Re: Weird error under java 17

2022-05-04 Thread Maxim Solodovnik 
Done https://issues.apache.org/jira/browse/DIR-341
sorry for delay :(

On Thu, 28 Apr 2022 at 19:04, Emmanuel Lécharny  wrote:
>
> Hi Maxim,
>
> glad it solve dthe issue.
>
> As noted, is just a workaround. Would you be kind and fill a JIRA to get
> this fixed in a coming release ?
>
> Many thanks !
>
>
> On 28/04/2022 09:06, Maxim Solodovnik wrote:
> > Hello Emmanuel,
> >
> > On Fri, 22 Apr 2022 at 03:07, Emmanuel Lécharny  wrote:
> >>
> >> Hi Maxim,
> >>
> >> that is most certainly a side effect of Java 16 removal of some libs and
> >> classes.
> >>
> >> You may try to launch the test with this added JVM argument:
> >>
> >> --add-opens=java.base/sun.security.x509=ALL-UNNAMED
> >
> > Thanks a million!
> >
> > --add-opens=java.base/sun.security.util=ALL-UNNAMED
> > --add-opens=java.base/sun.security.x509=ALL-UNNAMED
> >
> > did the job :)
> >
> >>
> >> In the long run, we might hae to migrate to Bouncy Castle for tjis
> >> specific class.
> >>
> >> On 21/04/2022 11:48, Maxim Solodovnik wrote:
> >>> Hello All,
> >>>
> >>> Everything works as expected under java 8/11
> >>> but I'm trying latest LTS right now :)
> >>>
> >>> and got following error:
> >>>
> >>> [ERROR]   TestLdap » IllegalAccess class
> >>> org.apache.directory.server.core.security.CertificateUtil (in unnamed
> >>> module @0x4de8b406) cannot access class sun.security.x509.X500Name (in
> >>> module java.base) because module java.base does not export
> >>> sun.security.x509 to unnamed module @0x4de8b406
> >>>
> >>> CertificateUtil is located in apacheds-core-2.0.0.AM26
> >>>
> >>> I'm not sure how to address this :(
> >>> Any help is appreciated :)
> >>>
> >>>
> >>
> >> --
> >> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
> >> T. +33 (0)4 89 97 36 50
> >> P. +33 (0)6 08 33 32 61
> >> emmanuel.lecha...@busit.com https://www.busit.com/
> >>
> >> -
> >> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
> >> For additional commands, e-mail: users-h...@directory.apache.org
> >>
> >
> >
>
> --
> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
> T. +33 (0)4 89 97 36 50
> P. +33 (0)6 08 33 32 61
> emmanuel.lecha...@busit.com https://www.busit.com/



-- 
Best regards,
Maxim

-
To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
For additional commands, e-mail: users-h...@directory.apache.org

Re: Weird error under java 17

2022-04-28 Thread Maxim Solodovnik 
Hello Emmanuel,

On Fri, 22 Apr 2022 at 03:07, Emmanuel Lécharny  wrote:
>
> Hi Maxim,
>
> that is most certainly a side effect of Java 16 removal of some libs and
> classes.
>
> You may try to launch the test with this added JVM argument:
>
> --add-opens=java.base/sun.security.x509=ALL-UNNAMED

Thanks a million!

--add-opens=java.base/sun.security.util=ALL-UNNAMED
--add-opens=java.base/sun.security.x509=ALL-UNNAMED

did the job :)

>
> In the long run, we might hae to migrate to Bouncy Castle for tjis
> specific class.
>
> On 21/04/2022 11:48, Maxim Solodovnik wrote:
> > Hello All,
> >
> > Everything works as expected under java 8/11
> > but I'm trying latest LTS right now :)
> >
> > and got following error:
> >
> > [ERROR]   TestLdap » IllegalAccess class
> > org.apache.directory.server.core.security.CertificateUtil (in unnamed
> > module @0x4de8b406) cannot access class sun.security.x509.X500Name (in
> > module java.base) because module java.base does not export
> > sun.security.x509 to unnamed module @0x4de8b406
> >
> > CertificateUtil is located in apacheds-core-2.0.0.AM26
> >
> > I'm not sure how to address this :(
> > Any help is appreciated :)
> >
> >
>
> --
> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE
> T. +33 (0)4 89 97 36 50
> P. +33 (0)6 08 33 32 61
> emmanuel.lecha...@busit.com https://www.busit.com/
>
> -
> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
> For additional commands, e-mail: users-h...@directory.apache.org
>


-- 
Best regards,
Maxim

-
To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
For additional commands, e-mail: users-h...@directory.apache.org

Weird error under java 17

2022-04-21 Thread Maxim Solodovnik 
Hello All,

Everything works as expected under java 8/11
but I'm trying latest LTS right now :)

and got following error:

[ERROR]   TestLdap » IllegalAccess class
org.apache.directory.server.core.security.CertificateUtil (in unnamed
module @0x4de8b406) cannot access class sun.security.x509.X500Name (in
module java.base) because module java.base does not export
sun.security.x509 to unnamed module @0x4de8b406

CertificateUtil is located in apacheds-core-2.0.0.AM26

I'm not sure how to address this :(
Any help is appreciated :)


-- 
Best regards,
Maxim

-
To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
For additional commands, e-mail: users-h...@directory.apache.org

Re: Need help with LDAP test data

2020-04-15 Thread Maxim Solodovnik 
Thanks for the quick responses

Why I started to looks at referrals:
We are providing users with the config for setting up LDAP integration
One of the config parameters is "Ldap deref mode (never, searching,
finding, always)"
which is mapped directly to AliasDerefMode enum

And get this report https://markmail.org/message/n23y45supvgawxmw user
state referrals are not followed in his config
So I would like to write unit test for this :)

I'll check all the links and hopefully will be able to do it :))

On Thu, 16 Apr 2020 at 11:10, Emmanuel Lécharny  wrote:

>
> On 15/04/2020 19:48, Stefan Seelmann wrote:
> > On 4/15/20 7:14 PM, Maxim Solodovnik wrote:
> >> Thanks a lot for detailed response!
> >>
> >> My test LDAP server is created in java unit test
> >>
> https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/java/org/apache/openmeetings/ldap/TestLdap.java#L69
> >>
> >> Shall I start 2 servers to test referrals?
> > I don't think it's required, it totally valid that referrals point to
> > the same server.
>
> You can set a referral on your own server. Just note that the search
> request will be executed using the exact same base DN, which means
> ultimately you are going to loop at some point...
>
> There are a few things to know though :
>
> - the Apache LDAP API does not support referral chasing (ie, you'll get
> the URL, but the API will not try to search it, you'll have to do it)
>
> - as a consequence, the Apache LDAP API does not stop hoping over
> referals after a limit (ie, just stop after 10 hops or whatever limit).
> This is up to you to manage a cycle.
>
> see [1] and [2]
>
>
> [1]
>
> https://issues.apache.org/jira/browse/DIRAPI-61?jql=text%20~%20%22chase%20referrals%22
>
> [2]
> https://issues.apache.org/jira/browse/DIRAPI-179?jql=text%20~%20%22chase%20referrals%22
>
>
> Emmanuel
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
> For additional commands, e-mail: users-h...@directory.apache.org
>
>

-- 
Best regards,
Maxim

Re: Need help with LDAP test data

2020-04-15 Thread Maxim Solodovnik 
Thanks a lot for detailed response!

My test LDAP server is created in java unit test
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/java/org/apache/openmeetings/ldap/TestLdap.java#L69

Shall I start 2 servers to test referrals?


On Thu, 16 Apr 2020 at 00:04, Stefan Seelmann 
wrote:

> On 4/15/20 4:56 PM, Maxim Solodovnik wrote:
> > Current implementation is covered by unit tests (thanks again :))
> > But not my test LDAP [1] need to be tuned to have:
> > 1) referral entry
> > 2) binary attribute
> > I would like to ask for the help with this
> >
> > is it possible to have referral in same ldif file?
>
> Do you have a single test LDAP server running? In that case it's still
> possible to test referrals.
>
> You can inject an referal entry pointing to the same server, it looks
> like in [2]. But you need to adjust the hostname and especially the port
> of the ref attribute in code. Or you run the test LDAP server with a
> fixed port instead of a dynamic/free one which may cause testing issues
> if the port is already in use.
>
> Another option is to inject the referral entry via code like in [3].
>
> > Is it possible to have binary data? if so is there any option to get mime
> > type of this data?
>
> Binary data in LDIF is defined with 2 colons and the base64 encoded
> value. Lines can be wrapped with one leading space for each wrapped
> line. Example in [4].
>
> There is no mime type in LDAP. But attributes types have a syntax which
> defines the type of data (string, number), however in many cases like
> jpegPhoto the syntax is just OctetString which is not very helpful and
> often the data are gifs or bmps...
>
> Kind Regards,
> Stefan
>
> [2]
>
> https://github.com/apache/directory-studio/blob/master/tests/test.integration.ui/src/main/resources/org/apache/directory/studio/test/integration/ui/BrowserTest.ldif#L280
> [3]
>
> https://github.com/apache/directory-studio/blob/master/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/core/DirectoryApiConnectionWrapperTest.java#L133
> [4]
>
> https://github.com/apache/directory-studio/blob/master/tests/test.integration.ui/src/main/resources/org/apache/directory/studio/test/integration/ui/EntryEditorTest.ldif#L28
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org
> For additional commands, e-mail: users-h...@directory.apache.org
>
>

-- 
Best regards,
Maxim

Need help with LDAP test data

2020-04-15 Thread Maxim Solodovnik 
Hello,

I'm not LDAP expert
but until now was able to provide users of our project with working LDAP
integration (thanks to your ldap-api library)

Current implementation is covered by unit tests (thanks again :))
But not my test LDAP [1] need to be tuned to have:
1) referral entry
2) binary attribute
I would like to ask for the help with this

is it possible to have referral in same ldif file?
Is it possible to have binary data? if so is there any option to get mime
type of this data?
maybe someone has example? :))

[1]
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif

-- 
Best regards,
Maxim

Re: Directory project big maneuvers...

