directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Minder <kevin.min...@hortonworks.com>
Subject Re: WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
Date Tue, 26 Nov 2013 18:36:24 GMT
> there is no way to do this using any API
I take this to mean there is no API to do this programmatically.
So it seems like I have two choices.

1) Copy DefaultDirectoryServiceFactory and change the implementation of 
initSystemPartition so that the admin user has a non-default password.  
Looking at the current implementation of this method it isn't clear how 
that would be done.

2) Use LdapConnection.modify request to set the admin's password. I'd 
like to see an example of that but I don't think this will solve my 
problem as the server needs to come up to service that request and 
therefore the WARNing will be output.

So it seems like the only possible solution to both of my issues is 
likely to copy and modify DefaultDirectoryServiceFactory.  Here I'll say 
that the reason I'm in this position now is because the version of this 
I had before was based on ApacheDS 1.5.5 and this needs to be totally 
rewritten for 2.0.0.  I'd really like to be able to use something 
maintained by ApacheDS for this use case.  I understand that my use case 
may not be important to the ApacheDS community.

On 11/26/13 12:47 PM, Kiran Ayyagari wrote:
> On Tue, Nov 26, 2013 at 8:28 PM, Kevin Minder
> <kevin.minder@hortonworks.com>wrote:
>
>> I'm trying to provide a very, very simple demo LDAP server for use with my
>> project.  I've managed to create one that is working using the code at the
>> bottom.  However it emits the following two WARN lines when started.
>>   Ideally I'd like to get rid of these as to not confuse/concern my users.
>>
>> The first one looks like it could be solved by creating a copy of
>> DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
>> rather not do that.
>>
>> The second one I really have no idea how to resolve.  I'd be fine with
>> setting an instance specific password but it isn't clear what API should be
>> used or if that would fit into the way the DefaultDirectoryServiceFactory
>> handles the DefaultDirectoryService lifecycle.
>>
>> there is no way to do this using any API
>> I can provide a very simple maven project to illustrate if that would will
>> help someone help me.  BTW setting the logger level won't work for me
>> because I do want any bind authentication failures to be output and these
>> are WARNs too.
>>
>> [09:47:45] WARN [org.apache.directory.server.core.DefaultDirectoryService]
>> - ApacheDS shutdown hook has NOT been registered with the runtime. This
>> default setting for standalone operation has been overriden.
>> [09:47:46] WARN [org.apache.directory.server.core.DefaultDirectoryService]
>> - You didn't change the admin password of directory service instance
>> 'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'.  Please update the admin password
>> as soon as possible to prevent a possible security breach.
>>
>>    public SimpleLdapServer( String rootDn, File usersLdif, Transport...
>> transports ) throws Exception {
>>      factory = new DefaultDirectoryServiceFactory();
>>      factory.init( UUID.randomUUID().toString() );
>>      service = factory.getDirectoryService();
>>
>>      Partition partition = factory.getPartitionFactory().createPartition(
>>          service.getSchemaManager(), "users", rootDn, 500,
>> service.getInstanceLayout().getInstanceDirectory() );
>>      service.addPartition( partition );
>>
>>      CoreSession session = service.getAdminSession();
>>      LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
>>      lfl.execute();
>>
>>      server = new LdapServer();
>>      server.setTransports( transports );
>>      server.setDirectoryService( service );
>>      service.startup();
>>      server.start();
>>    }
>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender immediately
>> and delete it from your system. Thank You.
>>
>
>


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message