directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: [ApacheDS] Never reaching PasswordPolicyImpl in custom server
Date Wed, 27 Feb 2013 06:58:39 GMT
hmm, I don't see anything obvious causing this error
would it be possible to share the code of EigerLDAPServer.java?
(stripping any confidential code ofcourse or you can share with me
privately)

On Tue, Feb 26, 2013 at 8:11 PM, Patricio Demitrio
<pdemitrio@scoop-gmbh.de>wrote:

> Hi Kiran,
> I've been trying to implement these Interceptor concept. So far, the ldap
> server starts with no errors, but the error appears when I try to connect
> to it, or when I try to update the admin password.
>
> Thanks in advance for all your help, it's greatly appreciated.
>
>
> Here's what I see in the logs when I try to change the password:
> ------------------------------------------------
> 2013.02.26 14:18:08,344 DEBUG [main]
> org.apache.directory.server.core.DefaultOperationManager [] - >>
> ModifyOperation : ModifyContext for Dn 'uid=admin,ou=system', modifications
> :
> Modification: replace
> , attribute : userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x71 0x6A 0x62 0x63
> 0x6A 0x31 0x2B 0x4B 0x37 0x39 0x65 ...'
>
>
> 2013.02.26 14:18:08,344 DEBUG [main] LOG_CHANGES [] - >> ModifyOperation :
> ModifyContext for Dn 'uid=admin,ou=system', modifications :
> Modification: replace
> , attribute : userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x71 0x6A 0x62 0x63
> 0x6A 0x31 0x2B 0x4B 0x37 0x39 0x65 ...'
>
>
> 2013.02.26 14:18:08,345 DEBUG [main]
> org.apache.directory.api.ldap.model.schema.comparators.UuidComparator [] -
> comparing UUID objects 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0' with
> '8e9871aa-0ee1-4bdb-a8e1-1177d846b066'
> 2013.02.26 14:18:08,345 DEBUG [main]
> org.apache.directory.api.ldap.model.schema.comparators.UuidComparator [] -
> comparing UUID objects 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0' with
> 'b86ef59f-40c4-4570-90dc-299ae195223a'
> 2013.02.26 14:18:08,345 DEBUG [main]
> org.apache.directory.api.ldap.model.schema.comparators.UuidComparator [] -
> comparing UUID objects 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0' with
> 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0'
> 2013.02.26 14:18:08,345 ERROR [main] de.scoopgmbh.eiger.app.main.EigerLDAP
> [] - Failed changing connection user password:
> java.lang.NullPointerException
>         at
>
> org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:212)
>         at
>
> org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
>         at
>
> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:571)
>         at
>
> org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:545)
>         at
>
> de.scoopgmbh.eiger.app.ldap.server.EigerLDAPServer.changeConnectionUserPassword(EigerLDAPServer.java:425)
> -----------------------------------------------------
>
> If I try to connect using apache studio (or just check the connection
> credentials), the ldap server records this:
> ---------------------------
> 2013.02.26 15:13:28,796 ERROR [pool-4-thread-1]
> org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler [] -
> ERR_169 failed to unbind session properly
> java.lang.NullPointerException
> at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266)
> at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
> at
>
> org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1170)
> at
>
> org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230)
> at
>
> org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
> at
>
> org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50)
> at
>
> org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38)
> at
>
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219)
> at
>
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> at
>
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> at
>
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> at
> org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> at
>
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> at
>
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> at java.lang.Thread.run(Thread.java:722)
> 2013.02.26 15:13:35,372 ERROR [pool-4-thread-1]
> org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler [] -
> ERR_169 failed to unbind session properly
> java.lang.NullPointerException
> at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266)
> at
>
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
> at
>
