directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Isenhour, Justin" <Justin.Isenh...@compass-usa.com>
Subject RE: [Ext] Re: [ApacheDS] How to clear cached authentication on change of custom attribute
Date Fri, 08 Dec 2017 18:32:19 GMT
Emmanuel,

I tried this but it doesn't seem to work.  I added the code you recommended, when I login
the first time I see the log statements showing the attempt to invalidate the cache but when
I try to login a second time my custom authenticator is never invoked.  I also tried adding
the modify event in an attempt to invalidate the cache when the account is modified, I again
see the log entries showing the attempt to invalidate the cache but again when I try to login
I do not see my code getting called at all.  Any other suggestions.  Log entries below, updated
code attached.

First Login

INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Intercepting bind operation
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing parent level bind events first
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing custom bind events
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to validate status attribute for uId justin.isenhour@compass-usa.com
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Status for justin.isenhour@compass-usa.com is active
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to validate pwdReset attribute for uId justin.isenhour@compass-usa.com
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- pwdReset for justin.isenhour@compass-usa.com is FALSE
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to invalidate the cache for uid=justin.isenhour@compass-usa.com,ou=CommittedMembers,ou=people,dc=test,dc=com
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Attempting to set lastLogon attribute for uId justin.isenhour@compass-usa.com
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- lastLogon should be set now
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:05] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Done with custom bind action, calling next operation
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Intercepting bind operation
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing parent level bind events first
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Executing custom bind events
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] INFO [com.cga.aaims.ldap.apacheds.interceptor.AAIMSAuthenticationInterceptor]
- Done with custom bind action, calling next operation
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored
INFO   | jvm 1    | 2017/12/08 13:18:06 | [13:18:06] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored


Second Login

INFO   | jvm 1    | 2017/12/08 13:19:00 | [13:19:00] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored
INFO   | jvm 1    | 2017/12/08 13:19:00 | [13:19:00] WARN [org.apache.directory.server.core.api.interceptor.context.FilteringOperationContext]
- Requested attribute pwdLastSet does not exist in the schema, it will be ignored


Thanks,
Justin Isenhour | Lead Developer, Systems and Technology Group | Compass Group USA |  2400
Yorkmont Road | Charlotte, NC 28217 | 704.328.5804 | justin.isenhour@compass-usa.com




-----Original Message-----
From: Emmanuel Lécharny [mailto:elecharny@gmail.com] 
Sent: Thursday, December 7, 2017 5:35 PM
To: users@directory.apache.org
Subject: Re: [Ext] Re: [ApacheDS] How to clear cached authentication on change of custom attribute



Le 07/12/2017 à 22:34, Isenhour, Justin a écrit :
> A couple of things I have noticed.  I am not able to access the authenticator, my custom
interceptor extends AuthenticationInterceptor which has a collection of authenticators but
that collection is private.  The other thing I have noticed is that if the user account in
question is already cached then my custom bind event is never called, so changes made here
would have no impact.  Thoughts?

Ah, right, my proposal was not crrect because you would have to have access to an authenticator
beforehand.

But you can somehow fetch one using the getAuthenticators() method, which is public in the
AuthenticationInterceptor parent class, iterate on each authenticator and call the invalidateCache()
method on each one.
That should work (yeah, I know, kind of a hack...)


--
Emmanuel Lecharny

Symas.com
directory.apache.org

Mime
View raw message