Return-Path: 
 <users-return-2994-apmail-directory-users-archive=directory.apache.org@directory.apache.org>
Delivered-To: apmail-directory-users-archive@www.apache.org
Received: (qmail 33161 invoked from network); 5 Mar 2010 05:52:08 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 5 Mar 2010 05:52:08 -0000
Received: (qmail 21569 invoked by uid 500); 5 Mar 2010 05:51:56 -0000
Delivered-To: apmail-directory-users-archive@directory.apache.org
Received: (qmail 20891 invoked by uid 500); 5 Mar 2010 05:51:53 -0000
Mailing-List: contact users-help@directory.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:users-help@directory.apache.org>
List-Unsubscribe: <mailto:users-unsubscribe@directory.apache.org>
List-Post: <mailto:users@directory.apache.org>
List-Id: <users.directory.apache.org>
Reply-To: users@directory.apache.org
Delivered-To: mailing list users@directory.apache.org
Received: (qmail 20883 invoked by uid 99); 5 Mar 2010 05:51:52 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Mar 2010 05:51:52 +0000
X-ASF-Spam-Status: No, hits=4.7 required=10.0
	tests=FREEMAIL_FROM,FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_NONE,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of amilasuriarachchi@gmail.com
 designates 209.85.160.50 as permitted sender)
Received: from [209.85.160.50] (HELO mail-pw0-f50.google.com) (209.85.160.50)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 05 Mar 2010 05:51:50 +0000
Received: by pwi8 with SMTP id 8so2320106pwi.37
        for <users@directory.apache.org>;
 Thu, 04 Mar 2010 21:51:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:received:in-reply-to:references
         :date:message-id:subject:from:to:content-type;
        bh=zv94+ZeiGLfX2KL9OI+mdUTA3RNOWO9i8pA3dmG/okA=;
        b=poV73YxB0rwrjMRi6LfC8fxX7F+DA0xfnQeuvLKvPZKjWoQkZdTZ4S3LXL57EXW+TV
         Is1pdqvXLYM5/Tq/8osWvc6+oMqWu5vzHyfX6UdxeglNLiLPaQGkcZPkJV5M3x0WXlwk
         VkynkUYV8x+/GBLExKKWWO+a8JRWJ3xgQHF6c=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        b=xSIWLH1y3sbUYv655avka4BygT6QWRDzuy4b27jAj+eFwnUveBO+80ujypj0vvRVcA
         AQ6feIQHnQ1jGO8z29/v0bPGO7anv1pOF3483n2m3t+UnVcNdkzprTLTejdtPcAxYs5m
         LzcRRKgrId2CM5AKuSo5kMmJl67x3HfsipLRs=
MIME-Version: 1.0
Received: by 10.142.119.28 with SMTP id r28mr315106wfc.227.1267768289387;
 Thu,
	04 Mar 2010 21:51:29 -0800 (PST)
In-Reply-To: <a1b4a6611003030331l23d58731l654a4566bac15dc6@mail.gmail.com>
References: <60708f4b1003030131r1e8849c0gd6950feacc45e72f@mail.gmail.com>
	 <4B8E2EF0.8040301@gmail.com>
	 <60708f4b1003030203v11e822adv732763f18af3c29d@mail.gmail.com>
	 <a1b4a6611003030303x5da09994q67853cafd80cf41c@mail.gmail.com>
	 <60708f4b1003030307qaac934bmb557b4da1cc98c02@mail.gmail.com>
	 <a1b4a6611003030331l23d58731l654a4566bac15dc6@mail.gmail.com>
Date: Fri, 5 Mar 2010 11:21:29 +0530
Message-ID: <60708f4b1003042151h554698e1m421c57595c0a01d0@mail.gmail.com>
Subject: Re: persisting subentries
From: Amila Suriarachchi <amilasuriarachchi@gmail.com>
To: users@directory.apache.org
Content-Type: multipart/alternative; boundary=001636e0b67d8be3ca0481074e1f

--001636e0b67d8be3ca0481074e1f
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

hi,

I used the following code to initialise the interceptors and it worked fine=
.

List<Interceptor> interceptors =3D this.directoryService.getInterceptors();
            for (Interceptor interceptor : interceptors) {
                interceptor.init(this.directoryService);
            }

thanks a lot.

Amila.

