directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patricio Demitrio <pdemit...@scoop-gmbh.de>
Subject Re: [ApacheDS] Never reaching PasswordPolicyImpl in custom server
Date Tue, 26 Feb 2013 14:41:18 GMT
Hi Kiran,
I've been trying to implement these Interceptor concept. So far, the ldap
server starts with no errors, but the error appears when I try to connect
to it, or when I try to update the admin password.

Thanks in advance for all your help, it's greatly appreciated.


Here's what I see in the logs when I try to change the password:
------------------------------------------------
2013.02.26 14:18:08,344 DEBUG [main]
org.apache.directory.server.core.DefaultOperationManager [] - >>
ModifyOperation : ModifyContext for Dn 'uid=admin,ou=system', modifications
:
Modification: replace
, attribute : userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x71 0x6A 0x62 0x63
0x6A 0x31 0x2B 0x4B 0x37 0x39 0x65 ...'


2013.02.26 14:18:08,344 DEBUG [main] LOG_CHANGES [] - >> ModifyOperation :
ModifyContext for Dn 'uid=admin,ou=system', modifications :
Modification: replace
, attribute : userPassword: '0x7B 0x53 0x48 0x41 0x7D 0x71 0x6A 0x62 0x63
0x6A 0x31 0x2B 0x4B 0x37 0x39 0x65 ...'


2013.02.26 14:18:08,345 DEBUG [main]
org.apache.directory.api.ldap.model.schema.comparators.UuidComparator [] -
comparing UUID objects 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0' with
'8e9871aa-0ee1-4bdb-a8e1-1177d846b066'
2013.02.26 14:18:08,345 DEBUG [main]
org.apache.directory.api.ldap.model.schema.comparators.UuidComparator [] -
comparing UUID objects 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0' with
'b86ef59f-40c4-4570-90dc-299ae195223a'
2013.02.26 14:18:08,345 DEBUG [main]
org.apache.directory.api.ldap.model.schema.comparators.UuidComparator [] -
comparing UUID objects 'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0' with
'd7b84279-3ff7-4ea9-8ad7-6ac822f51cf0'
2013.02.26 14:18:08,345 ERROR [main] de.scoopgmbh.eiger.app.main.EigerLDAP
[] - Failed changing connection user password:
java.lang.NullPointerException
        at
org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:212)
        at
org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:782)
        at
org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:571)
        at
org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:545)
        at
de.scoopgmbh.eiger.app.ldap.server.EigerLDAPServer.changeConnectionUserPassword(EigerLDAPServer.java:425)
-----------------------------------------------------

If I try to connect using apache studio (or just check the connection
credentials), the ldap server records this:
---------------------------
2013.02.26 15:13:28,796 ERROR [pool-4-thread-1]
org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler [] -
ERR_169 failed to unbind session properly
java.lang.NullPointerException
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1170)
at
org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230)
at
org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
at
org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50)
at
org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:722)
2013.02.26 15:13:35,372 ERROR [pool-4-thread-1]
org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler [] -
ERR_169 failed to unbind session properly
java.lang.NullPointerException
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1170)
at
org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230)
at
org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
at
org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50)
at
org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at
org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Thread.java:722)


On Thu, Feb 21, 2013 at 4:03 PM, Kiran Ayyagari <kayyagari@apache.org>wrote:

> ok, I see why they are not active, in embed mode the policy is not loaded
> by default
>
> It is a little more involved if you want to load them using config
> partition. Take a look at method createPwdPolicyConfig() and
> createInterceptors() method in [1]
>
> If you want to do it in a truly embedded fashion then create
>
> PasswordPolicyConfiguration passwordPolicy = new
> PasswordPolicyConfiguration();
> // set all the policy config values like
> // passwordPolicy.setPwdLockout(true)
>
> PpolicyConfigContainer ppolicyContainer = new PpolicyConfigContainer();
> ppolicyContainer.setDefaultPolicy( ppolicyConfig );
>
> // then set this container in authentication interceptor
> AuthenticationInterceptor interceptor = ( AuthenticationInterceptor )
> getDirectoryService().getInterceptor(
> InterceptorEnum.AUTHENTICATION_INTERCEPTOR.getName() )
> interceptor.setPwdPolicies( ppolicyContainer );
>
> let us know if you have any issues
>
> [1]
>
> http://svn.apache.org/repos/asf/directory/apacheds/trunk/service-builder/src/main/java/org/apache/directory/server/config/builder/ServiceBuilder.java
>
> On Thu, Feb 21, 2013 at 6:20 PM, Patricio Demitrio
> <pdemitrio@scoop-gmbh.de>wrote:
>
> > Yes, it is in enabled. Remember that password policies and users are
> equal
> > in both my configurations. I'm guessing that it has something to do woth
> > how I'm loading the config partition, or maybe how I'm processing the
> > bindings/searches.
> > Thanks
> > --------------------------------------------------------------
> > 2013.02.21 11:34:39,994 DEBUG [main]
> > org.apache.directory.api.ldap.model.ldif.LdifReader [] - Read an entry :
> > dn:
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationI
> >  nterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> > ads-pwdexpirewarning: 600
> > ads-pwdmaxfailure: 5
> > ads-pwdgraceexpire: 0
> > entryparentid: 92ad55fe-9a98-45a2-be5e-04237981d6dd
> > ads-pwdgraceauthnlimit: 5
> > ads-pwdsafemodify: FALSE
> > ads-pwdlockout: TRUE
> > ads-pwdid: default
> > ads-pwdminage: 0
> > ads-pwdinhistory: 5
> > ads-pwdmaxidle: 0
> > ads-pwdmindelay: 0
> > objectclass: top
> > objectclass: ads-base
> > objectclass: ads-passwordPolicy
> > ads-enabled: TRUE
> > entryuuid: 386bf5c1-547e-4cd1-ab28-432ebbac1bab
> > modifiersname: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=system
> > ads-pwdfailurecountinterval: 30
> > ads-pwdattribute: userPassword
> > ads-pwdmustchange: TRUE
> > ads-pwdlockoutduration: 0
> > ads-pwdallowuserchange: TRUE
> > ads-pwdmaxdelay: 0
> > ads-pwdcheckquality: 1
> > modifytimestamp: 20130215105701.444Z
> > entrycsn: 20130215105701.444000Z#000000#001#000000
> > ads-pwdminlength: 5
> > ads-pwdmaxage: 0
> > ads-pwdmaxlength: 0
> >
> >
> >
> > On Thu, Feb 21, 2013 at 1:25 PM, Emmanuel Lécharny <elecharny@gmail.com
> > >wrote:
> >
> > > Le 2/21/13 1:13 PM, Patricio Demitrio a écrit :
> > > > I'm using the grep command to search in the log files, but the
> results
> > > are
> > > > way too much to analyze. Can you tell me specifically what to look?
> > > > Thanks
> > > Look at dn:
> > >
> > >
> >
> ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> > >
> > >
> > > the ads-enabled value should be TRUE
> > >
> > >
> > > --
> > > Regards,
> > > Cordialement,
> > > Emmanuel Lécharny
> > > www.iktek.com
> > >
> > >
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message