2019-06-20 Thread Maxim Solodovnik 
Hello Emmanuel,

I'm currently using latest 2.0.0.AM26-SNAPSHOT of apacheds-test-framework
And getting following error while trying to load .ldif file with test users
(
https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif
)

Can someone please help me get rid of this error?

Caused by: java.lang.IllegalArgumentException:
ERR_13247_INVALID_VALUE_CANT_NORMALIZE Invalid upValue, it can't be
normalized
at 
org.apache.directory.api.ldap.model.entry.Value.(Value.java:274)
at 
org.apache.directory.api.ldap.model.entry.DefaultAttribute.createStringValue(DefaultAttribute.java:457)
at 
org.apache.directory.api.ldap.model.entry.DefaultAttribute.add(DefaultAttribute.java:1130)
at 
org.apache.directory.api.ldap.model.entry.DefaultAttribute.(DefaultAttribute.java:254)
at 
org.apache.directory.api.ldap.model.entry.DefaultAttribute.(DefaultAttribute.java:227)
at 
org.apache.directory.api.ldap.model.entry.DefaultEntry.createAttribute(DefaultEntry.java:588)
at 
org.apache.directory.api.ldap.model.entry.DefaultEntry.add(DefaultEntry.java:848)
at 
org.apache.directory.api.ldap.model.entry.DefaultEntry.add(DefaultEntry.java:978)
at 
org.apache.directory.api.ldap.model.ldif.LdifEntry.addAttribute(LdifEntry.java:537)
at 
org.apache.directory.api.ldap.model.ldif.LdifReader.parseAttributeValue(LdifReader.java:1033)
at 
org.apache.directory.api.ldap.model.ldif.LdifReader.parseEntry(LdifReader.java:1589)
at 
org.apache.directory.api.ldap.model.ldif.LdifReader.parseLdif(LdifReader.java:2135)
at 
org.apache.directory.api.ldap.model.ldif.LdifReader.parseLdifFile(LdifReader.java:1869)


On Thu, 20 Jun 2019 at 22:31, Emmanuel Lécharny  wrote:

> Hi !
>
>
> for those who are following what's going on at Directory, and especially
> those trying to extend the project (thinking about Raju), we are
> currently working hard trying to close a LDAP API release, ApacheDS
> release, and Studio release. This comes with a price to pay: a bit of
> instability, a lot of git pull and some associated burden.
>
> The LDAP API project is pretty much in good shape. We had a release a
> couple of weeks ago, and some other changes are under way. We could
> pretty well be able to cut a 2.0.0-RC1 soon.
>
> ApacheDS is in a more complex situation. There are 391 opened issues
> (most of them are already postponed to 2.1: 250 actually). If we focus
> on issues opened for 2.0.0.AM26, we are taking about 30 issues, 121 if
> we include 2.0.0-RC1. This is a loty of work, but we have already fixed
> more or less 30 issues in the last 2 weeks.
>
> Stefan is trying his best to follow up - and is pretty successful in
> that, considering all the pain we create for him ;-) -and Studio is also
> in a good shape.Hopefully, it will be released very soon after ApacheDS
> and LDAP-API will be released.
>
> Fortress migration to 2.0 should not be that problematic.
>
>
> I expect that in the coming weeks we will be able to have a decent
> ApacheDS release, with fixed installers (this is the main burden atm).
>
> That's it, feel free to add something to what I just wrote, Stefan,
> Colm, Shawn or anyone !
>
>
> Emmanuel
>
>
> -
> To unsubscribe, e-mail: api-unsubscr...@directory.apache.org
> For additional commands, e-mail: api-h...@directory.apache.org
>
>

-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-11-01 Thread Maxim Solodovnik 
Looks good :)
Thanks for the help!

On Thu, 1 Nov 2018 at 19:35, Stefan Seelmann 
wrote:

> On 11/1/18 4:07 AM, Maxim Solodovnik wrote:
> > BTW why versions for api-all and apacheds-test-framework are not aligned?
>
> Because the LDAP API (LDAP client and shared libraries) and ApacheDS
> (LDAP server) are different projects with their own release cycles :)
>
>

-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-31 Thread Maxim Solodovnik 
Works for me so far on Apache Jenkins :)
We'll see :)

BTW why versions for api-all and apacheds-test-framework are not aligned?

On Wed, 31 Oct 2018 at 20:30, Adam Levine  wrote:

> As a side note:
>   I was doing a new install recently and decided I would use AM25.
>
>   I don't know if I simply corrupted a file unknowingly, or raised an
> obscure bug in ADStudio... at any rate, using the Studio to add new
> partitions caused AS to fail to restart.  Somewhere the new partitions were
> not properly put in place.  I was able to repeat this several times.
>
> I went back down to 24, and had no problems.
>
> I was going to file a bug for AS/ASD, but was unable to recreate my
> failures again, and I tried several times.
>
> The point of this email is to keep this in mind if you see corruption after
> restarting 25 with new partitions.
>
> Cheers
>


-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-31 Thread Maxim Solodovnik 
Here is it: https://pastebin.com/pbHs3U24
Please let me know if anything need to be changed :)

On Tue, 30 Oct 2018 at 19:59, Maxim Solodovnik  wrote:

> Hello Stefan,
>
> sorry for personal replies (I just hit 'Reply All')
>
> Thanks a lot for the link to apacheds-test-framework
> It works as expected and contains all necessary classes (including
> `CreateLdapServerRule`)
> So I was able to create my first tests :)
>
> Our application uses `api-all` to communicate with LDAP server
> This is why I have "schema conflict"
>
> I'll try to contribute to 7-embedding-apacheds.mdtext
> <https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext>
>  later
> today/tomorrow (was unable to find git repo for site) so will send complete
> file
>
> Thanks a lot for the help!
>
>
> On Tue, 30 Oct 2018 at 02:12, Stefan Seelmann 
> wrote:
>
>> On 10/29/18 1:29 PM, Maxim Solodovnik wrote:
>> > Thanks for the answer Stefan,
>> >
>> > I'm trying to write my first test
>> >
>> > Here are some findings and questions:
>> >
>> > 1) It seems `org.apache.directory.api:api-all` and
>> > `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif
>> > bundled, is it safe to exclude api-ldap-schema-data from
>> > `org.apache.directory.server:apacheds-server-integ` ?
>>
>> As written in the other mail, please don't use server-integ or
>> core-integ as dependency, but apacheds-test-framework.
>>
>> I guess the duplication is because api-all is a fat jar which contains
>> all other api modules and dependences (using maven-shade-plugin). But
>> it's strange that you have api-all, I don't see it as dependency in
>> server-integ (using mvn dependency:tree)...
>>
>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-30 Thread Maxim Solodovnik 
Hello Stefan,

sorry for personal replies (I just hit 'Reply All')

Thanks a lot for the link to apacheds-test-framework
It works as expected and contains all necessary classes (including
`CreateLdapServerRule`)
So I was able to create my first tests :)

Our application uses `api-all` to communicate with LDAP server
This is why I have "schema conflict"

I'll try to contribute to 7-embedding-apacheds.mdtext
<https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext>
later
today/tomorrow (was unable to find git repo for site) so will send complete
file

Thanks a lot for the help!


On Tue, 30 Oct 2018 at 02:12, Stefan Seelmann 
wrote:

> On 10/29/18 1:29 PM, Maxim Solodovnik wrote:
> > Thanks for the answer Stefan,
> >
> > I'm trying to write my first test
> >
> > Here are some findings and questions:
> >
> > 1) It seems `org.apache.directory.api:api-all` and
> > `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif
> > bundled, is it safe to exclude api-ldap-schema-data from
> > `org.apache.directory.server:apacheds-server-integ` ?
>
> As written in the other mail, please don't use server-integ or
> core-integ as dependency, but apacheds-test-framework.
>
> I guess the duplication is because api-all is a fat jar which contains
> all other api modules and dependences (using maven-shade-plugin). But
> it's strange that you have api-all, I don't see it as dependency in
> server-integ (using mvn dependency:tree)...
>


-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-29 Thread Maxim Solodovnik 
It seems it is possible to use multiple DN in one ldif file
I guess my issue was caused by the fact I have created
dn: dc=org

dn: dc.apache,dc=org


in my ldif file, and these DNs seems to be autocreated by ApacheDS

So the only issue remain is: missing sources in maven artifacts :)

Do you think creating @Rule and/or reusable parts out of FrameworkRunner
worth PR?
Or maybe there are some better options?


