directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Edwards <Paul.Edwa...@hyro.com>
Subject RE: ApacheDS and other backends
Date Tue, 18 Jan 2011 23:16:00 GMT
Got it. All I need to do, was run this ldif against ou=config and its all good.

# Right this needs to be run to modify the config (against ou=config)
# The delegatingAuthenticator is m-oid=1.3.6.1.4.1.18060.0.4.1.3.904

dn: ads-authenticatorid=adpassthroughauthenticator,ou=authenticators,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
objectclass: top
objectclass: ads-base
objectclass: ads-authenticator
objectclass: ads-delegatingAuthenticator
ads-authenticatorid: adpassthroughauthenticator
ads-delegateHost: 192.168.56.101
ads-delegatePort: 389

dn: ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
ads-authenticators: anonymousauthenticator
ads-authenticators: simpleauthenticator
ads-authenticators: strongauthenticator
ads-authenticators: adpassthroughauthenticator
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
objectclass: ads-authenticationInterceptor
ads-interceptororder: 2
ads-interceptorid: authenticationInterceptor
ads-interceptorclassname: org.apache.directory.server.core.authn.AuthenticationInterceptor
ads-enabled: TRUE
--
Paul Edwards
Solutions Engineer
Identity Solutions Practice
---------------------------------------------------------
hyro
W www.hyro.com
________________________________________
From: Paul Edwards
Sent: Tuesday, 18 January 2011 2:44 p.m.
To: users@directory.apache.org
Subject: RE: ApacheDS and other backends

Further, I think the HelloWorldPartition example might need to be changed to look like the
below. I can't test, as at the moment I'm not sure how to add it.

org.apache.directory.samples.partition.hello;

import static org.apache.directory.shared.ldap.message.ResultCodeEnum.UNWILLING_TO_PERFORM;

import org.apache.directory.server.core.entry.ClonedServerEntry;
import org.apache.directory.server.core.filtering.BaseEntryFilteringCursor;
import org.apache.directory.server.core.filtering.EntryFilteringCursor;
import org.apache.directory.server.core.interceptor.context.AddOperationContext;
import org.apache.directory.server.core.interceptor.context.BindOperationContext;
import org.apache.directory.server.core.interceptor.context.DeleteOperationContext;
import org.apache.directory.server.core.interceptor.context.EntryOperationContext;
import org.apache.directory.server.core.interceptor.context.ListOperationContext;
import org.apache.directory.server.core.interceptor.context.LookupOperationContext;
import org.apache.directory.server.core.interceptor.context.ModifyOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveAndRenameOperationContext;
import org.apache.directory.server.core.interceptor.context.MoveOperationContext;
import org.apache.directory.server.core.interceptor.context.RenameOperationContext;
import org.apache.directory.server.core.interceptor.context.SearchOperationContext;
import org.apache.directory.server.core.interceptor.context.UnbindOperationContext;
import org.apache.directory.server.core.partition.AbstractPartition;
import org.apache.directory.shared.ldap.constants.SchemaConstants;
import org.apache.directory.shared.ldap.cursor.EmptyCursor;
import org.apache.directory.shared.ldap.cursor.SingletonCursor;
import org.apache.directory.shared.ldap.entry.DefaultEntry;
import org.apache.directory.shared.ldap.entry.Entry;
import org.apache.directory.shared.ldap.exception.LdapException;
import org.apache.directory.shared.ldap.exception.LdapInvalidDnException;
import org.apache.directory.shared.ldap.exception.LdapOperationException;
import org.apache.directory.shared.ldap.name.DN;
import org.apache.directory.shared.ldap.name.RDN;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class HelloWorldPartition extends AbstractPartition {

    /** Error message, if someone tries to modify the partition */
    private static final String MODIFICATION_NOT_ALLOWED_MSG = "This simple partition does
not allow modification";

    /** The logger */
    private static final Logger LOG = LoggerFactory
            .getLogger(HelloWorldPartition.class);

    private String id;

    private int cacheSize;

    private String suffix = "ou=hello";

    private DN suffixDn;

    private Entry helloEntry;

    public void doInit() throws Exception {

        String infoMsg = String.format("Initializing %s with suffix %s", this
                .getClass().getSimpleName(), this.suffix);
        LOG.info(infoMsg);

        // Create LDAP DN
        suffixDn = new DN(suffix);
        //suffixDn.normalize(core.getRegistries().getAttributeTypeRegistry()
        //        .getNormalizerMapping());
        suffixDn.normalize(this.schemaManager);
        RDN rdn = suffixDn.getRdn();