On Wed, Mar 3, 2010 at 5:01 PM, Ersin Er <ersin.er@gmail.com> wrote:

> If I am not mistaken, ApacheDS cannot lookup for exising partitions durin=
g
> startup. You need to specify even existing partitions as a configuration
> parameter. That's why such a section exists in server.xml. In case of
> embedding I guess you need to add the partition on each startup. Adding a
> partition means making the server aware of it. After adding it you can
> check
> whether the root entry exists and also add it if necessary (which means t=
he
> partition is being created for the first time).
>
> BTW, both the partition and the interceptor chain needs to be initialized
> correctly and also the chain should include Subentry and ACI Authorizatio=
n
> interceptors in your case.
>
> On Wed, Mar 3, 2010 at 13:07, Amila Suriarachchi <
> amilasuriarachchi@gmail.com> wrote:
>
> > On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <ersin.er@gmail.com> wrote:
> >
> > > If the partition has not been appropriately initialized during startu=
p,
> > the
> > > subentryCache may not have been filled up with existing subentries'
> > > information. So trying to remove an non-existent entry from the cache
> can
> > > result in NPE.
> > >
> > > However I am not sure as I do not know exactly which like is the 599t=
h
> > one.
> > >
> > > If I am correct you need to solve the problem of partition
> initialization
> > > first. This may not be really directly related to Subentries or Acces=
s
> > > Control Subsystem.
> > >
> >
> > if I create a partition programatically, does ApacheDS suppose to save
> the
> > partition and make
> > that available at the re start of the server?
> >
> > thanks,
> > Amila.
> >
> > >
> > > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi <
> > > amilasuriarachchi@gmail.com> wrote:
> > >
> > > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <
> elecharny@gmail.com
> > > > >wrote:
> > > >
> > > > > Can you try to call the DirectoryService sync() method before
> closing
> > > the
> > > > > server ? Data are flushed on disk every 15 secondes by defaultn
> that
> > > > could
> > > > > explain why you don't get your data persisted (this is configured=
,
> > and
> > > if
> > > > > you set the default value to 0, everything is flushed immediately=
,
> at
> > > the
> > > > > price of a slower server)
> > > >
> > > >
> > > > I set the sync time to 0. but still have the problem.
> > > >
> > > > As I can see this entry is can be seen if I access it with
> > > >
> > > > ServerEntry adminACLEntry =3D
> > > > this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > >
> > > > but for some reason it seems to be not working.
> > > >
> > > > If I try to delete it, it gives a null pointer exception here.
> > > > (SubEntryInterceptor.java 599)
> > > >
> > > >  if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
> > > >        {
> > > >            SubtreeSpecification ss =3D subentryCache.removeSubentry=
(
> > > > name.toNormName() ).getSubtreeSpecification();
> > > >            next.delete( opContext );
> > > >
> > > > at this point subentryCache is empty.
> > > >
> > > > thanks,
> > > > Amila.
> > > >
> > > >
> > > >
> > > > >
> > > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
> > > > >
> > > > >> hi all,
> > > > >>
> > > > >> In our code we programatically add partitions to embeded Apache =
DS
> > > > server
> > > > >> with the following code
> > > > >>
> > > > >> JdbmPartition partition =3D addNewPartition(tenant);
> > > > >>
> > > > >>         try {
> > > > >>             this.directoryService.addPartition(partition);
> > > > >>             try {
> > > > >>
> > > > >>
> > >
> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
> > > > >>             } catch (Exception e) {
> > > > >>                 LdapDN tenantdn =3D new
> > > > >> LdapDN(getTenantSuffix(tenant.getDomain()));
> > > > >>                 ServerEntry tenantEntry =3D
> > > > >> this.directoryService.newEntry(tenantdn);
> > > > >>                 tenantEntry.add("objectClass", "top",
> > "organization",
> > > > >> "extensibleObject");
> > > > >>                 tenantEntry.add("o", tenant.getDomain());
> > > > >>                 tenantEntry.add("manager", "uid=3D" +
> > > > tenant.getAdminName()
> > > > >> +
> > > > >> "," + partition.getSuffix());
> > > > >>                 tenantEntry.add("administrativeRole",
> > > > >> "accessControlSpecificArea");
> > > > >>
> > > > >>
> > > > this.directoryService.getAdminSession().add(tenantEntry);
> > > > >>
> > > > >>                 addAdminACLEntry(tenant, partition.getSuffix());
> > > > >>                 addAdmin(tenant, partition.getSuffix());
> > > > >>
> > > > >>                 LdapDN usersdn =3D new LdapDN("ou=3Dusers," +
> > > > >> partition.getSuffixDn());
> > > > >>                 ServerEntry usersEntry =3D
> > > > >> this.directoryService.newEntry(usersdn);
> > > > >>                 usersEntry.add("objectClass",