On Mon, 29 Oct 2018 at 22:45, Maxim Solodovnik  wrote:

> And one more question (hope I'm not asking too much :)))
>
> Is it possible to use embedded LdapServer without using @RunWith ?
> I'm already using @RunWith(SpringJUnit4ClassRunner.class) and it seems
> "There can be the only one (c)" :)
>
> Here is the example how @RunWith can be converted to @Rule
> Maybe common code can be extracted to satisfy both approaches?
>
>
> On Mon, 29 Oct 2018 at 20:17, Maxim Solodovnik 
> wrote:
>
>> Please disregard question #2, It seems to be possible to have only one
>> partition :)
>>
>> What version of apacheds-core-integ
>> <https://mvnrepository.com/artifact/org.apache.directory.server/apacheds-core-integ>
>>  should
>> I use? AM25 seems to be the latest, but its sources artifact somehow
>> contains sources for 1 java file only :( is this known issue? (just double
>> checked [1])
>>
>> [1]
>> http://central.maven.org/maven2/org/apache/directory/server/apacheds-core-integ/2.0.0.AM25/
>>
>> On Mon, 29 Oct 2018 at 19:29, Maxim Solodovnik 
>> wrote:
>>
>>> Thanks for the answer Stefan,
>>>
>>> I'm trying to write my first test
>>>
>>> Here are some findings and questions:
>>>
>>> 1) It seems `org.apache.directory.api:api-all` and
>>> `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif
>>> bundled, is it safe to exclude api-ldap-schema-data from
>>> `org.apache.directory.server:apacheds-server-integ` ?
>>>
>>> 2) it seems it is impossible to have more than 1 DN in ldif file being
>>> loaded with @ApplyLdifFiles. And as far as I understand from
>>> logs @CreatePartition is required for every DN, is this correct?
>>>
>>> 3) Maybe simple test with working config is available somewhere?
>>>
>>> I'll try to create PR for docs as soon as my first test will work :)
>>>
>>>
>>>
>>> On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann 
>>> wrote:
>>>
>>>> Hi Maxim,
>>>>
>>>> we no longer use the Confluence wiki for maintaining the documentation.
>>>> All the pages there are really old (your example was updated 2010), and
>>>> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be
>>>> deleted or at least marked as "outdated", let's discuss and decide that
>>>> in a separate thread.
>>>>
>>>> Documentation was moved to the Apache CMS, but is far from being
>>>> completed. The page you refer should probably be below [1] but is empty.
>>>> So if you want to help better move it there, the source is [2]. As you
>>>> see, documentation is not in a good shape, help is very appreciated.
>>>>
>>>> Kind Regards,
>>>> Stefan
>>>>
>>>> [1]
>>>>
>>>> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html
>>>> [2]
>>>>
>>>> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext
>>>>
>>>>
>>>> On 10/28/18 4:27 PM, Maxim Solodovnik wrote:
>>>> > Hello Emmanuel,
>>>> >
>>>> > It seems this wiki page
>>>> >
>>>> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests
>>>> > Have broken formatting
>>>> > Can you please fix it?
>>>> > Or I can try to do it (but currently don't have enough karma :(  )
>>>> >
>>>> > Thanks in advance!
>>>> >
>>>>
>>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>>
>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-29 Thread Maxim Solodovnik 
And one more question (hope I'm not asking too much :)))

Is it possible to use embedded LdapServer without using @RunWith ?
I'm already using @RunWith(SpringJUnit4ClassRunner.class) and it seems
"There can be the only one (c)" :)

Here is the example how @RunWith can be converted to @Rule
Maybe common code can be extracted to satisfy both approaches?


On Mon, 29 Oct 2018 at 20:17, Maxim Solodovnik  wrote:

> Please disregard question #2, It seems to be possible to have only one
> partition :)
>
> What version of apacheds-core-integ
> <https://mvnrepository.com/artifact/org.apache.directory.server/apacheds-core-integ>
>  should
> I use? AM25 seems to be the latest, but its sources artifact somehow
> contains sources for 1 java file only :( is this known issue? (just double
> checked [1])
>
> [1]
> http://central.maven.org/maven2/org/apache/directory/server/apacheds-core-integ/2.0.0.AM25/
>
> On Mon, 29 Oct 2018 at 19:29, Maxim Solodovnik 
> wrote:
>
>> Thanks for the answer Stefan,
>>
>> I'm trying to write my first test
>>
>> Here are some findings and questions:
>>
>> 1) It seems `org.apache.directory.api:api-all` and
>> `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif
>> bundled, is it safe to exclude api-ldap-schema-data from
>> `org.apache.directory.server:apacheds-server-integ` ?
>>
>> 2) it seems it is impossible to have more than 1 DN in ldif file being
>> loaded with @ApplyLdifFiles. And as far as I understand from
>> logs @CreatePartition is required for every DN, is this correct?
>>
>> 3) Maybe simple test with working config is available somewhere?
>>
>> I'll try to create PR for docs as soon as my first test will work :)
>>
>>
>>
>> On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann 
>> wrote:
>>
>>> Hi Maxim,
>>>
>>> we no longer use the Confluence wiki for maintaining the documentation.
>>> All the pages there are really old (your example was updated 2010), and
>>> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be
>>> deleted or at least marked as "outdated", let's discuss and decide that
>>> in a separate thread.
>>>
>>> Documentation was moved to the Apache CMS, but is far from being
>>> completed. The page you refer should probably be below [1] but is empty.
>>> So if you want to help better move it there, the source is [2]. As you
>>> see, documentation is not in a good shape, help is very appreciated.
>>>
>>> Kind Regards,
>>> Stefan
>>>
>>> [1]
>>>
>>> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html
>>> [2]
>>>
>>> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext
>>>
>>>
>>> On 10/28/18 4:27 PM, Maxim Solodovnik wrote:
>>> > Hello Emmanuel,
>>> >
>>> > It seems this wiki page
>>> >
>>> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests
>>> > Have broken formatting
>>> > Can you please fix it?
>>> > Or I can try to do it (but currently don't have enough karma :(  )
>>> >
>>> > Thanks in advance!
>>> >
>>>
>>>
>>
>> --
>> WBR
>> Maxim aka solomax
>>
>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-29 Thread Maxim Solodovnik 
Please disregard question #2, It seems to be possible to have only one
partition :)

What version of apacheds-core-integ
<https://mvnrepository.com/artifact/org.apache.directory.server/apacheds-core-integ>
should
I use? AM25 seems to be the latest, but its sources artifact somehow
contains sources for 1 java file only :( is this known issue? (just double
checked [1])

[1]
http://central.maven.org/maven2/org/apache/directory/server/apacheds-core-integ/2.0.0.AM25/

On Mon, 29 Oct 2018 at 19:29, Maxim Solodovnik  wrote:

> Thanks for the answer Stefan,
>
> I'm trying to write my first test
>
> Here are some findings and questions:
>
> 1) It seems `org.apache.directory.api:api-all` and
> `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif
> bundled, is it safe to exclude api-ldap-schema-data from
> `org.apache.directory.server:apacheds-server-integ` ?
>
> 2) it seems it is impossible to have more than 1 DN in ldif file being
> loaded with @ApplyLdifFiles. And as far as I understand from
> logs @CreatePartition is required for every DN, is this correct?
>
> 3) Maybe simple test with working config is available somewhere?
>
> I'll try to create PR for docs as soon as my first test will work :)
>
>
>
> On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann 
> wrote:
>
>> Hi Maxim,
>>
>> we no longer use the Confluence wiki for maintaining the documentation.
>> All the pages there are really old (your example was updated 2010), and
>> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be
>> deleted or at least marked as "outdated", let's discuss and decide that
>> in a separate thread.
>>
>> Documentation was moved to the Apache CMS, but is far from being
>> completed. The page you refer should probably be below [1] but is empty.
>> So if you want to help better move it there, the source is [2]. As you
>> see, documentation is not in a good shape, help is very appreciated.
>>
>> Kind Regards,
>> Stefan
>>
>> [1]
>>
>> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html
>> [2]
>>
>> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext
>>
>>
>> On 10/28/18 4:27 PM, Maxim Solodovnik wrote:
>> > Hello Emmanuel,
>> >
>> > It seems this wiki page
>> >
>> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests
>> > Have broken formatting
>> > Can you please fix it?
>> > Or I can try to do it (but currently don't have enough karma :(  )
>> >
>> > Thanks in advance!
>> >
>>
>>
>
> --
> WBR
> Maxim aka solomax
>


-- 
WBR
Maxim aka solomax

Re: Broken formatting in Wiki

2018-10-29 Thread Maxim Solodovnik 
Thanks for the answer Stefan,

I'm trying to write my first test

Here are some findings and questions:

1) It seems `org.apache.directory.api:api-all` and
`org.apache.directory.api:api-ldap-schema-data` have conflicting ldif
bundled, is it safe to exclude api-ldap-schema-data from
`org.apache.directory.server:apacheds-server-integ` ?

2) it seems it is impossible to have more than 1 DN in ldif file being
loaded with @ApplyLdifFiles. And as far as I understand from
logs @CreatePartition is required for every DN, is this correct?

3) Maybe simple test with working config is available somewhere?

I'll try to create PR for docs as soon as my first test will work :)



On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann 
wrote:

> Hi Maxim,
>
> we no longer use the Confluence wiki for maintaining the documentation.
> All the pages there are really old (your example was updated 2010), and
> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be
> deleted or at least marked as "outdated", let's discuss and decide that
> in a separate thread.
>
> Documentation was moved to the Apache CMS, but is far from being
> completed. The page you refer should probably be below [1] but is empty.
> So if you want to help better move it there, the source is [2]. As you
> see, documentation is not in a good shape, help is very appreciated.
>
> Kind Regards,
> Stefan
>
> [1]
> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html
> [2]
>
> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext
>
>
> On 10/28/18 4:27 PM, Maxim Solodovnik wrote:
> > Hello Emmanuel,
> >
> > It seems this wiki page
> >
> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests
> > Have broken formatting
> > Can you please fix it?
> > Or I can try to do it (but currently don't have enough karma :(  )
> >
> > Thanks in advance!
> >
>
>

-- 
WBR
Maxim aka solomax

Broken formatting in Wiki

2018-10-28 Thread Maxim Solodovnik 
Hello Emmanuel,

It seems this wiki page
https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests
Have broken formatting
Can you please fix it?
Or I can try to do it (but currently don't have enough karma :(  )

Thanks in advance!

-- 
WBR
Maxim aka solomax

Re: The length of controls must not be null

2017-04-03 Thread Maxim Solodovnik 
Sure

Thanks a lot for the investigation!

