directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Minder <kevin.min...@hortonworks.com>
Subject Re: WARNings from DefaultDirectoryServiceFactory/DefaultDirectoryService
Date Tue, 26 Nov 2013 21:35:35 GMT
Thanks for the input Kiran.  Turns out to do what you suggest requires 
some minor refactoring.
I filed a jira for that and uploaded a patch with the required changes.
DIRSERVER-1920: Refactor 
DefaultDirectoryServiceFactory/DefaultDirectoryService for extensibility
https://issues.apache.org/jira/browse/DIRSERVER-1920

On 11/26/13 1:50 PM, Kiran Ayyagari wrote:
> On Wed, Nov 27, 2013 at 12:06 AM, Kevin Minder <kevin.minder@hortonworks.com
>> wrote:
>> there is no way to do this using any API
>> I take this to mean there is no API to do this programmatically.
>> So it seems like I have two choices.
>>
>> 1) Copy DefaultDirectoryServiceFactory and change the implementation of
>> initSystemPartition so that the admin user has a non-default password.
>>   Looking at the current implementation of this method it isn't clear how
>> that would be done.
>>
>> no, this method won't help, you need to do in the below mentioned way (if
> you really want to solve this!!)
>
> 1.  extend DefaultDirectoryService and overwrite the startup() method with
> all the lines
>       except for the call to showSecurityWarnings()
> 2. instantiate the above created custom DirectoryService in your custom
> DirectoryService factory
>
>
>> 2) Use LdapConnection.modify request to set the admin's password. I'd like
>> to see an example of that but I don't think this will solve my problem as
>> the server needs to come up to service that request and therefore the
>> WARNing will be output.
>>
>> So it seems like the only possible solution to both of my issues is likely
>> to copy and modify DefaultDirectoryServiceFactory.  Here I'll say that
>> the reason I'm in this position now is because the version of this I had
>> before was based on ApacheDS 1.5.5 and this needs to be totally rewritten
>> for 2.0.0.  I'd really like to be able to use something maintained by
>> ApacheDS for this use case.  I understand that my use case may not be
>> important to the ApacheDS community.
>>
>> ya this is a warning that _must_ be shown
>> On 11/26/13 12:47 PM, Kiran Ayyagari wrote:
>>
>>> On Tue, Nov 26, 2013 at 8:28 PM, Kevin Minder
>>> <kevin.minder@hortonworks.com>wrote:
>>>
>>>   I'm trying to provide a very, very simple demo LDAP server for use with
>>>> my
>>>> project.  I've managed to create one that is working using the code at
>>>> the
>>>> bottom.  However it emits the following two WARN lines when started.
>>>>    Ideally I'd like to get rid of these as to not confuse/concern my
>>>> users.
>>>>
>>>> The first one looks like it could be solved by creating a copy of
>>>> DefaultDirectoryServiceFactory and registering a shutdown hook, but I'd
>>>> rather not do that.
>>>>
>>>> The second one I really have no idea how to resolve.  I'd be fine with
>>>> setting an instance specific password but it isn't clear what API should
>>>> be
>>>> used or if that would fit into the way the DefaultDirectoryServiceFactory
>>>> handles the DefaultDirectoryService lifecycle.
>>>>
>>>> there is no way to do this using any API
>>>> I can provide a very simple maven project to illustrate if that would
>>>> will
>>>> help someone help me.  BTW setting the logger level won't work for me
>>>> because I do want any bind authentication failures to be output and these
>>>> are WARNs too.
>>>>
>>>> [09:47:45] WARN [org.apache.directory.server.
>>>> core.DefaultDirectoryService]
>>>> - ApacheDS shutdown hook has NOT been registered with the runtime. This
>>>> default setting for standalone operation has been overriden.
>>>> [09:47:46] WARN [org.apache.directory.server.
>>>> core.DefaultDirectoryService]
>>>> - You didn't change the admin password of directory service instance
>>>> 'ac3a5495-5d28-4e7e-987d-654efa9cb6a9'.  Please update the admin
>>>> password
>>>> as soon as possible to prevent a possible security breach.
>>>>
>>>>     public SimpleLdapServer( String rootDn, File usersLdif, Transport...
>>>> transports ) throws Exception {
>>>>       factory = new DefaultDirectoryServiceFactory();
>>>>       factory.init( UUID.randomUUID().toString() );
>>>>       service = factory.getDirectoryService();
>>>>
>>>>       Partition partition = factory.getPartitionFactory().
>>>> createPartition(
>>>>           service.getSchemaManager(), "users", rootDn, 500,
>>>> service.getInstanceLayout().getInstanceDirectory() );
>>>>       service.addPartition( partition );
>>>>
>>>>       CoreSession session = service.getAdminSession();
>>>>       LdifFileLoader lfl = new LdifFileLoader( session, usersLdif, null );
>>>>       lfl.execute();
>>>>
>>>>       server = new LdapServer();
>>>>       server.setTransports( transports );
>>>>       server.setDirectoryService( service );
>>>>       service.startup();
>>>>       server.start();
>>>>     }
>>>>
>>>> --
>>>> CONFIDENTIALITY NOTICE
>>>> NOTICE: This message is intended for the use of the individual or entity
>>>> to which it is addressed and may contain information that is
>>>> confidential,
>>>> privileged and exempt from disclosure under applicable law. If the reader
>>>> of this message is not the intended recipient, you are hereby notified
>>>> that
>>>> any printing, copying, dissemination, distribution, disclosure or
>>>> forwarding of this communication is strictly prohibited. If you have
>>>> received this communication in error, please contact the sender
>>>> immediately
>>>> and delete it from your system. Thank You.
>>>>
>>>>
>>>
>> --
>> CONFIDENTIALITY NOTICE
>> NOTICE: This message is intended for the use of the individual or entity
>> to which it is addressed and may contain information that is confidential,
>> privileged and exempt from disclosure under applicable law. If the reader
>> of this message is not the intended recipient, you are hereby notified that
>> any printing, copying, dissemination, distribution, disclosure or
>> forwarding of this communication is strictly prohibited. If you have
>> received this communication in error, please contact the sender immediately
>> and delete it from your system. Thank You.
>>
>
>


-- 
CONFIDENTIALITY NOTICE
NOTICE: This message is intended for the use of the individual or entity to 
which it is addressed and may contain information that is confidential, 
privileged and exempt from disclosure under applicable law. If the reader 
of this message is not the intended recipient, you are hereby notified that 
any printing, copying, dissemination, distribution, disclosure or 
forwarding of this communication is strictly prohibited. If you have 
received this communication in error, please contact the sender immediately 
and delete it from your system. Thank You.

Mime
View raw message