Return-Path: X-Original-To: apmail-directory-users-archive@www.apache.org Delivered-To: apmail-directory-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B432BDE58 for ; Thu, 21 Feb 2013 11:32:50 +0000 (UTC) Received: (qmail 14170 invoked by uid 500); 21 Feb 2013 11:32:50 -0000 Delivered-To: apmail-directory-users-archive@directory.apache.org Received: (qmail 14059 invoked by uid 500); 21 Feb 2013 11:32:50 -0000 Mailing-List: contact users-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@directory.apache.org Delivered-To: mailing list users@directory.apache.org Received: (qmail 14041 invoked by uid 99); 21 Feb 2013 11:32:50 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 11:32:50 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of pdemitrio@scoop-gmbh.de designates 74.125.83.45 as permitted sender) Received: from [74.125.83.45] (HELO mail-ee0-f45.google.com) (74.125.83.45) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 Feb 2013 11:32:45 +0000 Received: by mail-ee0-f45.google.com with SMTP id b57so4557243eek.18 for ; Thu, 21 Feb 2013 03:32:23 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:content-type:x-gm-message-state; bh=BWNNbAdeRgVhc5XmkH2iJZnAk4m0kh16Yn+FElfhMlo=; b=l+Wr2x7tYU7TjR9tEPBAvdw9qSmJdDfqbIahboJ72Z4O0LY0WN0ssXwqzXnqdz0Ct4 07yAn6pk7LEeG8S6DlOcAen/cNpZ5EHHdqgm8Ijp9pzAfuxFri2pbztqkdW3e2eyzxNq lVRf1KOBhYOs4/dMV9n+tKtiMfVIx9zHgOF7q0U67YBaqu5rNvI1tjZO4I1CNhOp7FwY HYLFiz+6RXfe7sk2OyUcn1JeSYdUufiIKlIVGcLu7c8KFj0BQ79C6j3sE8NoLri+nezF XgAx0tlbkvH7sA9wyc/KD6rgO/KssOT5c9Em8KU5FoduTybjkL8RiGHo6/vHeExESEqZ Tp9A== MIME-Version: 1.0 X-Received: by 10.14.216.2 with SMTP id f2mr80050530eep.44.1361446343095; Thu, 21 Feb 2013 03:32:23 -0800 (PST) Received: by 10.14.47.12 with HTTP; Thu, 21 Feb 2013 03:32:22 -0800 (PST) In-Reply-To: References: Date: Thu, 21 Feb 2013 12:32:22 +0100 Message-ID: Subject: Re: [ApacheDS] Never reaching PasswordPolicyImpl in custom server From: Patricio Demitrio To: users@directory.apache.org Content-Type: multipart/alternative; boundary=e89a8f22c4dba935e304d63a6d7b X-Gm-Message-State: ALoCoQlbhz7OziUfZndc4DEPCPy0qvlNkb/c2BdQADxErwocVyXH4Es4hk9n/TpRqen5FRrEBx6d X-Virus-Checked: Checked by ClamAV on apache.org --e89a8f22c4dba935e304d63a6d7b Content-Type: text/plain; charset=ISO-8859-1 That code is my original server configuration. Searching in the log file (the really big one), I can see how the password policy is loaded. Here are some random entries, just to give you an idea: - 2013.02.21 10:49:45,239 DEBUG [main] org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry [] - registered ads-passwordPolicy for OID 1.3.6.1.4.1.18060.0.4.1.3.900 2013.02.21 10:49:45,239 DEBUG [main] org.apache.directory.api.ldap.model.schema.registries.Registries [] - registered ads-passwordPolicy for OID 1.3.6.1.4.1.18060.0.4.1.3.900 2013.02.21 10:50:00,437 DEBUG [main] org.apache.directory.server.config.ConfigPartitionReader [] - Reading from 'ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config', objectClass 'ads-passwordPolicy' 2013.02.21 10:50:00,439 DEBUG [main] org.apache.directory.server.config.ConfigPartitionReader [] - The top level object class is ads-passwordPolicy 2013.02.21 10:50:00,439 DEBUG [main] org.apache.directory.server.config.ConfigPartitionReader [] - Bean org.apache.directory.server.config.beans.PasswordPolicyBean created for ObjectClass ads-passwordPolicy change password policy category count : 0 change password policy password length : 0 change password policy token