directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: [Ext] Re: [ApacheDS] How to clear cached authentication on change of custom attribute
Date Fri, 08 Dec 2017 18:53:21 GMT
In the attached code, you invalidate the cache *after* the super.bind()
call. That won't work. Invalidate the cache before.

Le 08/12/2017 à 19:32, Isenhour, Justin a écrit :
> Emmanuel,
> 
> I tried this but it doesn't seem to work.  I added the code you recommended, when I login
the first time I see the log statements showing the attempt to invalidate the cache but when
I try to login a second time my custom authenticator is never invoked.  I also tried adding
the modify event in an attempt to invalidate the cache when the account is modified, I again
see the log entries showing the attempt to invalidate the cache but again when I try to login
I do not see my code getting called at all.  Any other suggestions.  Log entries below, updated
code attached.
> 
> First Login
> 
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Intercepting bind operation
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing parent level bind events first
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing custom bind events
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to validate status attribute for uId justin.isenhour@compass-usa.com
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Status for justin.isenhour@compass-usa.com is active
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to validate pwdReset attribute for uId justin.isenhour@compass-usa.com
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- pwdReset for justin.isenhour@compass-usa.com is FALSE
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to invalidate the cache for uid=justin.isenhour@compass-usa.com,ou=CommittedMembers,ou=people,dc=test,dc=com
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to set lastLogon attribute for uId justin.isenhour@compass-usa.com
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- lastLogon should be set now
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Done with custom bind action, calling next operation
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Intercepting bind operation
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing parent level bind events first
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing custom bind events
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Done with custom bind action, calling next operation
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored
> INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored
> 
> 
> Second Login
> 
> INFO   | jvm 1    | 2017/12/08 13:19:00 | [13:19:00] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored
> INFO   | jvm 1    | 2017/12/08 13:19:00 | [13:19:00] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored
> 
> 
> Thanks,
> Justin Isenhour | Lead Developer, Systems and Technology Group | Compass Group USA | 
2400 Yorkmont Road | Charlotte, NC 28217 | 704.328.5804 | justin.isenhour@compass-usa.com
> 
> 
> 
> 
> -----Original Message-----
> From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
> Sent: Thursday, December 7, 2017 5:35 PM
> To: users@directory.apache.org
> Subject: Re: [Ext] Re: [ApacheDS] How to clear cached authentication on change of custom
attribute
> 
> 
> 
> Le 07/12/2017 à 22:34, Isenhour, Justin a écrit :
>> A couple of things I have noticed.  I am not able to access the authenticator, my
custom interceptor extends AuthenticationInterceptor which has a collection of authenticators
but that collection is private.  The other thing I have noticed is that if the user account
in question is already cached then my custom bind event is never called, so changes made here
would have no impact.  Thoughts?
> 
> Ah, right, my proposal was not crrect because you would have to have access to an authenticator
beforehand.
> 
> But you can somehow fetch one using the getAuthenticators() method, which is public in
the AuthenticationInterceptor parent class, iterate on each authenticator and call the invalidateCache()
method on each one.
> That should work (yeah, I know, kind of a hack...)
> 
> 
> --
> Emmanuel Lecharny
> 
> Symas.com
> directory.apache.org
> 

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org


Mime
View raw message