directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ersin Er <ersin...@gmail.com>
Subject Re: persisting subentries
Date Fri, 05 Mar 2010 06:50:01 GMT
Hmm, this seems to be a hack :-) But if it works it can be fine for now..

On Fri, Mar 5, 2010 at 07:51, Amila Suriarachchi <
amilasuriarachchi@gmail.com> wrote:

> hi,
>
> I used the following code to initialise the interceptors and it worked
> fine.
>
> List<Interceptor> interceptors = this.directoryService.getInterceptors();
>            for (Interceptor interceptor : interceptors) {
>                interceptor.init(this.directoryService);
>            }
>
> thanks a lot.
>
> Amila.
>
> On Wed, Mar 3, 2010 at 5:01 PM, Ersin Er <ersin.er@gmail.com> wrote:
>
> > If I am not mistaken, ApacheDS cannot lookup for exising partitions
> during
> > startup. You need to specify even existing partitions as a configuration
> > parameter. That's why such a section exists in server.xml. In case of
> > embedding I guess you need to add the partition on each startup. Adding a
> > partition means making the server aware of it. After adding it you can
> > check
> > whether the root entry exists and also add it if necessary (which means
> the
> > partition is being created for the first time).
> >
> > BTW, both the partition and the interceptor chain needs to be initialized
> > correctly and also the chain should include Subentry and ACI
> Authorization
> > interceptors in your case.
> >
> > On Wed, Mar 3, 2010 at 13:07, Amila Suriarachchi <
> > amilasuriarachchi@gmail.com> wrote:
> >
> > > On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <ersin.er@gmail.com> wrote:
> > >
> > > > If the partition has not been appropriately initialized during
> startup,
> > > the
> > > > subentryCache may not have been filled up with existing subentries'
> > > > information. So trying to remove an non-existent entry from the cache
> > can
> > > > result in NPE.
> > > >
> > > > However I am not sure as I do not know exactly which like is the
> 599th
> > > one.
> > > >
> > > > If I am correct you need to solve the problem of partition
> > initialization
> > > > first. This may not be really directly related to Subentries or
> Access
> > > > Control Subsystem.
> > > >
> > >
> > > if I create a partition programatically, does ApacheDS suppose to save
> > the
> > > partition and make
> > > that available at the re start of the server?
> > >
> > > thanks,
> > > Amila.
> > >
> > > >
> > > > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> > > > amilasuriarachchi@gmail.com> wrote:
> > > >
> > > > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <
> > elecharny@gmail.com
> > > > > >wrote:
> > > > >
> > > > > > Can you try to call the DirectoryService sync() method before
> > closing
> > > > the
> > > > > > server ? Data are flushed on disk every 15 secondes by defaultn
> > that
> > > > > could
> > > > > > explain why you don't get your data persisted (this is
> configured,
> > > and
> > > > if
> > > > > > you set the default value to 0, everything is flushed
> immediately,
> > at
> > > > the
> > > > > > price of a slower server)
> > > > >
> > > > >
> > > > > I set the sync time to 0. but still have the problem.
> > > > >
> > > > > As I can see this entry is can be seen if I access it with
> > > > >
> > > > > ServerEntry adminACLEntry =
> > > > > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > >
> > > > > but for some reason it seems to be not working.
> > > > >
> > > > > If I try to delete it, it gives a null pointer exception here.
> > > > > (SubEntryInterceptor.java 599)
> > > > >
> > > > >  if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > > > >        {
> > > > >            SubtreeSpecification ss = subentryCache.removeSubentry(
> > > > > name.toNormName() ).getSubtreeSpecification();
> > > > >            next.delete( opContext );
> > > > >
> > > > > at this point subentryCache is empty.
> > > > >
> > > > > thanks,
> > > > > Amila.
> > > > >
> > > > >
> > > > >
> > > > > >
> > > > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > > > > >
> > > > > >> hi all,
> > > > > >>
> > > > > >> In our code we programatically add partitions to embeded
Apache
> DS
> > > > > server
> > > > > >> with the following code
> > > > > >>
> > > > > >> JdbmPartition partition = addNewPartition(tenant);
> > > > > >>
> > > > > >>         try {
> > > > > >>             this.directoryService.addPartition(partition);
> > > > > >>             try {
> > > > > >>
> > > > > >>
> > > >
> > this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > > > > >>             } catch (Exception e) {
> > > > > >>                 LdapDN tenantdn = new
> > > > > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > > > > >>                 ServerEntry tenantEntry =
> > > > > >> this.directoryService.newEntry(tenantdn);
> > > > > >>                 tenantEntry.add("objectClass", "top",
> > > "organization",
> > > > > >> "extensibleObject");
> > > > > >>                 tenantEntry.add("o", tenant.getDomain());
> > > > > >>                 tenantEntry.add("manager", "uid=" +
> > > > > tenant.getAdminName()
> > > > > >> +
> > > > > >> "," + partition.getSuffix());
> > > > > >>                 tenantEntry.add("administrativeRole",
> > > > > >> "accessControlSpecificArea");
> > > > > >>
> > > > > >>
> > > > > this.directoryService.getAdminSession().add(tenantEntry);
> > > > > >>
> > > > > >>                 addAdminACLEntry(tenant, partition.getSuffix());