size : 0 On Thu, Feb 21, 2013 at 12:26 PM, Kiran Ayyagari wrote: > On Thu, Feb 21, 2013 at 4:42 PM, Patricio Demitrio > wrote: > > > I added it. Here's my code: > > ------------- > > configPartition = new SingleFileLdifPartition( schemaManager ); > > configPartition.setId( "config" ); > > configPartition.setPartitionPath( confFile.toURI() ); > > configPartition.setSuffixDn( new Dn( schemaManager, "ou=config" ) ); > > configPartition.setSchemaManager( schemaManager ); > > configPartition.initialize(); > > > > cpReader = new ConfigPartitionReader( configPartition ); > > > > configBean = cpReader.readConfig(); > > > > service.addPartition(configPartition); > > > > the config.ldif file I'm using is the one that comes by default with > apache > > ds > > > > and still you are not able to read password policy configuration? > > > Thanks > > > > > > On Thu, Feb 21, 2013 at 12:08 PM, Kiran Ayyagari > >wrote: > > > > > are you using an embedded server? if yes then the config partition is > not > > > available unless you add it > > > > > > On Thu, Feb 21, 2013 at 4:31 PM, Patricio Demitrio > > > wrote: > > > > > > > Hi, I'm trying to access the password policy options with a custom > > server > > > > installation and I'm not able to reach it. I'm able to reach it with > a > > > > normal ldap server > > > > > > > > I have both complete log files (Over 1GB) so if someone can help me, > I > > > can > > > > look up the precise point where I'm making the error. Here I'm > copying > > > the > > > > moment where the user logs to the system and the password policy > > options > > > > are not loading. Both users have the same attributes > > > > > > > > Here's the log file in a normal apacheds server: > > > > > > > > > > > > > > ----------------------------------------------------------------------------- > > > > [15:52:41] DEBUG > > > [org.apache.directory.server.core.DefaultOperationManager] > > > > - >> BindOperation : BindContext for Dn > 'uid=user1,dc=example,dc=com', > > > > credentials <0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 > > > > > [15:52:41] DEBUG > > > > [org.apache.directory.server.core.authn.AuthenticationInterceptor] - > > > > Operation Context: BindContext for Dn 'uid=user1,dc=example,dc=com', > > > > credentials <0x70 0x61 0x73 0x73 0x77 0x6F 0x72 0x64 > > > > > [15:52:41] DEBUG > > > > [org.apache.directory.server.core.authn.AbstractAuthenticator] - > > > > Authenticating uid=user1,dc=example,dc=com > > > > [15:52:41] DEBUG > > > > [org.apache.directory.server.core.authn.AbstractAuthenticator] - > > checking > > > > if account with the Dn uid=user1,dc=example,dc=com is locked > > > > [15:52:41] DEBUG > > > > > > > > > > > > > > [org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry] > > > > - Found ATTRIBUTE_TYPE ( 1.3.6.1.4.1.42.2.27.8.1.17 > > > > NAME 'pwdAccountLockedTime' > > > > DESC The time an user account was locked > > > > EQUALITY generalizedTimeMatch > > > > ORDERING generalizedTimeOrderingMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 > > > > SINGLE-VALUE > > > > NO-USER-MODIFICATION > > > > USAGE directoryOperation > > > > ) > > > > with oid: pwdaccountlockedtime > > > > [15:52:41] DEBUG > > > > > > > > > > > > > > [org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry] > > > > - Found ATTRIBUTE_TYPE ( 1.3.6.1.4.1.42.2.27.8.1.27 > > > > NAME 'pwdStartTime' > > > > DESC The time the password becomes enabled > > > > EQUALITY generalizedTimeMatch > > > > ORDERING generalizedTimeOrderingMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 > > > > SINGLE-VALUE > > > > NO-USER-MODIFICATION > > > > USAGE directoryOperation > > > > ) > > > > with oid: pwdstarttime > > > > [15:52:41] DEBUG > > > > > > > > > > > > > > [org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry] > > > > - Found ATTRIBUTE_TYPE ( 1.3.6.1.4.1.42.2.27.8.1.28 > > > > NAME 'pwdEndTime' > > > > DESC The time the password becomes disabled > > > > EQUALITY generalizedTimeMatch > > > > ORDERING generalizedTimeOrderingMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 > > > > SINGLE-VALUE > > > > NO-USER-MODIFICATION > > > > USAGE directoryOperation > > > > ) > > > > with oid: pwdendtime > > > > [15:52:41] DEBUG > > > > > > > > > > > > > > [org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry] > > > > - Found ATTRIBUTE_TYPE ( 2.5.4.35 > > > > NAME 'userPassword' > > > > DESC RFC2256/2307: password of user > > > > EQUALITY octetStringMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 > > > > USAGE userApplications > > > > ) > > > > with oid: userpassword > > > > [15:52:41] DEBUG > > > > [org.apache.directory.server.core.authn.AbstractAuthenticator] - > > > > uid=user1,dc=example,dc=com Authenticated > > > > [15:52:41] DEBUG > > > > > > > > > > > > > > [org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry] > > > > - Found ATTRIBUTE_TYPE ( 2.5.4.0 > > > > NAME 'objectClass' > > > > DESC RFC2256: object classes of the entity > > > > EQUALITY objectIdentifierMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 > > > > USAGE userApplications > > > > ) > > > > with oid: objectclass > > > > [15:52:41] DEBUG > > > [org.apache.directory.server.core.DefaultOperationManager] > > > > - << BindOperation successful > > > > [15:52:41] DEBUG > > > > > [org.apache.directory.server.ldap.handlers.request.BindRequestHandler] > > - > > > > Returned SUCCESS message: MessageType : BIND_RESPONSE > > > > Message ID : 1 > > > > BindResponse > > > > Ldap Result > > > > Result code : (SUCCESS) success > > > > Matched Dn : 'null' > > > > Diagnostic message : 'null' > > > > > > > > > > > > > > org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyImpl@3ddcc4cdorg.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyImpl > > > > @3ddcc4cd. > > > > [15:52:41] DEBUG [org.apache.mina.core.filterchain.IoFilterEvent] - > > Event > > > > MESSAGE_RECEIVED has been fired for session 2 > > > > [15:52:41] DEBUG > > > > [org.apache.directory.server.ldap.handlers.LdapResponseHandler] - > > Message > > > > Sent : MessageType : BIND_RESPONSE > > > > Message ID : 1 > > > > BindResponse > > > > Ldap Result > > > > Result code : (SUCCESS) success > > > > Matched Dn : 'null' > > > > Diagnostic message : 'null' > > > > > > > > > > > > > > org.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyImpl@3ddcc4cdorg.apache.directory.api.ldap.extras.controls.ppolicy.PasswordPolicyImpl > > > > @3ddcc4cd > > > > > > > > > > > > > > -------------------------------------------------------------------------------------- > > > > > > > > And here's my log file: > > > > > > > > > > > > > > ---------------------------------------------------------------------------------------- > > > > 2013.02.21 11:08:03,002 DEBUG [pool-4-thread-1] > > > > org.apache.directory.server.core.DefaultOperationManager [] - >> > > > > BindOperation : BindContext for Dn 'uid=00000004,dc=company,dc=com', > > > > credentials <0x70 0x77 0x64 0x2D 0x6D 0x6A 0x61 0x63 0x6B 0x73 0x6F > > 0x6E > > > > > > > > 2013.02.21 