        // Create the only entry in this partition
        Entry entry = new DefaultEntry(this.schemaManager, this.suffixDn);
        entry.put(SchemaConstants.OBJECT_CLASS_AT, SchemaConstants.TOP_OC,
                SchemaConstants.ORGANIZATIONAL_UNIT_OC);
        entry.put(SchemaConstants.OU_AT, rdn.getUpValue().toString());
        entry.put("description", "hello, world", "a minimal partition");

        this.helloEntry = entry;

        LOG.info("Initializing done.");
    }

    public void doDestroy() throws Exception {
        LOG.info("destroying partition");
    }

    public DN getSuffixDn() throws Exception {
        return suffixDn;
    }

    public boolean hasEntry(EntryOperationContext ctx) {
        return ctx.getDn().equals(this.suffixDn);
    }

    public ClonedServerEntry lookup(LookupOperationContext ctx) {

        if (LOG.isDebugEnabled()) {
            LOG.debug("lookup(dn=" + ctx.getDn() + ")");
        }

        if (this.suffixDn.equals(ctx.getDn())) {
            return new ClonedServerEntry(helloEntry);
        } else {
            return null;
        }
    }

    public EntryFilteringCursor search(SearchOperationContext ctx) throws LdapException {

        if (LOG.isDebugEnabled()) {
            LOG.debug("search((dn=" + ctx.getDn() + ", filter="
                    + ctx.getFilter() + ", scope=" + ctx.getScope() + ")");
        }

        if (ctx.getDn().equals(this.suffixDn)) {
            switch (ctx.getScope()) {
            case OBJECT:
                // return a result with the only entry we have
                return new BaseEntryFilteringCursor(
                        new SingletonCursor<Entry>(this.helloEntry), ctx);
            }
        }

        // return an empty result
        return new BaseEntryFilteringCursor(new EmptyCursor<Entry>(), ctx);
    }

    public EntryFilteringCursor list(ListOperationContext opContext) {
        return null;
    }

    public ClonedServerEntry lookup(Long id) {
        return null;
    }

    public DN getSuffix() {
        return suffixDn;
    }

    /**
     * @throws IllegalArgumentException
     *             if suffix does not start with ou=
     */
    public void setSuffix(String suffix) {
        if (!suffix.startsWith("ou=")) {
            throw new IllegalArgumentException("suffix has to start with ou");
        }
        try {
                this.suffixDn = new DN(suffix);
        }
        catch(Exception e) {
                throw new IllegalArgumentException("Suffix incorrect", e);
        }
    }

    public void setSuffix(DN suffixDn) throws LdapInvalidDnException {
        this.suffixDn = suffixDn;
        }

    public String getId() {
        return id;
    }

    public void setId(String id) {
        this.id = id;
    }

    public int getCacheSize() {
        return cacheSize;
    }

    public void setCacheSize(int cacheSize) {
        this.cacheSize = cacheSize;
    }

    public void bind(BindOperationContext opContext) throws LdapException {
    }

    public void unbind(UnbindOperationContext opContext) throws LdapException {
    }

    // The following methods are not supported by this partition, bcause it is
    // readonly.
    public void add(AddOperationContext opContext)
            throws LdapException {
        throw new LdapOperationException(UNWILLING_TO_PERFORM, MODIFICATION_NOT_ALLOWED_MSG);
    }

    public void delete(DeleteOperationContext opContext)
            throws LdapException {
        throw new LdapOperationException(UNWILLING_TO_PERFORM, MODIFICATION_NOT_ALLOWED_MSG);
    }

    public void modify(ModifyOperationContext ctx)
            throws LdapException {
        throw new LdapOperationException(UNWILLING_TO_PERFORM, MODIFICATION_NOT_ALLOWED_MSG);
    }

    public void move(MoveOperationContext opContext)
            throws LdapException {
        throw new LdapOperationException(UNWILLING_TO_PERFORM, MODIFICATION_NOT_ALLOWED_MSG);
    }

    public void rename(RenameOperationContext opContext)
            throws LdapException {
        throw new LdapOperationException(UNWILLING_TO_PERFORM, MODIFICATION_NOT_ALLOWED_MSG);
    }

    public void moveAndRename(MoveAndRenameOperationContext opContext)
            throws LdapException {
        throw new LdapOperationException(UNWILLING_TO_PERFORM, MODIFICATION_NOT_ALLOWED_MSG);
    }

    public void sync() {
    }

}

--
Paul Edwards
Solutions Engineer
Identity Solutions Practice
---------------------------------------------------------
hyro
W www.hyro.com

________________________________________
From: Paul Edwards 
Sent: Tuesday, 18 January 2011 10:49 a.m.
To: users@directory.apache.org
Subject: RE: ApacheDS and other backends

