directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Edwards <>
Subject RE: ApacheDS and other backends
Date Mon, 17 Jan 2011 23:49:17 GMT
Would I do this:

dn: ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directorySer
ads-authenticators: anonymousauthenticator
ads-authenticators: simpleauthenticator
ads-authenticators: strongauthenticator
ads-authenticators: passthroughauthenticator
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
objectclass: ads-authenticationInterceptor
entryUUID: 2becdd49-9e55-4498-bf44-8f97a8dc0570
ads-interceptororder: 2
creatorsName: 0.9.2342.19200300.100.1.1=admin,
createTimestamp: 20110117214303Z
entryCSN: 20110118104300.157000Z#000000#000#000000
ads-interceptorid: authenticationInterceptor
ads-enabled: TRUE

Now how to define a authenticator... In partitions/schema/ou=schema/cn=adsconfig/ou=objectclasses/m-oid=
is the schema def
Sup object is ads-base in partitions/schema/ou=schema/cn=adsconfig/ou=objectclasses/m-oid=

dn: ads-authenticatorid=passthroughauthenticator,ou=authenticators,ads-interceptorId=
entryUUID: 5a3e9f51-c06c-4312-9e54-5a6df28be110
objectclass: top
objectclass: ads-base
objectclass: ads-authenticator
objectclass: ads-passthroughAuthenticator
creatorsName: 0.9.2342.19200300.100.1.1=admin,
createTimestamp: 20110117214303Z
entryCSN: 20110118104300.163000Z#000000#000#000000
ads-authenticatorid: passthroughauthenticator

Seems we have to define a new object for the schema:
version: 1
dn: m-oid=,ou=objectClasses,cn=adsconfig,ou=schema
m-supobjectclass: ads-authenticator
objectclass: metaObjectClass
objectclass: metaTop
objectclass: top
m-name: ads-passthroughAuthenticator
m-description: simple authenticator
entryUUID: d14508bd-40e6-477b-b6c6-28e605ed3f01
creatorsname: 0.9.2342.19200300.100.1.1=admin,
createTimestamp: 20110117214304Z
entryCSN: 20110118104302.251000Z#000001#000#000000

not sure how thats linking to the class??? Must need to add some attributes for the host etc???

Paul Edwards
Solutions Engineer
Identity Solutions Practice

From: Paul Edwards []
Sent: Tuesday, 18 January 2011 9:16 a.m.
Subject: RE: ApacheDS and other backends

Cool thanks for that, I now have it running in a way I want. (I'm starting it from spring,
had to override the ApacheDSService class so that I could inject InstanceLayout as you can't
pass an arg to an init method)

So I'm back to the original problem. I'm no longer sure how to configure the pass through
authenticator so that I can auth against AD. Also probably going to want to know who to configure
a custom partition.

I assume that
is still current enough for partition creation?
Paul Edwards
Solutions Engineer
Identity Solutions Practice

From: [] On Behalf Of Stefan Seelmann []
Sent: Monday, 17 January 2011 7:05 p.m.
Subject: Re: ApacheDS and other backends

Hi Paul,

On Mon, Jan 17, 2011 at 4:24 AM, Paul Edwards <> wrote:
> Right, I have checked out the trunk from SVN. I have built it, and installed it into
my local maven repository.
> I started trying to stand up a server. However I having issues with the server.xml, and
the xsd required to parse it.

Current trunk doesn't use a server.xml any more. Instead the
configuration is stored in ApacheDS.

In apacheds/service you get all to startup the server with its default
configuration, you can use the or apacheds.bat script from
command line. Once started you can access the configuration below
ou=config using an LDAP browser. The configuration is stored in an
LDIF file: apacheds/service/target/instance/conf/config.ldif. Please
note that everything below target may be deleted when you rebuild the
server ;-)

There is no (or not much) documentation about the new configuration
yet, so please browse the configuration and ask if you have any

Kind Regards,

View raw message