> "organizationalUnit",
> > > > >> "top");
> > > > >>                 usersEntry.add("ou", "users");
> > > > >>
> > > > >>
> > > this.directoryService.getAdminSession().add(usersEntry);
> > > > >>
> > > > >>             }
> > > > >>         } catch (Exception e) {
> > > > >>             throw new UserStoreException("Could not add the
> > partition
> > > ",
> > > > >> e);
> > > > >>         }
> > > > >>         return tenant.getId();
> > > > >>
> > > > >> addAdminACLEntry method looks like this,
> > > > >>
> > > > >>  private void addAdminACLEntry(Tenant tenant, String tenantSufix=
)
> > > throws
> > > > >> Exception {
> > > > >>         //add the permission entry
> > > > >>         LdapDN adminACLEntrydn =3D new LdapDN("cn=3DadminACLEntr=
y," +
> > > > >> tenantSufix);
> > > > >>         ServerEntry adminACLEntry =3D
> > > > >> directoryService.newEntry(adminACLEntrydn);
> > > > >>         adminACLEntry.add("objectClass", "accessControlSubentry"=
,
> > > > >> "subentry", "top");
> > > > >>         adminACLEntry.add("cn", "adminACLEntry");
> > > > >>         adminACLEntry.add("prescriptiveACI", "{ identificationTa=
g
> > > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, =
"
> +
> > > > >>                 "itemOrUserFirst userFirst: { userClasses { name=
 {
> > > > \"uid=3D"
> > > > >> +
> > > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
> > > > >>                 "userPermissions { { protectedItems { entry,
> > > > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse=
,
> > > > >> grantFilterMatch, grantModify, grantAdd, grantCompare,
> grantRename,
> > > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
> > > > >> grantExport, grantDiscloseOnError } } } } }");
> > > > >>         adminACLEntry.add("subtreeSpecification", "{ }");
> > > > >>
> > > > >>         directoryService.getAdminSession().add(adminACLEntry);
> > > > >>     }
> > > > >>
> > > > >> this adminACLEntry is used to give the access rights to admin us=
er
> > to
> > > > >> other
> > > > >> entries in the partition.
> > > > >>
> > > > >> Every thing works fine. i.e. when I log in as the partition admi=
n
> > user
> > > I
> > > > >> can
> > > > >> see the other entries of the partition.
> > > > >>
> > > > >> If I stop the Embeded server and start it then the newly added
> > > partition
> > > > >> is
> > > > >> not visible. This can be fixed by adding the partition again
> > > > >>
> > > > >> i.e.
> > > > >>
> > > > >>  public void addPartitionToTenant(Tenant tenant) throws
> > > > UserStoreException
> > > > >> {
> > > > >>         try {
> > > > >>
> > > this.directoryService.addPartition(addNewPartition(tenant));
> > > > >>             this.directoryService.sync();
> > > > >>         } catch (Exception e) {
> > > > >>             throw new UserStoreException("Can not add the new
> > > partition
> > > > ",
> > > > >> e);
> > > > >>         }
> > > > >>     }
> > > > >>
> > > > >> but after this when I log in as the admin user I can't see the
> other
> > > > >> entries. However this entry is exists in the Adminsession.
> > > > >>
> > > > >> i.e
> > > > >> String tenantSufix =3D getTenantSuffix(tenant.getDomain());
> > > > >>             LdapDN adminACLEntrydn =3D new
> LdapDN("cn=3DadminACLEntry,"
> > +
> > > > >> tenantSufix);
> > > > >>             ServerEntry adminACLEntry =3D
> > > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
> > > > >>
> > > > >> returns the correct an entry for adminACLEntry. however I can no=
t
> > > delete
> > > > >> this entry and if I tried so it gives a null pointer exception.
> > > > >>
> > > > >> i.e.
> > > > >> at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(Suben=
tryInterceptor.java:599)
> > > > >>     at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.del=
ete(InterceptorChain.java:1176)
> > > > >>     at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaIn=
terceptor.java:2157)
> > > > >>     at
> > > > >>
> > > > >>
> > > >
> > >
> >
> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.del=
ete(InterceptorChain.java:1176)
> > > > >>
> > > > >> Does ApacheDS persists accessControlSubentries ?
> > > > >>
> > > > >> Do I have to set any other attribute in order to do so?
> > > > >>
> > > > >> thanks,
> > > > >> Amila.
> > > > >>
> > > > >>
> > > > >>
> > > > >>
> > > > >
> > > > >
> > > > > --
> > > > > Regards,
> > > > > Cordialement,
> > > > > Emmanuel L=E9charny
> > > > > www.nextury.com
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > Amila Suriarachchi
> > > > WSO2 Inc.
> > > > blog: http://amilachinthaka.blogspot.com/
> > > >
> > >
> > >
> > >
> > > --
> > > Ersin ER
> > > http://www.ersiner.net
> > >
> >
> >
> >
> > --
> > Amila Suriarachchi
> > WSO2 Inc.
> > blog: http://amilachinthaka.blogspot.com/
> >
>
>
>
> --
> Ersin ER
> http://www.ersiner.net
>



--=20
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/

--001636e0b67d8be3ca0481074e1f--