On Mon, Apr 3, 2017 at 9:58 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote:
>
>
> Le 03/04/2017 à 14:22, Maxim Solodovnik a écrit :
>> Yes,
>> Search for the user from OM (via directory API) fails with
>> "DecoderException: The length of controls must not be null"
>> (The full stack trace is in the first message of this thread)
>
>
>
> Sorry that it took me so understand what was going on. The stack trace
> is clear a control should not be null. We do have a null control in the
> SearcResultDone :
>
>    30 0e 02 01 02 65 07 0a 01 00 04 00 04 00 a0 00
>
> which is :
>
> 30 0e LdapMessage
>   02 01 02Message ID : 02
>   65 07   ProtocolOp : SearchResultDone
> 0a 01 00  LDAPResult.resultCode  : LDAP_SUCCESS
> 04 00 LDAPResult.matchedDN : ""
> 04 00 LDAPResult.errorMessage : ""
> a0 00 Controls : empty
>
>
> Going back to RFC 4511 :
>
> LDAPMessage ::= SEQUENCE {
>  messageID   MessageID,
>  protocolOp  CHOICE {
>   ...
>   searchResDone SearchResultDone,
>   ...,
>   intermediateResponse  IntermediateResponse },
>  controls   [0] Controls OPTIONAL }
>
> We may have no controls, as it's optional. In this case, the 0xA0 ...
> part at the end will simply not exist. Let's see what is Controls
> structure :
>
> Controls ::= SEQUENCE OF control Control
>
>
> Here, if the SEQUENCE is empty, the encoded bytes for the length wll be
> 0x00, so we will have 0xA0 0x00.
>
> The Controls code in the API is :
>
> public void action( LdapMessageContainer<MessageDecorator Message>> container ) throws DecoderException
> {
> TLV tlv = container.getCurrentTLV();
> int expectedLength = tlv.getLength();
>
> // The Length should be null
> if ( expectedLength == 0 )
> {
> LOG.error( "The length of controls must not be null" );
>
> // This will generate a PROTOCOL_ERROR
> throw new DecoderException( "The length of controls must not
> be null" );
> }
>
> if ( IS_DEBUG )
> {
> LOG.debug( "A new list of controls has been initialized" );
> }
> }
>
>
> As you can see, there are two errors :
> - the comment is wrong and should read : "The Length should *not* be null
> - the length could actually be null
>
> Bottom line, this is a bug that need to be fixed, and I'll do that ASAP.
>
> May I ask you to filla  JIRA with your first mail ad the stack trace for
> clarity ?
>
> Thanks !
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>



-- 
WBR
Maxim aka solomax

Re: The length of controls must not be null

2017-04-03 Thread Maxim Solodovnik 
Yes,
Search for the user from OM (via directory API) fails with
"DecoderException: The length of controls must not be null"
(The full stack trace is in the first message of this thread)

On Mon, Apr 3, 2017 at 7:19 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote:
> Hi Maxim,
>
>
> I checked both pcap files, they seems to be ok (except that they are
> truncated).
>
>
> The difference bewteen the ldapSearch pcap file and the om pcap file is
> that there is a unbind in the ldapSearch one, but otherwise, there is no
> control in any of them.
>
>
> Did you get the error with 'om' ?
>
>
>
> Le 29/03/2017 à 12:22, Maxim Solodovnik a écrit :
>> Hello Emmanuel,
>>
>> Here are 2 dumps: one made by ldapsearch tool, other made by directory java 
>> API
>> https://yadi.sk/d/fl2jDtBQ3GSuuq
>>
>> Hope this helps
>>
>> BTW everything works as expected with recent Samba
>>
>> On Sat, Mar 25, 2017 at 12:18 AM, Maxim Solodovnik <solomax...@gmail.com> 
>> wrote:
>>> Thanks for the quick answer
>>> I'll ask issue reported to capture request/response with whireshark and
>>> share it
>>>
>>>
>>> On Sat, Mar 25, 2017 at 12:14 AM, Emmanuel Lécharny <elecha...@gmail.com>
>>> wrote:
>>>> Hi Maxim,
>>>>
>>>>
>>>> sorry, but the dump does not make a lot of sense. All that I can tell is
>>>> that the end of this dump looks like some SearchResultEntry :
>>>>
>>>> 30 2B
>>>>   04 0E
>>>> msTSManagingLS
>>>>   31 19
>>>> 04 17
>>>>   00455-001-9680336-84768
>>>>
>>>> 30 1E
>>>>   04 12
>>>> msTSLicenseVersion
>>>>   31 08
>>>> 04 06
>>>>   33 39 33 32 31 36
>>>>
>>>> 30 27
>>>>   04 0E
>>>> msRSEpireDate
>>>>   31 15
>>>> 04 13
>>>>   20170506060320.000Z
>>>>
>>>> 30 22
>>>>   04 0B
>>>> whenChanged
>>>>   31 13
>>>> 04 11
>>>>   20170307060321.0Z
>>>>
>>>> 30 17
>>>>   04 0A
>>>> uSNChanged
>>>>   31 09
>>>> 04 07
>>>>   1409108
>>>>
>>>> 30 4B
>>>>   04 11
>>>> d i s t i n g u i s h e d N a m e
>>>>   31 36
>>>> 04 34
>>>>   CN=keycoll,OU=Service,OU=Holding,dc=company,DC=local
>>>>
>>>>
>>>> And that there is a SearchResultDone at the very end :
>>>>
>>>>
>>>> 30 0E
>>>>   02 01 03
>>>>   e(65) 07 SearchResultDone
>>>> 0A 01 00
>>>> 04 00
>>>> 04 00
>>>> A0 00
>>>>
>>>>
>>>> but everything before is pretty much garbage (with some 2bytes chars in
>>>> it.)
>>>>
>>>>
>>>> What would be valuable is to capture some PDU with Wireshark. That would
>>>> be much better.
>>>>
>>>>
>>>> --
>>>> Emmanuel Lecharny
>>>>
>>>> Symas.com
>>>> directory.apache.org
>>>>
>>>
>>>
>>> --
>>> WBR
>>> Maxim aka solomax
>>
>>
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>



-- 
WBR
Maxim aka solomax

Re: The length of controls must not be null

2017-03-29 Thread Maxim Solodovnik 
Hello Emmanuel,

Here are 2 dumps: one made by ldapsearch tool, other made by directory java API
https://yadi.sk/d/fl2jDtBQ3GSuuq

Hope this helps

BTW everything works as expected with recent Samba

On Sat, Mar 25, 2017 at 12:18 AM, Maxim Solodovnik <solomax...@gmail.com> wrote:
> Thanks for the quick answer
> I'll ask issue reported to capture request/response with whireshark and
> share it
>
>
> On Sat, Mar 25, 2017 at 12:14 AM, Emmanuel Lécharny <elecha...@gmail.com>
> wrote:
>>
>> Hi Maxim,
>>
>>
>> sorry, but the dump does not make a lot of sense. All that I can tell is
>> that the end of this dump looks like some SearchResultEntry :
>>
>> 30 2B
>>   04 0E
>> msTSManagingLS
>>   31 19
>> 04 17
>>   00455-001-9680336-84768
>>
>> 30 1E
>>   04 12
>> msTSLicenseVersion
>>   31 08
>> 04 06
>>   33 39 33 32 31 36
>>
>> 30 27
>>   04 0E
>> msRSEpireDate
>>   31 15
>> 04 13
>>   20170506060320.000Z
>>
>> 30 22
>>   04 0B
>> whenChanged
>>   31 13
>> 04 11
>>   20170307060321.0Z
>>
>> 30 17
>>   04 0A
>> uSNChanged
>>   31 09
>> 04 07
>>   1409108
>>
>> 30 4B
>>   04 11
>> d i s t i n g u i s h e d N a m e
>>   31 36
>> 04 34
>>   CN=keycoll,OU=Service,OU=Holding,dc=company,DC=local
>>
>>
>> And that there is a SearchResultDone at the very end :
>>
>>
>> 30 0E
>>   02 01 03
>>   e(65) 07 SearchResultDone
>> 0A 01 00
>> 04 00
>> 04 00
>> A0 00
>>
>>
>> but everything before is pretty much garbage (with some 2bytes chars in
>> it.)
>>
>>
>> What would be valuable is to capture some PDU with Wireshark. That would
>> be much better.
>>
>>
>> --
>> Emmanuel Lecharny
>>
>> Symas.com
>> directory.apache.org
>>
>
>
>
> --
> WBR
> Maxim aka solomax



-- 
WBR
Maxim aka solomax

Re: The length of controls must not be null

2017-03-24 Thread Maxim Solodovnik 
Thanks for the quick answer
I'll ask issue reported to capture request/response with whireshark and
share it


On Sat, Mar 25, 2017 at 12:14 AM, Emmanuel Lécharny 
wrote:

> Hi Maxim,
>
>
> sorry, but the dump does not make a lot of sense. All that I can tell is
> that the end of this dump looks like some SearchResultEntry :
>
> 30 2B
>   04 0E
> msTSManagingLS
>   31 19
> 04 17
>   00455-001-9680336-84768
>
> 30 1E
>   04 12
> msTSLicenseVersion
>   31 08
> 04 06
>   33 39 33 32 31 36
>
> 30 27
>   04 0E
> msRSEpireDate
>   31 15
> 04 13
>   20170506060320.000Z
>
> 30 22
>   04 0B
> whenChanged
>   31 13
> 04 11
>   20170307060321.0Z
>
> 30 17
>   04 0A
> uSNChanged
>   31 09
> 04 07
>   1409108
>
> 30 4B
>   04 11
> d i s t i n g u i s h e d N a m e
>   31 36
> 04 34
>   CN=keycoll,OU=Service,OU=Holding,dc=company,DC=local
>
>
> And that there is a SearchResultDone at the very end :
>
>
> 30 0E
>   02 01 03
>   e(65) 07 SearchResultDone
> 0A 01 00
> 04 00
> 04 00
> A0 00
>
>
> but everything before is pretty much garbage (with some 2bytes chars in
> it.)
>
>
> What would be valuable is to capture some PDU with Wireshark. That would
> be much better.
>
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>
>


-- 
WBR
Maxim aka solomax

The length of controls must not be null

2017-03-24 Thread Maxim Solodovnik 
Hello All,

We are using directory API 1.0.0-RC2 to perform LDAP queries
One of our users uses Samba 4.0.0alpha10 as LDAP server
And report he got weird stacktrace (sorry for the huge hex dump):

Maybe you can say what is wrong based on this dump?

