directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Carlo.Acco...@ibs-ag.com>
Subject RE: [ApacheDS] Error 56
Date Fri, 01 Feb 2013 14:50:45 GMT
Hi,

Can you change the password on the user, from the Apache Directory Studio?  This would be
helpful to know.

There could be potentially of two problems. First, your stack trace shows are two modifications
for the password. A delete , then add.  
If this is how openam is 'updating' the password, I'm not sure this will work with the password
policy functionality. 
I'm pretty sure the operation needs to 'modify' the attribute, not delete it then put a new
one back. 

Then regarding this  exception ..
org.forgerock.opendj.ldap.ErrorResultException: No Such Attribute:

I would take a good look at the user[Pp]assword case differences. 
openam may be forcing your attribute definition to lowercase and this could be causing some
grief. 


-----Original Message-----
From: Patricio Demitrio [mailto:pdemitrio@scoop-gmbh.de] 
Sent: Friday, February 01, 2013 9:23 AM
To: users@directory.apache.org; elecharny@apache.org
Subject: Re: [ApacheDS] Error 56

Just a quick heads up. I was able to force openam to use the ldapv3 protocol. And I changed
the attibute "userPassword" to "userpassword" in the schema to match it to openam's

Maybe this is progress:
Now, apacheds is telling me:
----------------
[15:13:40] ERROR
[org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_56 Cannot remove an absent
value from attribute : ATTRIBUTE_TYPE ( 2.5.4.35  NAME 'userpassword'
 DESC RFC2256/2307: password of user
 EQUALITY octetStringMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
 USAGE userApplications
 )
------------------

and openam is telling me:
-------------------------
amLoginModule:02/01/2013 03:13:40:530 PM CET:
Thread[http-bio-8443-exec-8,5,main]
Validating password...
amAuthLDAP:02/01/2013 03:13:40:541 PM CET:
Thread[http-bio-8443-exec-8,5,main]
WARNING: Cannot update :
org.forgerock.opendj.ldap.ErrorResultException: No Such Attribute:
NO_SUCH_ATTRIBUTE: failed for MessageType : MODIFY_REQUEST Message ID : 6
    Modify Request
        Object : 'uid=user8,ou=people,dc=example,dc=com'
            Modification[0]
                Operation :  delete
                Modification
    userpassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x31 '
            Modification[1]
                Operation :  add
                Modification
    userpassword: '0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 0x32 '
org.apache.directory.shared.ldap.model.message.ModifyRequestImpl@6e2352a9org.apache.directory.shared.ldap.extras.controls.ppolicy.PasswordPolicyImpl@5c71949b:
ERR_56 Cannot remove an absent value from attribute : ATTRIBUTE_TYPE (
2.5.4.35
 NAME 'userpassword'
 DESC RFC2256/2307: password of user
 EQUALITY octetStringMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
 USAGE userApplications
 )

at
org.forgerock.opendj.ldap.ErrorResultException.newErrorResult(ErrorResultException.java:235)
at
com.forgerock.opendj.ldap.AbstractLDAPFutureResultImpl.setResultOrError(AbstractLDAPFutureResultImpl.java:160)
at
com.forgerock.opendj.ldap.LDAPClientFilter$1.modifyResult(LDAPClientFilter.java:378)
at
com.forgerock.opendj.ldap.LDAPClientFilter$1.modifyResult(LDAPClientFilter.java:73)
at
com.forgerock.opendj.ldap.LDAPReader.decodeModifyResult(LDAPReader.java:1297)
at
com.forgerock.opendj.ldap.LDAPReader.decodeProtocolOp(LDAPReader.java:1393)
at com.forgerock.opendj.ldap.LDAPReader.decode(LDAPReader.java:172)
at
com.forgerock.opendj.ldap.LDAPClientFilter.handleRead(LDAPClientFilter.java:614)
at
org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
at
org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:286)
at
org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:223)
at
org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:155)
at
org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:134)
at
org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:78)
at
org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:829)
at
org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:103)
at
org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:111)
at
org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
at
org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:131)
at
org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:508)
at
org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:488)
at java.lang.Thread.run(Unknown Source)
---------------------


On Fri, Feb 1, 2013 at 11:09 AM, Emmanuel Lécharny <elecharny@gmail.com>wrote:

> Le 2/1/13 10:45 AM, Patricio Demitrio a écrit :
> > Hi Carlo, I got an answer from the openam team.
> > Apparently openam is using ldapv2 to change the password, and that 
> > is
> where
> > the problem probably resides.
> >
> > So I'm guessing I'm reaching a dead end here, unless I configure 
> > apacheds to work with ldapv2, but I don't know if that's an option.
> ApacheDS should work with LDAPV2, but there might have some specific 
> part that might need some tweaking, and I have no idea what kind of 
> tweaks need to be done atm...
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.iktek.com
>
>

Mime
View raw message