> > > > > >>                 addAdmin(tenant, partition.getSuffix());
> > > > > >>
> > > > > >>                 LdapDN usersdn = new LdapDN("ou=users,"
+
> > > > > >> partition.getSuffixDn());
> > > > > >>                 ServerEntry usersEntry =
> > > > > >> this.directoryService.newEntry(usersdn);
> > > > > >>                 usersEntry.add("objectClass",
> > "organizationalUnit",
> > > > > >> "top");
> > > > > >>                 usersEntry.add("ou", "users");
> > > > > >>
> > > > > >>
> > > > this.directoryService.getAdminSession().add(usersEntry);
> > > > > >>
> > > > > >>             }
> > > > > >>         } catch (Exception e) {
> > > > > >>             throw new UserStoreException("Could not add
the
> > > partition
> > > > ",
> > > > > >> e);
> > > > > >>         }
> > > > > >>         return tenant.getId();
> > > > > >>
> > > > > >> addAdminACLEntry method looks like this,
> > > > > >>
> > > > > >>  private void addAdminACLEntry(Tenant tenant, String
> tenantSufix)
> > > > throws
> > > > > >> Exception {
> > > > > >>         //add the permission entry
> > > > > >>         LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry,"
> +
> > > > > >> tenantSufix);
> > > > > >>         ServerEntry adminACLEntry =
> > > > > >> directoryService.newEntry(adminACLEntrydn);
> > > > > >>         adminACLEntry.add("objectClass",
> "accessControlSubentry",
> > > > > >> "subentry", "top");
> > > > > >>         adminACLEntry.add("cn", "adminACLEntry");
> > > > > >>         adminACLEntry.add("prescriptiveACI", "{
> identificationTag
> > > > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel
simple,
> "
> > +
> > > > > >>                 "itemOrUserFirst userFirst: { userClasses
{ name
> {
> > > > > \"uid="
> > > > > >> +
> > > > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > > > > >>                 "userPermissions { { protectedItems { entry,
> > > > > >> allUserAttributeTypesAndValues }, grantsAndDenials {
> grantBrowse,
> > > > > >> grantFilterMatch, grantModify, grantAdd, grantCompare,
> > grantRename,
> > > > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > > > > >> grantExport, grantDiscloseOnError } } } } }");
> > > > > >>         adminACLEntry.add("subtreeSpecification", "{ }");
> > > > > >>
> > > > > >>         directoryService.getAdminSession().add(adminACLEntry);
> > > > > >>     }
> > > > > >>
> > > > > >> this adminACLEntry is used to give the access rights to
admin
> user
> > > to
> > > > > >> other
> > > > > >> entries in the partition.
> > > > > >>
> > > > > >> Every thing works fine. i.e. when I log in as the partition
> admin
> > > user
> > > > I
> > > > > >> can
> > > > > >> see the other entries of the partition.
> > > > > >>
> > > > > >> If I stop the Embeded server and start it then the newly
added
> > > > partition
> > > > > >> is
> > > > > >> not visible. This can be fixed by adding the partition again
> > > > > >>
> > > > > >> i.e.
> > > > > >>
> > > > > >>  public void addPartitionToTenant(Tenant tenant) throws
> > > > > UserStoreException
> > > > > >> {
> > > > > >>         try {
> > > > > >>
> > > > this.directoryService.addPartition(addNewPartition(tenant));
> > > > > >>             this.directoryService.sync();
> > > > > >>         } catch (Exception e) {
> > > > > >>             throw new UserStoreException("Can not add the
new
> > > > partition
> > > > > ",
> > > > > >> e);
> > > > > >>         }
> > > > > >>     }
> > > > > >>
> > > > > >> but after this when I log in as the admin user I can't see
the
> > other
> > > > > >> entries. However this entry is exists in the Adminsession.
> > > > > >>
> > > > > >> i.e
> > > > > >> String tenantSufix = getTenantSuffix(tenant.getDomain());
> > > > > >>             LdapDN adminACLEntrydn = new
> > LdapDN("cn=adminACLEntry,"
> > > +
> > > > > >> tenantSufix);
> > > > > >>             ServerEntry adminACLEntry =
> > > > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > > >>
> > > > > >> returns the correct an entry for adminACLEntry. however
I can
> not
> > > > delete
> > > > > >> this entry and if I tried so it gives a null pointer exception.
> > > > > >>
> > > > > >> i.e.
> > > > > >> at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
> > > > > >>     at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > > >>     at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
> > > > > >>     at
> > > > > >>
> > > > > >>
> > > > >
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
> > > > > >>
> > > > > >> Does ApacheDS persists accessControlSubentries ?
> > > > > >>
> > > > > >> Do I have to set any other attribute in order to do so?
> > > > > >>
> > > > > >> thanks,
> > > > > >> Amila.
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >>
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Regards,
> > > > > > Cordialement,
> > > > > > Emmanuel L├ęcharny
> > > > > > www.nextury.com
> > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Amila Suriarachchi
> > > > > WSO2 Inc.
> > > > > blog: http://amilachinthaka.blogspot.com/
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Ersin ER
> > > > http://www.ersiner.net
> > > >
> > >
> > >
> > >
> > > --
> > > Amila Suriarachchi
> > > WSO2 Inc.
> > > blog: http://amilachinthaka.blogspot.com/
> > >
> >
> >
> >
> > --
> > Ersin ER
> > http://www.ersiner.net
> >
>
>
>
> --
> Amila Suriarachchi
> WSO2 Inc.
> blog: http://amilachinthaka.blogspot.com/
>



-- 
Ersin ER
http://www.ersiner.net

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message