The original report is in Russian, I can provide the link to it if you like
to

Thanks in advance for the help!

[ERROR] [NioProcessor-66] org.apache.directory.api.ldap.
codec.actions.controls.InitControls - The length of controls must not be
null
 WARN 03-24 10:54:10.115 LdapNetworkConnection.java 68766033 1912
org.apache.directory.ldap.client.api.LdapNetworkConnection
[NioProcessor-66] -
org.apache.directory.api.ldap.codec.api.ResponseCarryingException:
The length of controls must not be null (Hexdump: 20 00 20 00 20 00 20 00
20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 50 00 06 00 1A 00 08 00 01
00 43 00 74 00 78 00 43 00 66 00 67 00 50 00 72 00 65 00 73 00 65 00 6E 00
74 00 35 35 31 65 30 62 62 30 18 00 08 00 01 00 43 00 74 00 78 00 43 00 66
00 67 00 46 00 6C 00 61 00 67 00 73 00 31 00 30 30 66 30 65 30 65 37 12 00
08 00 01 00 43 00 74 00 78 00 53 00 68 00 61 00 64 00 6F 00 77 00 30 32 30
30 30 30 30 30 2A 00 02 00 01 00 43 00 74 00 78 00 4D 00 69 00 6E 00 45 00
6E 00 63 00 72 00 79 00 70 00 74 00 69 00 6F 00 6E 00 4C 00 65 00 76 00 65
00 6C 00 30 31 20 00 54 00 01 00 43 00 74 00 78 00 57 00 6F 00 72 00 6B 00
44 00 69 00 72 00 65 00 63 00 74 00 6F 00 72 00 79 00 34 33 33 61 35 63 35
30 37 32 36 66 36 37 37 32 36 31 36 64 32 30 34 36 36 39 36 63 36 35 37 33
32 30 32 38 37 38 33 38 33 36 32 39 35 63 34 62 36 35 37 39 34 33 36 66 36
63 36 63 36 35 36 33 37 34 36 66 37 32 35 37 35 30 34 36 34 38 34 34 34 34
30 30 22 00 7C 00 01 00 43 00 74 00 78 00 49 00 6E 00 69 00 74 00 69 00 61
00 6C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 34 33 33 61 35 63 35 30
37 32 36 66 36 37 37 32 36 31 36 64 32 30 34 36 36 39 36 63 36 35 37 33 32
30 32 38 37 38 33 38 33 36 32 39 35 63 34 62 36 35 37 39 34 33 36 66 36 63
36 63 36 35 36 33 37 34 36 66 37 32 35 37 35 30 34 36 34 38 34 34 34 34 35
63 34 62 36 35 37 39 34 33 36 66 36 63 36 63 36 35 36 33 37 34 36 66 37 32
35 37 35 30 34 36 32 65 36 35 37 38 36 35 30 30 22 0A 41 00 00 00 00 00 00
00 00 00 00 00 70 B3 76 0A 00 00 00 00 00 00 00 00 00 00 00 00 28 FF 83 08
08 00 00 00 70 0C 15 E8 00 00 00 00 78 B4 2E 0A 00 00 00 00 6B 65 79 63 6F
6C 6C 00 00 00 00 00 41 00 00 00 70 B3 76 0A A8 9B C8 0A 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 98 9B C8 0A 0A 00 00 00 70 0C 15 E8 00 00 00
00 D0 98 C8 0A 00 00 00 00 67 69 76 65 6E 4E 61 6D 65 00 79 08 41 00 00 00
68 9B C8 0A 28 9C C8 0A 00 00 00 00 E8 9B C8 0A 00 00 00 00 00 00 00 00 8D
A0 7E 08 08 00 00 00 70 0C 15 E8 00 00 00 00 00 00 00 00 00 00 00 00 18 9C
C8 0A 07 00 00 00 73 0C 15 E8 41 00 00 00 00 00 00 00 00 00 00 00 A8 9B C8
0A 00 00 00 00 00 00 00 00 00 00 00 00 28 FF 83 08 08 00 00 00 70 0C 15 E8
00 00 00 00 F8 19 79 08 01 00 00 00 6B 65 79 63 6F 6C 6C 00 61 63 6B 22 49
00 00 00 A8 9B C8 0A 70 9C C8 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 58 9C C8 0A 0D 00 00 00 70 0C 15 E8 00 00 00 00 73 0C 15 E8 00 00 00
00 69 6E 73 74 61 6E 63 65 54 79 70 65 00 00 00 00 98 9A B4 0A 41 00 00 00
28 9C C8 0A A8 EB 1D 0A 00 00 00 00 B0 9C C8 0A 00 00 00 00 00 00 00 00 8D
A0 7E 08 08 00 00 00 70 0C 15 E8 00 00 00 00 5C 70 69 70 65 5C 73 70 E0 9C
C8 0A 01 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00 00 00 00 00 70 9C C8
0A 00 00 00 00 00 00 00 00 00 00 00 00 28 FF 83 08 02 00 00 00 70 0C 15 E8
00 00 00 00 73 0C 15 E8 00 00 00 00 34 00 15 E8 19 00 00 00 80 98 C8 0A 78
C3 9B 0A 80 9D 08 0A 94 47 8E 08 18 00 00 00 18 00 00 00 00 00 00 00 AC 6B
0C 0A B4 6B 0C 0A 10 AD CE 0A A4 72 00 00 19 00 00 00 43 4F 4D 50 41 4E 59
2E 4C 4F 43 41 4C 00 20 20 2B 1C F2 E8 41 00 00 00 00 00 00 00 00 00 00 00
D8 86 0C 0A 00 00 00 00 00 00 00 00 30 2B 04 0E 6D 73 54 53 4D 61 6E 61 67
69 6E 67 4C 53 31 19 04 17 30 30 34 37 37 2D 30 30 31 2D 39 36 38 30 33 33
36 2D 38 34 37 36 38 30 1E 04 12 6D 73 54 53 4C 69 63 65 6E 73 65 56 65 72
73 69 6F 6E 31 08 04 06 33 39 33 32 31 36 30 27 04 0E 6D 73 54 53 45 78 70
69 72 65 44 61 74 65 31 15 04 13 32 30 31 37 30 35 30 36 30 36 30 33 32 30
2E 30 30 30 5A 30 22 04 0B 77 68 65 6E 43 68 61 6E 67 65 64 31 13 04 11 32
30 31 37 30 33 30 37 30 36 30 33 32 31 2E 30 5A 30 17 04 0A 75 53 4E 43 68
61 6E 67 65 64 31 09 04 07 31 34 30 39 31 30 38 30 4B 04 11 64 69 73 74 69
6E 67 75 69 73 68 65 64 4E 61 6D 65 31 36 04 34 43 4E 3D 6B 65 79 63 6F 6C
6C 2C 4F 55 3D 53 65 72 76 69 63 65 2C 4F 55 3D 48 6F 6C 64 69 6E 67 2C 44
43 3D 63 6F 6D 70 61 6E 79 2C 44 43 3D 6C 6F 63 61 6C 30 0E 02 01 03 65 07
0A 01 00 04 00 04 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00

Maybe Cursor should also extends Closable

2016-01-12 Thread Maxim Solodovnik 
Hello All,

As I can see in latest directory-api sources

interface Cursor extends Iterable

Maybe it worth to be changed to

interface Cursor extends Iterable, Closable

This way will be no need to declare void close(); explicitly
Also It will be possible to use
try (EntryCursor cursor = new EntryCursorImpl(...)) {
} catch (...) {
}
constructs

WDYT?

not sure maybe this question better fits dev@ list


-- 
WBR
Maxim aka solomax

parse DN using directory API

2015-09-04 Thread Maxim Solodovnik 
Hello,

Is it possible to parse DN as string using directory API? I found couple of
methods but they private or package protected :(

Thanks in advance

PS using 1.0.0-M31

-- 
WBR
Maxim aka solomax

Re: parse DN using directory API

2015-09-04 Thread Maxim Solodovnik 
Here is the use case
I read memberOf attributes of user (MS AD version), interpret it as String,
and then need to parse it as Dn. Currently I can't use FastDnParser.parse
and need to "re-invent the weel".

Maybe I misuse the API?

On Fri, Sep 4, 2015 at 5:29 PM, Kiran Ayyagari <kayyag...@apache.org> wrote:

> On Fri, Sep 4, 2015 at 7:14 PM, Maxim Solodovnik <solomax...@gmail.com>
> wrote:
>
> > Hello,
> >
> > Is it possible to parse DN as string using directory API? I found couple
> of
> >
> hmm, can you elaborate on what you are trying to do
>
> > methods but they private or package protected :(
> >
> sure we can do that based on the usecase
>
>
> > Thanks in advance
> >
> > PS using 1.0.0-M31
> >
> > --
> > WBR
> > Maxim aka solomax
> >
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



-- 
WBR
Maxim aka solomax

Re: parse DN using directory API

2015-09-04 Thread Maxim Solodovnik 
I need to extract group name from the Dn returned, so iterating through the
Rdns is sufficient right now :)

On Fri, Sep 4, 2015 at 6:18 PM, Maxim Solodovnik <solomax...@gmail.com>
wrote:

> My bad :(
> I thought "public Dn( SchemaManager schemaManager, String... upRdns )"
> only accepts pairs "XY=ASDFG"
> sorry for the noise :(
>
> On Fri, Sep 4, 2015 at 6:15 PM, Emmanuel Lécharny <elecha...@gmail.com>
> wrote:
>
>> Le 04/09/15 14:09, Kiran Ayyagari a écrit :
>> > On Fri, Sep 4, 2015 at 8:05 PM, Maxim Solodovnik <solomax...@gmail.com>
>> > wrote:
>> >
>> >> Here is the use case
>> >> I read memberOf attributes of user (MS AD version), interpret it as
>> String,
>> >> and then need to parse it as Dn. Currently I can't use
>> FastDnParser.parse
>> >> and need to "re-invent the weel".
>> >>
>> > you can just create a DN using new Dn(dnStr)
>> > and that internally parses it.
>> >
>> > The only downside of the above method is that the DN is not schema aware
>>
>> But once you have done that, you can iterate on the RDNs, then on the
>> AVAs.
>>
>> Now, what exactly are you going to do with the parsed DN ? Isn't it
>> enough to have a Dn instance ?
>>
>
>
>
> --
> WBR
> Maxim aka solomax
>



