() method before
> closing
> > > the
> > > > > server ? Data are flushed on disk every 15 secondes by defaultn
> that
> > > > could
> > > > > explain why you don't get your data persisted (this is configured,
> > and
> > > if
> > > > > you set the default value to 0, everything is flushed immediately,
> at
> > > the
> > > > > price of a slower server)
> > > >
> > > >
> > > > I set the sync time to 0. but still have the problem.
> > > >
> > > > As I can see this entry is can be seen if I access it with
> > > >
> > > > ServerEntry adminACLEntry =
> > > > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > >
> > > > but for some reason it seems to be not working.
> > > >
> > > > If I try to delete it, it gives a null pointer exception here.
> > > > (SubEntryInterceptor.java 599)
> > > >
> > > >  if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > > >        {
> > > >            SubtreeSpecification ss = subentryCache.removeSubentry(
> > > > name.toNormName() ).getSubtreeSpecification();
> > > >            next.delete( opContext );
> > > >
> > > > at this point subentryCache is empty.
> > > >
> > > > thanks,
> > > > Amila.
> > > >
> > > >
> > > >
> > > > >
> > > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > > > >
> > > > >> hi all,
> > > > >>
> > > > >> In our code we programatically add partitions to embeded Apache
DS
> > > > server
> > > > >> with the following code
> > > > >>
> > > > >> JdbmPartition partition = addNewPartition(tenant);
> > > > >>
> > > > >>         try {
> > > > >>             this.directoryService.addPartition(partition);
> > > > >>             try {
> > > > >>
> > > > >>
> > >
> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > > > >>             } catch (Exception e) {
> > > > >>                 LdapDN tenantdn = new
> > > > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > > > >>                 ServerEntry tenantEntry =
> > > > >> this.directoryService.newEntry(tenantdn);
> > > > >>                 tenantEntry.add("objectClass", "top",
> > "organization",
> > > > >> "extensibleObject");
> > > > >>                 tenantEntry.add("o", tenant.getDomain());
> > > > >>                 tenantEntry.add("manager", "uid=" +
> > > > tenant.getAdminName()
> > > > >> +
> > > > >> "," + partition.getSuffix());
> > > > >>                 tenantEntry.add("administrativeRole",
> > > > >> "accessControlSpecificArea");
> > > > >>
> > > > >>
> > > > this.directoryService.getAdminSession().add(tenantEntry);
> > > > >>
> > > > >>                 addAdminACLEntry(tenant, partition.getSuffix());
> > > > >>                 addAdmin(tenant, partition.getSuffix());
> > > > >>
> > > > >>                 LdapDN usersdn = new LdapDN("ou=users," +
> > > > >> partition.getSuffixDn());
> > > > >>                 ServerEntry usersEntry =
> > > > >> this.directoryService.newEntry(usersdn);
> > > > >>                 usersEntry.add("objectClass",
> "organizationalUnit",
> > > > >> "top");
> > > > >>                 usersEntry.add("ou", "users");
> > > > >>
> > > > >>
> > > this.directoryService.getAdminSession().add(usersEntry);
> > > > >>
> > > > >>             }
> > > > >>         } catch (Exception e) {
> > > > >>             throw new UserStoreException("Could not add the
> > partition
> > > ",
> > > > >> e);
> > > > >>         }
> > > > >>         return tenant.getId();
> > > > >>
> > > > >> addAdminACLEntry method looks like this,
> > > > >>
> > > > >>  private void addAdminACLEntry(Tenant tenant, String tenantSufix)
> > > throws
> > > > >> Exception {
> > > > >>         //add the permission entry
> > > > >>         LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry,"
+
> > > > >> tenantSufix);
> > > > >>         ServerEntry adminACLEntry =
> > > > >> directoryService.newEntry(adminACLEntrydn);
> > > > >>         adminACLEntry.add("objectClass", "accessControlSubentry",
> > > > >> "subentry", "top");
> > > > >>         adminACLEntry.add("cn", "adminACLEntry");
> > > > >>         adminACLEntry.add("prescriptiveACI", "{ identificationTag
> > > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple,
"
> +
> > > > >>                 "itemOrUserFirst userFirst: { userClasses { name
{
> > > > \"uid="
> > > > >> +
> > > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > > > >>                 "userPermissions { { protectedItems { entry,
> > > > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
> > > > >> grantFilterMatch, grantModify, grantAdd, grantCompare,
> grantRename,
> > > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > > > >> grantExport, grantDiscloseOnError } } } } }");
> > > > >>         adminACLEntry.add("subtreeSpecification", "{ }");
> > > > >>
> > > > >>         directoryService.getAdminSession().add(adminACLEntry);
> > > > >>     }
> > > > >>
> > > > >> this adminACLEntry is used to give the access rights to admin
user
> > to
> > > > >> other
> > > > >> entries in the partition.
> > > > >>
> > > > >> Every thing works fine. i.e. when I log in as the partition admin
> > user
> > > I
> > > > >> can
> > > > >> see the other entries of the partition.
> > > > >>
> > > > >> If I stop the Embeded server and start it then the newly added
> > > partition
> > > > >> is
> > > > >> not visible. This can be fixed by adding the partition again
> > > > >>
> > > > >> i.e.
> > > > >>
> > > > >>  public void addPartitionToTenant(Tenant tenant) throws
> > > > UserStoreException
> > > > >> {
> > > > >>         try {
> > > > >>
> > > this.directoryService.addPartition(addNewPartition(tenant));
> > > > >>             this.directoryService.sync();
> > > > >>         } catch (Exception e) {
> > > > >>             throw new UserStoreException("Can not add the new
> > > partition
> > > > ",
> > > > >> e);
> > > > >>         }
> > > > >>     }
> > > > >>
> > > > >> but after this when I log in as the admin user I can't see the
> other
> > > > >> entries. However this entry is exists in the Adminsession.
> > > > >>
> > > > >> i.e
> > > > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > > > >>             LdapDN adminACLEntrydn = new
> LdapDN("cn=adminACLEntry,"
> > +
> > > > >> tenantSufix);
> > > > >>             ServerEntry adminACLEntry =
> > > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > >>
> > > > >> returns the correct an entry for adminACLEntry. however I can
not
> > > delete
> > > > >> this entry and if I tried so it gives a null pointer exception.
> > > > >>
> > > > >> i.e.
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > > > >>     at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > >>     at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > > > >>     at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > >>
> > > > >> Does ApacheDS persists accessControlSubentries ?
> > > > >>
> > > > >> Do I have to set any other attribute in order to do so?
> > > > >>
> > > > >> thanks,
> > > > >> Amila.
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Cordialement,
> > > > > Emmanuel L├ęcharny
> > > > > www.nextury.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Amila Suriarachchi
> > > > WSO2 Inc.
> > > > blog: http://amilachinthaka.blogspot.com/
> > > >
> > >
> > >
> > >
> > > --
> > > Ersin ER
> > > http://www.ersiner.net
> > >
> >
> >
> >
> > --
> > Amila Suriarachchi
> > WSO2 Inc.
> > blog: http://amilachinthaka.blogspot.com/
> >
>
>
>
> --
> Ersin ER
> http://www.ersiner.net
>



-- 
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message