11:08:03,003 DEBUG [pool-4-thread-1] > > > > org.apache.directory.server.core.authn.AuthenticationInterceptor [] - > > > > Operation Context: BindContext for Dn > 'uid=00000004,dc=company,dc=com', > > > > credentials <0x70 0x77 0x64 0x2D 0x6D 0x6A 0x61 0x63 0x6B 0x73 0x6F > > 0x6E > > > > > > > > 2013.02.21 11:08:03,003 DEBUG [pool-4-thread-1] > > > > org.apache.directory.server.core.authn.AbstractAuthenticator [] - > > > > Authenticating uid=00000004,dc=company,dc=com > > > > 2013.02.21 11:08:03,003 DEBUG [pool-4-thread-1] > > > > org.apache.directory.api.ldap.model.schema.comparators.UuidComparator > > [] > > > - > > > > comparing UUID objects '14752f4b-6106-4ac6-8c22-4557794858f8' with > > > > '15ae738f-dccc-4a72-af03-0476fd644802' > > > > 2013.02.21 11:08:03,003 DEBUG [pool-4-thread-1] > > > > org.apache.directory.api.ldap.model.schema.comparators.UuidComparator > > [] > > > - > > > > comparing UUID objects '14752f4b-6106-4ac6-8c22-4557794858f8' with > > > > '14752f4b-6106-4ac6-8c22-4557794858f8' > > > > 2013.02.21 11:08:03,003 DEBUG [pool-4-thread-1] > > > > > > > > > > > > > > org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry > > > > [] - Found ATTRIBUTE_TYPE ( 2.5.4.35 > > > > NAME 'userPassword' > > > > DESC RFC2256/2307: password of user > > > > EQUALITY octetStringMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 > > > > USAGE userApplications > > > > ) > > > > with oid: userpassword > > > > 2013.02.21 11:08:03,005 DEBUG [pool-4-thread-1] > > > > org.apache.directory.server.core.authn.AbstractAuthenticator [] - > > > > uid=00000004,dc=company,dc=com Authenticated > > > > 2013.02.21 11:08:03,005 DEBUG [pool-4-thread-1] > > > > > > > > > > > > > > org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry > > > > [] - Found ATTRIBUTE_TYPE ( 2.5.4.0 > > > > NAME 'objectClass' > > > > DESC RFC2256: object classes of the entity > > > > EQUALITY objectIdentifierMatch > > > > SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 > > > > USAGE userApplications > > > > ) > > > > with oid: objectclass > > > > 2013.02.21 11:08:03,005 DEBUG [pool-4-thread-1] > > > > org.apache.directory.server.core.DefaultOperationManager [] - << > > > > BindOperation successful > > > > 2013.02.21 11:08:03,006 DEBUG [pool-4-thread-1] > > > > org.apache.directory.server.ldap.handlers.request.BindRequestHandler > > [] - > > > > Returned SUCCESS message: MessageType : BIND_RESPONSE > > > > Message ID : 1 > > > > BindResponse > > > > Ldap Result > > > > Result code : (SUCCESS) success > > > > Matched Dn : 'null' > > > > Diagnostic message : 'null' > > > > . > > > > 2013.02.21 11:08:03,006 DEBUG [pool-4-thread-1] > > > > org.apache.mina.core.filterchain.IoFilterEvent [] - Event > > > MESSAGE_RECEIVED > > > > has been fired for session 2 > > > > 2013.02.21 11:08:03,006 DEBUG [NioProcessor-3] > > > > org.apache.directory.server.ldap.handlers.LdapResponseHandler [] - > > > Message > > > > Sent : MessageType : BIND_RESPONSE > > > > Message ID : 1 > > > > BindResponse > > > > Ldap Result > > > > Result code : (SUCCESS) success > > > > Matched Dn : 'null' > > > > Diagnostic message : 'null' > > > > > > > > > > > > > > --------------------------------------------------------------------------------------------------------------- > > > > > > > > > > > > Thanks in advance > > > > Patricio > > > > > > > > > > > > > > > > -- > > > Kiran Ayyagari > > > http://keydap.com > > > > > > > > > -- > Kiran Ayyagari > http://keydap.com > --e89a8f22c4dba935e304d63a6d7b--