-- 
WBR
Maxim aka solomax

Re: parse DN using directory API

2015-09-04 Thread Maxim Solodovnik 
My bad :(
I thought "public Dn( SchemaManager schemaManager, String... upRdns )" only
accepts pairs "XY=ASDFG"
sorry for the noise :(

On Fri, Sep 4, 2015 at 6:15 PM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:

> Le 04/09/15 14:09, Kiran Ayyagari a écrit :
> > On Fri, Sep 4, 2015 at 8:05 PM, Maxim Solodovnik <solomax...@gmail.com>
> > wrote:
> >
> >> Here is the use case
> >> I read memberOf attributes of user (MS AD version), interpret it as
> String,
> >> and then need to parse it as Dn. Currently I can't use
> FastDnParser.parse
> >> and need to "re-invent the weel".
> >>
> > you can just create a DN using new Dn(dnStr)
> > and that internally parses it.
> >
> > The only downside of the above method is that the DN is not schema aware
>
> But once you have done that, you can iterate on the RDNs, then on the AVAs.
>
> Now, what exactly are you going to do with the parsed DN ? Isn't it
> enough to have a Dn instance ?
>



-- 
WBR
Maxim aka solomax

Re: ApacheDS file name

2015-07-08 Thread Maxim Solodovnik 
I believe I'm behind corporate FW right now :(
Will try to double check later from home

On Wed, Jul 8, 2015 at 12:55 PM, Stefan Seelmann m...@stefan-seelmann.de
wrote:

 On 07/08/2015 08:37 AM, Maxim Solodovnik wrote:
  just have tried:
 
 http://www.eu.apache.org/dist/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

 I downloaded the same, signature and md5sum is good.

  file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
  ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: *gzip
  compressed data*
 
  pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc
  gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID
 28686142
  gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) 
  seelm...@apache.org
  *WARNING: Bad signature, doesn't match file contents!*
 
  not sure what is wrong

 Are you behind a corporate firewall/virus scanner that intercepts the
 download?


  On Wed, Jul 8, 2015 at 12:31 PM, Maxim Solodovnik solomax...@gmail.com
  wrote:
 
  hm,
 
  file
 
 http://www.motorlogy.com/apache/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 
  pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc
  gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID
 28686142
  gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) 
  seelm...@apache.org
  *WARNING: Bad signature, doesn't match file contents!*
 
  will try different mirror
  sorry for the noise
 
  On Wed, Jul 8, 2015 at 12:26 PM, Stefan Seelmann 
 m...@stefan-seelmann.de
  wrote:
 
  On 07/08/2015 08:11 AM, Maxim Solodovnik wrote:
  Hello,
 
  Just have tried latest available ApacheDS
  (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz)
 
  the file name clearly states it is tar gzip, but it turns to be plain
  tar
  (without gzip compression)
  I would propose to add gzip compression or to change the name
 
  Not sure if it is issue, or maybe you are already aware of it
 
 
  Hm, I just downloaded it from a mirror and it is a propert tar.gz, see
  below.
 
  From which mirror did you download? Can you please validate checksums
  and PGP signature?
 
 
  $ ls -s
 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
  121396 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 
  $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
  ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: gzip
  compressed data
 
  $ gunzip
 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 
  $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
  135700 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
 
  $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
  ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar: POSIX
 tar
  archive
 
  Kind Regards,
  Stefan
 
 
 
 
  --
  WBR
  Maxim aka solomax
 
 
 
 




-- 
WBR
Maxim aka solomax

ApacheDS file name

2015-07-08 Thread Maxim Solodovnik 
Hello,

Just have tried latest available ApacheDS
(ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz)

the file name clearly states it is tar gzip, but it turns to be plain tar
(without gzip compression)
I would propose to add gzip compression or to change the name

Not sure if it is issue, or maybe you are already aware of it

-- 
WBR
Maxim aka solomax

Re: ApacheDS file name

2015-07-08 Thread Maxim Solodovnik 
just have tried:
http://www.eu.apache.org/dist/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: *gzip
compressed data*

pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc
gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142
gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) 
seelm...@apache.org
*WARNING: Bad signature, doesn't match file contents!*

not sure what is wrong



On Wed, Jul 8, 2015 at 12:31 PM, Maxim Solodovnik solomax...@gmail.com
wrote:

 hm,

 file
 http://www.motorlogy.com/apache/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

 pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc
 gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142
 gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) 
 seelm...@apache.org
 *WARNING: Bad signature, doesn't match file contents!*

 will try different mirror
 sorry for the noise

 On Wed, Jul 8, 2015 at 12:26 PM, Stefan Seelmann m...@stefan-seelmann.de
 wrote:

 On 07/08/2015 08:11 AM, Maxim Solodovnik wrote:
  Hello,
 
  Just have tried latest available ApacheDS
  (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz)
 
  the file name clearly states it is tar gzip, but it turns to be plain
 tar
  (without gzip compression)
  I would propose to add gzip compression or to change the name
 
  Not sure if it is issue, or maybe you are already aware of it
 

 Hm, I just downloaded it from a mirror and it is a propert tar.gz, see
 below.

 From which mirror did you download? Can you please validate checksums
 and PGP signature?


 $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 121396 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

 $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: gzip
 compressed data

 $ gunzip ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

 $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
 135700 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar

 $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar: POSIX tar
 archive

 Kind Regards,
 Stefan




 --
 WBR
 Maxim aka solomax




-- 
WBR
Maxim aka solomax

Re: ApacheDS file name

2015-07-08 Thread Maxim Solodovnik 
hm,

file
http://www.motorlogy.com/apache/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc
gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142
gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) 
seelm...@apache.org
*WARNING: Bad signature, doesn't match file contents!*

will try different mirror
sorry for the noise

On Wed, Jul 8, 2015 at 12:26 PM, Stefan Seelmann m...@stefan-seelmann.de
wrote:

 On 07/08/2015 08:11 AM, Maxim Solodovnik wrote:
  Hello,
 
  Just have tried latest available ApacheDS
  (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz)
 
  the file name clearly states it is tar gzip, but it turns to be plain tar
  (without gzip compression)
  I would propose to add gzip compression or to change the name
 
  Not sure if it is issue, or maybe you are already aware of it
 

 Hm, I just downloaded it from a mirror and it is a propert tar.gz, see
 below.

 From which mirror did you download? Can you please validate checksums
 and PGP signature?


 $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 121396 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

 $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz
 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: gzip
 compressed data

 $ gunzip ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz

 $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
 135700 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar

 $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar
 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar: POSIX tar
 archive

 Kind Regards,
 Stefan




-- 
WBR
Maxim aka solomax

Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M29 released

2015-04-03 Thread Maxim Solodovnik 
Somehow new release is not available:  Failed to collect dependencies at
org.apache.directory.api:api-all:jar:1.0.0-M29: Failed to read artifact
descriptor for org.apache.directory.api:api-all:jar:1.0.0-M29: Failure to
find org.apache.directory.api:api-parent:pom:1.0.0-M29

Am I doing something wrong? Or maybe anything wrong with repo and/or
release?

On Fri, Apr 3, 2015 at 5:56 PM, Emmanuel Lecharny elecha...@apache.org
wrote:

 The Apache Directory Team is proud to announce the availability of the
 1.0.0-M29 version of the Apache Directory LDAP API.

 The Apache Directory LDAP client API is an ongoing effort to provide
 an enhanced LDAP API, as a replacement for JNDI and the existing
 LDAPAPI (jLdap and Mozilla LDAP API).

 This is a schema aware API, with some convenient ways to access a LDAP
 server. This API is not only targeting the Apache Directory Server,
 but should work pristine with any LDAP server.

 It's also an extensible API : new Controls, schema elements and
 network layer could be added or used in the near future. It's also
 OSGi capable.


 Another bug fix release, with a few new fonctionalities being added :
 - a LDIF anonymizer
 - VLV support

 Here is the list of fixed issues :


 Bugs :
 --

   * https://issues.apache.org/jira/browse/DIRAPI-100  Implement the
 GSSAPI SASL Bind mechanism
   * https://issues.apache.org/jira/browse/DIRAPI-107  LdifReader
 missing attributes
   * https://issues.apache.org/jira/browse/DIRAPI-219
 DateUtils.toGeneralizedTime does not work with some Locales
   * https://issues.apache.org/jira/browse/DIRAPI-220  The
 FilterEncoder.encodeFilterValue() does not accept escaped hex values
 like \2A
   * https://issues.apache.org/jira/browse/DIRAPI-223  The SchemaObject
 extension key should be case-insensitive
   * https://issues.apache.org/jira/browse/DIRAPI-226  Injecting non
 pure ASCII values into a HR attribute read from a LDIF does not work

 Improvements :
 --

   * https://issues.apache.org/jira/browse/DIRAPI-46   Add a generic
 schema loader which looks for schema elements under the value of the
 'subschemaSubentry' of the RootDSE
   * https://issues.apache.org/jira/browse/DIRAPI-225  Add a LDIF
 anonymizer that takes a LDIF file and replace the value with random
 text


 New features :
 --

   * https://issues.apache.org/jira/browse/DIRAPI-165  Add a FilterBuillder
   * https://issues.apache.org/jira/browse/DIRAPI-224  Add support for
 the VLV control


 Feel free to experiment, we highly appreciate your feedback !


