Re: Weird error under java 17
Done https://issues.apache.org/jira/browse/DIR-341 sorry for delay :( On Thu, 28 Apr 2022 at 19:04, Emmanuel Lécharny wrote: > > Hi Maxim, > > glad it solve dthe issue. > > As noted, is just a workaround. Would you be kind and fill a JIRA to get > this fixed in a coming release ? > > Many thanks ! > > > On 28/04/2022 09:06, Maxim Solodovnik wrote: > > Hello Emmanuel, > > > > On Fri, 22 Apr 2022 at 03:07, Emmanuel Lécharny wrote: > >> > >> Hi Maxim, > >> > >> that is most certainly a side effect of Java 16 removal of some libs and > >> classes. > >> > >> You may try to launch the test with this added JVM argument: > >> > >> --add-opens=java.base/sun.security.x509=ALL-UNNAMED > > > > Thanks a million! > > > > --add-opens=java.base/sun.security.util=ALL-UNNAMED > > --add-opens=java.base/sun.security.x509=ALL-UNNAMED > > > > did the job :) > > > >> > >> In the long run, we might hae to migrate to Bouncy Castle for tjis > >> specific class. > >> > >> On 21/04/2022 11:48, Maxim Solodovnik wrote: > >>> Hello All, > >>> > >>> Everything works as expected under java 8/11 > >>> but I'm trying latest LTS right now :) > >>> > >>> and got following error: > >>> > >>> [ERROR] TestLdap » IllegalAccess class > >>> org.apache.directory.server.core.security.CertificateUtil (in unnamed > >>> module @0x4de8b406) cannot access class sun.security.x509.X500Name (in > >>> module java.base) because module java.base does not export > >>> sun.security.x509 to unnamed module @0x4de8b406 > >>> > >>> CertificateUtil is located in apacheds-core-2.0.0.AM26 > >>> > >>> I'm not sure how to address this :( > >>> Any help is appreciated :) > >>> > >>> > >> > >> -- > >> *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > >> T. +33 (0)4 89 97 36 50 > >> P. +33 (0)6 08 33 32 61 > >> emmanuel.lecha...@busit.com https://www.busit.com/ > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org > >> For additional commands, e-mail: users-h...@directory.apache.org > >> > > > > > > -- > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > T. +33 (0)4 89 97 36 50 > P. +33 (0)6 08 33 32 61 > emmanuel.lecha...@busit.com https://www.busit.com/ -- Best regards, Maxim - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Re: Weird error under java 17
Hello Emmanuel, On Fri, 22 Apr 2022 at 03:07, Emmanuel Lécharny wrote: > > Hi Maxim, > > that is most certainly a side effect of Java 16 removal of some libs and > classes. > > You may try to launch the test with this added JVM argument: > > --add-opens=java.base/sun.security.x509=ALL-UNNAMED Thanks a million! --add-opens=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED did the job :) > > In the long run, we might hae to migrate to Bouncy Castle for tjis > specific class. > > On 21/04/2022 11:48, Maxim Solodovnik wrote: > > Hello All, > > > > Everything works as expected under java 8/11 > > but I'm trying latest LTS right now :) > > > > and got following error: > > > > [ERROR] TestLdap » IllegalAccess class > > org.apache.directory.server.core.security.CertificateUtil (in unnamed > > module @0x4de8b406) cannot access class sun.security.x509.X500Name (in > > module java.base) because module java.base does not export > > sun.security.x509 to unnamed module @0x4de8b406 > > > > CertificateUtil is located in apacheds-core-2.0.0.AM26 > > > > I'm not sure how to address this :( > > Any help is appreciated :) > > > > > > -- > *Emmanuel Lécharny - CTO* 205 Promenade des Anglais – 06200 NICE > T. +33 (0)4 89 97 36 50 > P. +33 (0)6 08 33 32 61 > emmanuel.lecha...@busit.com https://www.busit.com/ > > - > To unsubscribe, e-mail: users-unsubscr...@directory.apache.org > For additional commands, e-mail: users-h...@directory.apache.org > -- Best regards, Maxim - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Weird error under java 17
Hello All, Everything works as expected under java 8/11 but I'm trying latest LTS right now :) and got following error: [ERROR] TestLdap » IllegalAccess class org.apache.directory.server.core.security.CertificateUtil (in unnamed module @0x4de8b406) cannot access class sun.security.x509.X500Name (in module java.base) because module java.base does not export sun.security.x509 to unnamed module @0x4de8b406 CertificateUtil is located in apacheds-core-2.0.0.AM26 I'm not sure how to address this :( Any help is appreciated :) -- Best regards, Maxim - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Re: Need help with LDAP test data
