Hello, Stumbled on this today. The error occurs adding entry to directory and constraint violation occurs. The error is expected as I’m manipulating an pw policy attribute that is DSA controlled.
I’ve changed the code on adds to be able to forward the DSA control: ``` AddRequest addRequest = new AddRequestImpl(); addRequest.setEntry( entry ); if ( setManagedDsa ) { ManageDsaIT mControl = new ManageDsaITImpl(); mControl.setCritical( true ); addRequest.addControl( mControl ); } AddResponse response = connection.add( addRequest ); ``` FWIW I’ve also done it this way: ``` addRequest.addControl( new ManageDsaITImpl(); ); ``` With this newly modified code I wouldn’t expect to get an error from server, but let’s set that concern aside for a moment. What I REALLY don't expect is for the server exception to be eaten by the API. It happens line 566 of class (v1.3): } else { LOG.debug("Add failed : {}", addResponse); } I’ve stepped through it, the server returns in response to the add (with pwpolicy operational attr): ``` Ldap Result Result code : (CONSTRAINT_VIOLATION) constraintViolation Matched Dn : '' Diagnostic message : 'pwdPolicySubentry: no user modification allowed’ ``` A more complete excerpt of LDAP API code add method: ``` LdapNetworkConnection public AddResponse add(AddRequest addRequest) throws LdapException { ... try { AddResponse addResponse = (AddResponse)addFuture.get(this.timeout, TimeUnit.MILLISECONDS); if (addResponse == null) { LOG.error("Add failed : timeout occurred"); throw new LdapException("TimeOut occurred"); } else { if (addResponse.getLdapResult().getResultCode() == ResultCodeEnum.SUCCESS) { LOG.debug("Add successful : {}", addResponse); } else { LOG.debug("Add failed : {}", addResponse); } return addResponse; } … ``` Please advise on if you think this is a bug (eating exception). I’ll follow-up with another thread on the *why* the server's returning the exception in the first place but I need to investigate a bit more (may be problem on server OpenLDAP 2.5.3 beta). — Shawn --------------------------------------------------------------------- To unsubscribe, e-mail: api-unsubscr...@directory.apache.org For additional commands, e-mail: api-h...@directory.apache.org