 Website : http://directory.apache.org/api
 Download : http://directory.apache.org/api/downloads.html
 User's Guide : http://directory.apache.org/api/user-guide.html

 The Apache Directory Team

 --
 Regards,
 Cordialement,
 Emmanuel Lécharny
 www.iktek.com




-- 
WBR
Maxim aka solomax

Re: Dereferencing aliases

2014-10-21 Thread Maxim Solodovnik 
Works as expected
Thanks a lot for the help!

On 16 October 2014 16:05, Maxim Solodovnik solomax...@gmail.com wrote:

 Thanks a lot for the quick reply,
 will try it!

 On 16 October 2014 16:03, Kiran Ayyagari kayyag...@apache.org wrote:

 the support for dereferencing aliases* is already there, you just need to
 set the derefAliases option
 in the search request.


 * note that referral chasing is different and is not currently supported

 On Thu, Oct 16, 2014 at 2:04 PM, Maxim Solodovnik solomax...@gmail.com
 wrote:

  Hello All,
 
  Recently I got report from one of our users [1] asking for dereferencing
  aliases.
  According to the code of EntryCursorImpl.get() I suppose it is not
  currently possible, am I right?
 
  If yes maybe you have plans to implement it? (so I can tell our user
 some
  time frame)
 
  Thanks in advance
 
  [1] https://issues.apache.org/jira/browse/OPENMEETINGS-1105
 
  --
  WBR
  Maxim aka solomax
 



 --
 Kiran Ayyagari
 http://keydap.com




 --
 WBR
 Maxim aka solomax




-- 
WBR
Maxim aka solomax

Dereferencing aliases

2014-10-16 Thread Maxim Solodovnik 
Hello All,

Recently I got report from one of our users [1] asking for dereferencing
aliases.
According to the code of EntryCursorImpl.get() I suppose it is not
currently possible, am I right?

If yes maybe you have plans to implement it? (so I can tell our user some
time frame)

Thanks in advance

[1] https://issues.apache.org/jira/browse/OPENMEETINGS-1105

-- 
WBR
Maxim aka solomax

Re: Dereferencing aliases

2014-10-16 Thread Maxim Solodovnik 
Thanks a lot for the quick reply,
will try it!

On 16 October 2014 16:03, Kiran Ayyagari kayyag...@apache.org wrote:

 the support for dereferencing aliases* is already there, you just need to
 set the derefAliases option
 in the search request.


 * note that referral chasing is different and is not currently supported

 On Thu, Oct 16, 2014 at 2:04 PM, Maxim Solodovnik solomax...@gmail.com
 wrote:

  Hello All,
 
  Recently I got report from one of our users [1] asking for dereferencing
  aliases.
  According to the code of EntryCursorImpl.get() I suppose it is not
  currently possible, am I right?
 
  If yes maybe you have plans to implement it? (so I can tell our user some
  time frame)
 
  Thanks in advance
 
  [1] https://issues.apache.org/jira/browse/OPENMEETINGS-1105
 
  --
  WBR
  Maxim aka solomax
 



 --
 Kiran Ayyagari
 http://keydap.com




-- 
WBR
Maxim aka solomax

CursorLdapReferralException while iterating EntryCursor

2014-09-28 Thread Maxim Solodovnik 
Hello,

I'm getting CursorLdapReferralException while iterating EntryCursor:
[1] line 258
Could you please explain the meaning of this exception? I was sure if
cursor.next() return the true cursor.get() should be successful.

Thanks in advance


[1]
https://svn.apache.org/viewvc/openmeetings/branches/3.0.x/src/main/java/org/apache/openmeetings/ldap/LdapLoginManagement.java?view=markup

-- 
WBR
Maxim aka solomax

Re: [Solved] Re: Changing logging level

2014-07-25 Thread Maxim Solodovnik 
Will commit this part: logger name=org.apache.mina.filter.ssl.SslFilter
level=OFF/


On 25 July 2014 20:50, Michael Wuttke michael.wut...@beuth-hochschule.de
wrote:

 Hello

 I added to the ~/red5/conf/logback.xml file of the Openmeetings
 application the following lines:

   logger name=org.apache.mina.filter.ssl.SslFilter
 level value=OFF/
   /logger

 and to the ~/red5/webapp/openmeetings/WEB-INF/classes/logback-config.xml
 file the following line:

 logger name=org.apache.mina.filter.ssl.SslFilter level=OFF/

 See also the source file:

 https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/main/webapp/WEB-INF/classes/logback-config.xml

 Now the logging of Openmeetings works as expected. No passwords where
 printed to the log file openmeetings.log any more.

  The correct log to disable is
  org.apache.directory.api.ldap.model.message.BindRequestImpl :
 
   logger
  name=org.apache.directory.api.ldap.model.message.BindRequestImpl
  level=NONE/
 Your hint doesn't help. The passwords where printed anyway.

 Thanks a lot for your help!
 Michael

 Am 23.07.2014 um 19:08 schrieb Emmanuel Lécharny:
  Le 23/07/2014 18:45, mwut...@beuth-hochschule.de a écrit :
  Hello Emmanuel,
 
  thank you for your help and advise. I will try it.
 
  Thanks ! Give us some feedback, that would be appreciated !




-- 
WBR
Maxim aka solomax

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
Our user (Michael in CC) changes the level to OFF and still get passwords
printed
I can't reproduce this, and have no idea what else can I suggest :(


On 23 July 2014 20:37, Kiran Ayyagari kayyag...@apache.org wrote:

 Hi Maxim,

   I suggest you change the logging level of org.apache.directory to WARN
   even at INFO level ApacheDS logs a lot of data


 On Wed, Jul 23, 2014 at 6:55 PM, Maxim Solodovnik solomax...@gmail.com
 wrote:

  Hello,
 
  I have successfully integrated Apache directory API into our project
  openmeetings.apache.org.
  We using logback to configure logging in our project.
 
  User claims in mailing lists and direct emails: LDAP passwords are being
  printed to the log in plain text
  I have modified logback config: [1] and the issue is not reproducible for
  me, but it doesn't help the user.
  What else can be checked to investigate/fix this issue?
 
 
  [
 
 
 https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/main/webapp/WEB-INF/classes/logback-config.xml
  ]
  --
  WBR
  Maxim aka solomax
 



 --
 Kiran Ayyagari
 http://keydap.com




-- 
WBR
Maxim aka solomax

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
Thanks Kiran! Will try to localize


On 23 July 2014 20:42, Kiran Ayyagari kayyag...@apache.org wrote:

 On Wed, Jul 23, 2014 at 7:09 PM, Maxim Solodovnik solomax...@gmail.com
 wrote:

  Our user (Michael in CC) changes the level to OFF and still get passwords
  printed
 
 looks like a logging configuration issue on his part

  I can't reproduce this, and have no idea what else can I suggest :(
 
 
  On 23 July 2014 20:37, Kiran Ayyagari kayyag...@apache.org wrote:
 
   Hi Maxim,
  
 I suggest you change the logging level of org.apache.directory to
 WARN
 even at INFO level ApacheDS logs a lot of data
  
  
   On Wed, Jul 23, 2014 at 6:55 PM, Maxim Solodovnik 
 solomax...@gmail.com
   wrote:
  
Hello,
   
I have successfully integrated Apache directory API into our project
openmeetings.apache.org.
We using logback to configure logging in our project.
   
User claims in mailing lists and direct emails: LDAP passwords are
  being
printed to the log in plain text
I have modified logback config: [1] and the issue is not reproducible
  for
me, but it doesn't help the user.
What else can be checked to investigate/fix this issue?
   
   
[
   
   
  
 
 https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/main/webapp/WEB-INF/classes/logback-config.xml
]
--
WBR
Maxim aka solomax
   
  
  
  
   --
   Kiran Ayyagari
   http://keydap.com
  
 
 
 
  --
  WBR
  Maxim aka solomax
 



 --
 Kiran Ayyagari
 http://keydap.com




-- 
WBR
Maxim aka solomax

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
@Michael, can you subscribe to this list and share some logs?


On 23 July 2014 21:07, Emmanuel Lécharny elecha...@gmail.com wrote:

 Le 23/07/2014 15:46, Maxim Solodovnik a écrit :
  Thanks Kiran! Will try to localize
 In any case, we should *never* log a password.

 The only place I can imagine the password will be printed is the BER
 decoding part, where we are printing the PDU we receive from a client,
 while we have no idea about what PDU they are.

 If you can get some of the client logs, that could help.




-- 
WBR
Maxim aka solomax

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
The messages are being printed by o.a.m.f.s.SslFilter:570
so you need to add line with org.apache.mina.core.filterchain
http://mina.apache.org/mina-project/apidocs/org/apache/mina/core/filterchain/IoFilterAdapter.html
package


On 23 July 2014 21:50, Michael Wuttke michael.wut...@beuth-hochschule.de
wrote:

 Hello,

 here is an extract of the openmeetings.log file:

 DEBUG 07-23 16:39:23.804
 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354
 [Wicket-PageSavingThread] - Saving asynchronously: Entry
 [sessionId=CF4118EC81E38EDD29BF16316D7DA5AE, pageId=0]...
 DEBUG 07-23 16:39:23.805 o.a.w.p.PageAccessSynchronizer:346
 [http-nio-0.0.0.0-5080-exec-8] - 'http-nio-0.0.0.0-5080-exec-8'
 notifying blocked threads
 DEBUG 07-23 16:39:23.805 o.a.w.p.DiskDataStore:186
 [Wicket-PageSavingThread] - Storing data for page with id '0' in session
 with id 'CF4118EC81E38EDD29BF16316D7DA5AE'
 DEBUG 07-23 16:39:34.585 o.a.w.p.h.s.ServletWebRequest:189
 [http-nio-0.0.0.0-5080-exec-5] - Calculating context relative path from:
 context path '/openmeetings', filterPrefix '', uri '/openmeetings/signin'
 DEBUG 07-23 16:39:34.585 o.a.w.p.PageAccessSynchronizer:100
 [http-nio-0.0.0.0-5080-exec-5] - 'http-nio-0.0.0.0-5080-exec-5'
 attempting to acquire lock to page with id '0'
 DEBUG 07-23 16:39:34.586 o.a.w.p.PageAccessSynchronizer:125
 [http-nio-0.0.0.0-5080-exec-5] - http-nio-0.0.0.0-5080-exec-5 acquired
 lock to page 0
 DEBUG 07-23 16:39:34.587 o.a.o.d.d.s.SessiondataDao:68
 [http-nio-0.0.0.0-5080-exec-5] - startsession :: startsession
 DEBUG 07-23 16:39:34.588 o.a.o.u.c.ManageCryptStyle:32
 [http-nio-0.0.0.0-5080-exec-5] - getInstanceOfCrypt::
 configKeyCryptClassName:
 org.apache.openmeetings.util.crypt.MD5Implementation
 DEBUG 07-23 16:39:34.596 o.a.o.l.LdapLoginManagement:163
 [http-nio-0.0.0.0-5080-exec-5] - LdapLoginmanagement.doLdapLogin
 DEBUG 07-23 16:39:34.602 o.a.m.f.s.SslFilter:406 [NioProcessor-18] -
 Adding the SSL Filter sslFilter to the chain
 DEBUG 07-23 16:39:34.604 o.a.m.f.s.SslFilter:645 [NioProcessor-18] -
 Session Client[3](ssl...) : Starting the first handshake
 DEBUG 07-23 16:39:34.604 o.a.m.f.s.SslFilter:570 [NioProcessor-18] -
 Session Client[3](ssl...): Writing Message : WriteRequest:
 HeapBuffer[pos=0 lim=154 cap=264: 16 03 01 00 95 01 00 00 91 03 01 53 CF
 C9 26 2D...]
 DEBUG 07-23 16:39:34.605 o.a.m.f.s.SslFilter:570
 [http-nio-0.0.0.0-5080-exec-5] - Session Client[3](ssl...): Writing
 Message : WriteRequest: HeapBuffer[pos=0 lim=97 cap=97: 30 5F 02 01 01
 60 5A 02 01 03 04 3F 43 4E 3D 6D...]
 DEBUG 07-23 16:39:34.606 o.a.m.f.s.SslFilter:570
 [http-nio-0.0.0.0-5080-exec-5] - Session Client[3](ssl...): Writing
 Message : MessageWriteRequest, parent : WR WrapperWriteRequest:
 MessageType : BIND_REQUEST
 Message ID : 1
 BindRequest
 Version : '3'
 Name : 'CN=binduser,OU=YXZ,OU=Users,DC=company,DC=com'
 Simple authentication : 'password/hash value'

 DEBUG 07-23 16:39:34.606 o.a.m.f.s.SslFilter:452 [NioProcessor-18] -
 Session Client[3](ssl...): Message received : HeapBuffer[pos=0 lim=2048
 cap=2048: 16 03 01 13 C9 02 00 00 4D 03 01 53 CF C9 26 09...]
 DEBUG 07-23 16:39:34.607 o.a.m.f.s.SslFilter:685 [NioProcessor-18] -
 Session Client[3](ssl...): Processing the SSL Data
 DEBUG 07-23 16:39:34.607 o.a.m.f.s.SslFilter:452 [NioProcessor-18] -
 Session Client[3](ssl...): Message received : HeapBuffer[pos=0 lim=3022
 cap=4096: 97 FD 69 A4 E4 5D 9F 0D 53 46 BE 07 D4 4B 4F 66...]
 DEBUG 07-23 16:39:34.623 o.a.m.f.s.SslFilter:570 [NioProcessor-18] -
 Session Client[3](ssl...): Writing Message : WriteRequest:
 HeapBuffer[pos=0 lim=274 cap=528: 16 03 01 01 0D 0B 00 00 03 00 00 00 10
 00 01 02...]
 DEBUG 07-23 16:39:34.624 o.a.m.f.s.SslFilter:570 [NioProcessor-18] -
 Session Client[3](ssl...): Writing Message : WriteRequest:
 HeapBuffer[pos=0 lim=6 cap=8: 14 03 01 00 01 01]
 DEBUG 07-23 16:39:34.624 o.a.m.f.s.SslFilter:570 [NioProcessor-18] -
 Session Client[3](ssl...): Writing Message : WriteRequest:
 HeapBuffer[pos=0 lim=53 cap=66: 16 03 01 00 30 53 CA 7F 1E D9 07 AB 4D
 D9 6C 12...]
 DEBUG 07-23 16:39:34.624 o.a.m.f.s.SslFilter:685 [NioProcessor-18] -
 Session Client[3](ssl...): Processing the SSL Data
 DEBUG 07-23 16:39:34.823 o.a.m.f.s.SslFilter:452 [NioProcessor-18] -
 Session Client[3](ssl...): Message received : HeapBuffer[pos=0 lim=59
 cap=4096: 14 03 01 00 01 01 16 03 01 00 30 FC 65 E5 CD 51...]
 DEBUG 07-23 16:39:34.825 o.a.m.f.s.SslFilter:685 [NioProcessor-18] -
 Session Client[3](SSL): Processing the SSL Data
 DEBUG 07-23 16:39:34.825 o.a.m.f.s.SslFilter:570 [NioProcessor-18] -
 Session Client[3](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0
 lim=97 cap=97: 30 5F 02 01 01 60 5A 02 01 03 04 3F 43 4E 3D 6D...]
 DEBUG 07-23 16:39:34.826 o.a.m.f.s.SslFilter:570 [NioProcessor-18] -
 Session Client[3](SSL): Writing Message : MessageWriteRequest, parent :
 WR WrapperWriteRequest: MessageType : BIND_REQUEST
 Message ID : 1
 BindRequest
 Version : '3'

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
Thanks for the great library and immediate support :)


On 23 July 2014 23:24, Emmanuel Lécharny elecha...@gmail.com wrote:

 Le 23/07/2014 18:13, Maxim Solodovnik a écrit :
  Thanks :)
 Actually, shame on us.

 The bug was already listed in JIRA nearly 4 years ago :
 https://issues.apache.org/jira/browse/DIRSERVER-1544

 The fix was sadly partial :


 http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/model/message/BindRequestImpl.java?r1=987606r2=991816pathrev=1066123

 The code base is quite big, and it's hard to be thorough...




-- 
WBR
Maxim aka solomax

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
sure, I'll turn it on :)
Thanks again


On 23 July 2014 23:37, Emmanuel Lécharny elecha...@gmail.com wrote:

 Le 23/07/2014 18:28, Maxim Solodovnik a écrit :
  Thanks for the great library and immediate support :)

 We will probably not cut a release right away. If you can set the log
 level so that the BondRequest is not exposed, that would be a workaround.

 The correct log to disable is
 org.apache.directory.api.ldap.model.message.BindRequestImpl :

   logger
 name=org.apache.directory.api.ldap.model.message.BindRequestImpl
 level=NONE/

 That will avoid dumping any of the BindRequest messages.




-- 
WBR
Maxim aka solomax

Re: Changing logging level

2014-07-23 Thread Maxim Solodovnik 
I'll turn it off, sorry ~midnight here :)


On 23 July 2014 23:39, Maxim Solodovnik solomax...@gmail.com wrote:

 sure, I'll turn it on :)
 Thanks again


 On 23 July 2014 23:37, Emmanuel Lécharny elecha...@gmail.com wrote:

 Le 23/07/2014 18:28, Maxim Solodovnik a écrit :
  Thanks for the great library and immediate support :)

 We will probably not cut a release right away. If you can set the log
 level so that the BondRequest is not exposed, that would be a workaround.

 The correct log to disable is
 org.apache.directory.api.ldap.model.message.BindRequestImpl :

   logger
 name=org.apache.directory.api.ldap.model.message.BindRequestImpl
 level=NONE/

 That will avoid dumping any of the BindRequest messages.




 --
 WBR
 Maxim aka solomax




-- 
WBR
Maxim aka solomax

[LDAP API] secure connection example

2014-06-27 Thread Maxim Solodovnik 
Hello All,

I would like to ask a question regarding establishing secure LDAP
connection using Java API (1.0.0-M22
http://directory.apache.org/api/downloads.html)
http://directory.apache.org/api/user-guide/5-ldap-security.html contains no
documentation

Here is error log: http://pastebin.com/buKTicGu

I would appreciate any help
-- 
WBR
Maxim aka solomax

Re: [LDAP API] secure connection example

2014-06-27 Thread Maxim Solodovnik 
Thanks for the quick response
This was my first idea

Unfortunately I have no environment to test :(
The user, reported this says:
thank you for your hints. I will have a look at it. The thing is: with
moodle  mahara (php software) it works with all the ldaps settings. ;-(

The code I'm using: is here
https://svn.apache.org/viewvc/openmeetings/branches/3.0.x/src/main/java/org/apache/openmeetings/ldap/LdapLoginManagement.java?view=markup
line ~228

Maybe I'm using API somehow wrong? or additional keystores should be added
...

Thanks in advance



On 27 June 2014 23:15, Emmanuel Lécharny elecha...@gmail.com wrote:

 Le 27/06/2014 17:23, Maxim Solodovnik a écrit :
  Hello All,
 
  I would like to ask a question regarding establishing secure LDAP
  connection using Java API (1.0.0-M22
  http://directory.apache.org/api/downloads.html)
  http://directory.apache.org/api/user-guide/5-ldap-security.html
 contains no
  documentation
 
  Here is error log: http://pastebin.com/buKTicGu

 Mist certainly an invalid password, or an unknown user :

 LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
 v1db1 - (unknown username or bad password)

 (
 http://social.technet.microsoft.com/Forums/windowsserver/en-US/c1d8d706-a506-4973-9542-1e88a2a66ac0/ad-lds-and-locked-out-accounts-response-codes?forum=winserverDS
 )






-- 
WBR
Maxim aka solomax