Thanks for the quick responses Why I started to looks at referrals: We are providing users with the config for setting up LDAP integration One of the config parameters is "Ldap deref mode (never, searching, finding, always)" which is mapped directly to AliasDerefMode enum And get this report https://markmail.org/message/n23y45supvgawxmw user state referrals are not followed in his config So I would like to write unit test for this :) I'll check all the links and hopefully will be able to do it :)) On Thu, 16 Apr 2020 at 11:10, Emmanuel Lécharny wrote: > > On 15/04/2020 19:48, Stefan Seelmann wrote: > > On 4/15/20 7:14 PM, Maxim Solodovnik wrote: > >> Thanks a lot for detailed response! > >> > >> My test LDAP server is created in java unit test > >> > https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/java/org/apache/openmeetings/ldap/TestLdap.java#L69 > >> > >> Shall I start 2 servers to test referrals? > > I don't think it's required, it totally valid that referrals point to > > the same server. > > You can set a referral on your own server. Just note that the search > request will be executed using the exact same base DN, which means > ultimately you are going to loop at some point... > > There are a few things to know though : > > - the Apache LDAP API does not support referral chasing (ie, you'll get > the URL, but the API will not try to search it, you'll have to do it) > > - as a consequence, the Apache LDAP API does not stop hoping over > referals after a limit (ie, just stop after 10 hops or whatever limit). > This is up to you to manage a cycle. > > see [1] and [2] > > > [1] > > https://issues.apache.org/jira/browse/DIRAPI-61?jql=text%20~%20%22chase%20referrals%22 > > [2] > https://issues.apache.org/jira/browse/DIRAPI-179?jql=text%20~%20%22chase%20referrals%22 > > > Emmanuel > > > - > To unsubscribe, e-mail: users-unsubscr...@directory.apache.org > For additional commands, e-mail: users-h...@directory.apache.org > > -- Best regards, Maxim
Re: Need help with LDAP test data
Thanks a lot for detailed response! My test LDAP server is created in java unit test https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/java/org/apache/openmeetings/ldap/TestLdap.java#L69 Shall I start 2 servers to test referrals? On Thu, 16 Apr 2020 at 00:04, Stefan Seelmann wrote: > On 4/15/20 4:56 PM, Maxim Solodovnik wrote: > > Current implementation is covered by unit tests (thanks again :)) > > But not my test LDAP [1] need to be tuned to have: > > 1) referral entry > > 2) binary attribute > > I would like to ask for the help with this > > > > is it possible to have referral in same ldif file? > > Do you have a single test LDAP server running? In that case it's still > possible to test referrals. > > You can inject an referal entry pointing to the same server, it looks > like in [2]. But you need to adjust the hostname and especially the port > of the ref attribute in code. Or you run the test LDAP server with a > fixed port instead of a dynamic/free one which may cause testing issues > if the port is already in use. > > Another option is to inject the referral entry via code like in [3]. > > > Is it possible to have binary data? if so is there any option to get mime > > type of this data? > > Binary data in LDIF is defined with 2 colons and the base64 encoded > value. Lines can be wrapped with one leading space for each wrapped > line. Example in [4]. > > There is no mime type in LDAP. But attributes types have a syntax which > defines the type of data (string, number), however in many cases like > jpegPhoto the syntax is just OctetString which is not very helpful and > often the data are gifs or bmps... > > Kind Regards, > Stefan > > [2] > > https://github.com/apache/directory-studio/blob/master/tests/test.integration.ui/src/main/resources/org/apache/directory/studio/test/integration/ui/BrowserTest.ldif#L280 > [3] > > https://github.com/apache/directory-studio/blob/master/tests/test.integration.core/src/main/java/org/apache/directory/studio/test/integration/core/DirectoryApiConnectionWrapperTest.java#L133 > [4] > > https://github.com/apache/directory-studio/blob/master/tests/test.integration.ui/src/main/resources/org/apache/directory/studio/test/integration/ui/EntryEditorTest.ldif#L28 > > > > - > To unsubscribe, e-mail: users-unsubscr...@directory.apache.org > For additional commands, e-mail: users-h...@directory.apache.org > > -- Best regards, Maxim
Need help with LDAP test data
Hello, I'm not LDAP expert but until now was able to provide users of our project with working LDAP integration (thanks to your ldap-api library) Current implementation is covered by unit tests (thanks again :)) But not my test LDAP [1] need to be tuned to have: 1) referral entry 2) binary attribute I would like to ask for the help with this is it possible to have referral in same ldif file? Is it possible to have binary data? if so is there any option to get mime type of this data? maybe someone has example? :)) [1] https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif -- Best regards, Maxim
Re: Directory project big maneuvers...