> org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1170)
> at
>
> org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230)
> at
>
> org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
> at
>
> org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50)
> at
>
> org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38)
> at
>
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219)
> at
>
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> at
>
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> at
>
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> at
>
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> at
> org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> at
>
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> at
>
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> at java.lang.Thread.run(Thread.java:722)
>
>
> On Thu, Feb 21, 2013 at 4:03 PM, Kiran Ayyagari <kayyagari@apache.org
> >wrote:
>
> > ok, I see why they are not active, in embed mode the policy is not loaded
> > by default
> >
> > It is a little more involved if you want to load them using config
> > partition. Take a look at method createPwdPolicyConfig() and
> > createInterceptors() method in [1]
> >
> > If you want to do it in a truly embedded fashion then create
> >
> > PasswordPolicyConfiguration passwordPolicy = new
> > PasswordPolicyConfiguration();
> > // set all the policy config values like
> > // passwordPolicy.setPwdLockout(true)
> >
> > PpolicyConfigContainer ppolicyContainer = new PpolicyConfigContainer();
> > ppolicyContainer.setDefaultPolicy( ppolicyConfig );
> >
> > // then set this container in authentication interceptor
> > AuthenticationInterceptor interceptor = ( AuthenticationInterceptor )
> > getDirectoryService().getInterceptor(
> > InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName() )
> > interceptor.setPwdPolicies( ppolicyContainer );
> >
> > let us know if you have any issues
> >
> > [1]
> >
> >
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
> >
> > On Thu, Feb 21, 2013 at 6:20 PM, Patricio Demitrio
> > <pdemitrio@scoop-gmbh.de>wrote:
> >
> > > Yes, it is in enabled. Remember that password policies and users are
> > equal
> > > in both my configurations. I'm guessing that it has something to do
> woth
> > > how I'm loading the config partition, or maybe how I'm processing the
> > > bindings/searches.
> > > Thanks
> > > --------------------------------------------------------------
> > > 2013.02.21 11:34:39,994 DEBUG [main]
> > > org.apache.directory.api.ldap.model.ldif.LdifReader [] - Read an entry
> :
> > > dn:
> > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationI
> > >  nterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> > > ads-pwdexpirewarning: 600
> > > ads-pwdmaxfailure: 5
> > > ads-pwdgraceexpire: 0
> > > entryparentid: 92ad55fe-9a98-45a2-be5e-04237981d6dd
> > > ads-pwdgraceauthnlimit: 5
> > > ads-pwdsafemodify: FALSE
> > > ads-pwdlockout: TRUE
> > > ads-pwdid: default
> > > ads-pwdminage: 0
> > > ads-pwdinhistory: 5
> > > ads-pwdmaxidle: 0
> > > ads-pwdmindelay: 0
> > > objectclass: top
> > > objectclass: ads-base
> > > objectclass: ads-passwordPolicy
> > > ads-enabled: TRUE
> > > entryuuid: 386bf5c1-547e-4cd1-ab28-432ebbac1bab
> > > modifiersname: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> > > ads-pwdfailurecountinterval: 30
> > > ads-pwdattribute: userPassword
> > > ads-pwdmustchange: TRUE
> > > ads-pwdlockoutduration: 0
> > > ads-pwdallowuserchange: TRUE
> > > ads-pwdmaxdelay: 0
> > > ads-pwdcheckquality: 1
> > > modifytimestamp: 20130215105701.444Z
> > > entrycsn: 20130215105701.444000Z#000000#001#000000
> > > ads-pwdminlength: 5
> > > ads-pwdmaxage: 0
> > > ads-pwdmaxlength: 0
> > >
> > >
> > >
> > > On Thu, Feb 21, 2013 at 1:25 PM, Emmanuel Lécharny <
> elecharny@gmail.com
> > > >wrote:
> > >
> > > > Le 2/21/13 1:13 PM, Patricio Demitrio a écrit :
> > > > > I'm using the grep command to search in the log files, but the
> > results
> > > > are
> > > > > way too much to analyze. Can you tell me specifically what to look?
> > > > > Thanks
> > > > Look at dn:
> > > >
> > > >
> > >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> > > >
> > > >
> > > > the ads-enabled value should be TRUE
> > > >
> > > >
> > > > --
> > > > Regards,
> > > > Cordialement,
> > > > Emmanuel Lécharny
> > > > www.iktek.com
> > > >
> > > >
> > >
> >
> >
> >
> > --
> > Kiran Ayyagari
> > http://keydap.com
> >
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message