Would I do this:

dn: ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directorySer
 viceId=default,ou=config
ads-authenticators: anonymousauthenticator
ads-authenticators: simpleauthenticator
ads-authenticators: strongauthenticator
ads-authenticators: passthroughauthenticator
objectclass: top
objectclass: ads-base
objectclass: ads-interceptor
objectclass: ads-authenticationInterceptor
entryUUID: 2becdd49-9e55-4498-bf44-8f97a8dc0570
ads-interceptororder: 2
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
createTimestamp: 20110117214303Z
entryCSN: 20110118104300.157000Z#000000#000#000000
ads-interceptorid: authenticationInterceptor
ads-interceptorclassname: org.apache.directory.server.core.authn.AuthenticationI
 nterceptor
ads-enabled: TRUE


Now how to define a authenticator... In partitions/schema/ou=schema/cn=adsconfig/ou=objectclasses/m-oid=1.3.6.1.4.1.18060.0.4.1.3.901.ldif
is the schema def
Sup object is ads-base in partitions/schema/ou=schema/cn=adsconfig/ou=objectclasses/m-oid=1.3.6.1.4.1.18060.0.4.1.3.0.ldif

dn: ads-authenticatorid=passthroughauthenticator,ou=authenticators,ads-interceptorId=
 authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=con
 fig
entryUUID: 5a3e9f51-c06c-4312-9e54-5a6df28be110
objectclass: top
objectclass: ads-base
objectclass: ads-authenticator
objectclass: ads-passthroughAuthenticator
creatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
createTimestamp: 20110117214303Z
entryCSN: 20110118104300.163000Z#000000#000#000000
ads-authenticatorid: passthroughauthenticator

Seems we have to define a new object for the schema:
version: 1
dn: m-oid=1.3.6.1.4.1.18060.0.4.1.3.904,ou=objectClasses,cn=adsconfig,ou=schema
m-supobjectclass: ads-authenticator
objectclass: metaObjectClass
objectclass: metaTop
objectclass: top
m-oid: 1.3.6.1.4.1.18060.0.4.1.3.904
m-name: ads-passthroughAuthenticator
m-description: simple authenticator
entryUUID: d14508bd-40e6-477b-b6c6-28e605ed3f01
creatorsname: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
createTimestamp: 20110117214304Z
entryCSN: 20110118104302.251000Z#000001#000#000000

not sure how thats linking to the class??? Must need to add some attributes for the host etc???

--
Paul Edwards
Solutions Engineer
Identity Solutions Practice
---------------------------------------------------------
hyro
W www.hyro.com

________________________________________
From: Paul Edwards
Sent: Tuesday, 18 January 2011 9:16 a.m.
To: users@directory.apache.org
Subject: RE: ApacheDS and other backends

Cool thanks for that, I now have it running in a way I want. (I'm starting it from spring,
had to override the ApacheDSService class so that I could inject InstanceLayout as you can't
pass an arg to an init method)

So I'm back to the original problem. I'm no longer sure how to configure the pass through
authenticator so that I can auth against AD. Also probably going to want to know who to configure
a custom partition.

I assume that http://directory.apache.org/apacheds/1.5/61-how-to-write-a-simple-custom-partition-for-apacheds.html
is still current enough for partition creation?
--
Paul Edwards
Solutions Engineer
Identity Solutions Practice
---------------------------------------------------------
hyro
W www.hyro.com

________________________________________
From: mail@stefan-seelmann.de [mail@stefan-seelmann.de] On Behalf Of Stefan Seelmann [seelmann@apache.org]
Sent: Monday, 17 January 2011 7:05 p.m.
To: users@directory.apache.org
Subject: Re: ApacheDS and other backends

Hi Paul,

On Mon, Jan 17, 2011 at 4:24 AM, Paul Edwards <Paul.Edwards@hyro.com> wrote:
> Right, I have checked out the trunk from SVN. I have built it, and installed it into
my local maven repository.
>
> I started trying to stand up a server. However I having issues with the server.xml, and
the xsd required to parse it.

Current trunk doesn't use a server.xml any more. Instead the
configuration is stored in ApacheDS.

In apacheds/service you get all to startup the server with its default
configuration, you can use the apacheds.sh or apacheds.bat script from
command line. Once started you can access the configuration below
ou=config using an LDAP browser. The configuration is stored in an
LDIF file: apacheds/service/target/instance/conf/config.ldif. Please
note that everything below target may be deleted when you rebuild the
server ;-)

There is no (or not much) documentation about the new configuration
yet, so please browse the configuration and ask if you have any
question.

Kind Regards,
Stefan

Mime
View raw message