Hello Emmanuel, I'm currently using latest 2.0.0.AM26-SNAPSHOT of apacheds-test-framework And getting following error while trying to load .ldif file with test users ( https://github.com/apache/openmeetings/blob/master/openmeetings-web/src/test/resources/schema/users.ldif ) Can someone please help me get rid of this error? Caused by: java.lang.IllegalArgumentException: ERR_13247_INVALID_VALUE_CANT_NORMALIZE Invalid upValue, it can't be normalized at org.apache.directory.api.ldap.model.entry.Value.(Value.java:274) at org.apache.directory.api.ldap.model.entry.DefaultAttribute.createStringValue(DefaultAttribute.java:457) at org.apache.directory.api.ldap.model.entry.DefaultAttribute.add(DefaultAttribute.java:1130) at org.apache.directory.api.ldap.model.entry.DefaultAttribute.(DefaultAttribute.java:254) at org.apache.directory.api.ldap.model.entry.DefaultAttribute.(DefaultAttribute.java:227) at org.apache.directory.api.ldap.model.entry.DefaultEntry.createAttribute(DefaultEntry.java:588) at org.apache.directory.api.ldap.model.entry.DefaultEntry.add(DefaultEntry.java:848) at org.apache.directory.api.ldap.model.entry.DefaultEntry.add(DefaultEntry.java:978) at org.apache.directory.api.ldap.model.ldif.LdifEntry.addAttribute(LdifEntry.java:537) at org.apache.directory.api.ldap.model.ldif.LdifReader.parseAttributeValue(LdifReader.java:1033) at org.apache.directory.api.ldap.model.ldif.LdifReader.parseEntry(LdifReader.java:1589) at org.apache.directory.api.ldap.model.ldif.LdifReader.parseLdif(LdifReader.java:2135) at org.apache.directory.api.ldap.model.ldif.LdifReader.parseLdifFile(LdifReader.java:1869) On Thu, 20 Jun 2019 at 22:31, Emmanuel Lécharny wrote: > Hi ! > > > for those who are following what's going on at Directory, and especially > those trying to extend the project (thinking about Raju), we are > currently working hard trying to close a LDAP API release, ApacheDS > release, and Studio release. This comes with a price to pay: a bit of > instability, a lot of git pull and some associated burden. > > The LDAP API project is pretty much in good shape. We had a release a > couple of weeks ago, and some other changes are under way. We could > pretty well be able to cut a 2.0.0-RC1 soon. > > ApacheDS is in a more complex situation. There are 391 opened issues > (most of them are already postponed to 2.1: 250 actually). If we focus > on issues opened for 2.0.0.AM26, we are taking about 30 issues, 121 if > we include 2.0.0-RC1. This is a loty of work, but we have already fixed > more or less 30 issues in the last 2 weeks. > > Stefan is trying his best to follow up - and is pretty successful in > that, considering all the pain we create for him ;-) -and Studio is also > in a good shape.Hopefully, it will be released very soon after ApacheDS > and LDAP-API will be released. > > Fortress migration to 2.0 should not be that problematic. > > > I expect that in the coming weeks we will be able to have a decent > ApacheDS release, with fixed installers (this is the main burden atm). > > That's it, feel free to add something to what I just wrote, Stefan, > Colm, Shawn or anyone ! > > > Emmanuel > > > - > To unsubscribe, e-mail: api-unsubscr...@directory.apache.org > For additional commands, e-mail: api-h...@directory.apache.org > > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
Looks good :) Thanks for the help! On Thu, 1 Nov 2018 at 19:35, Stefan Seelmann wrote: > On 11/1/18 4:07 AM, Maxim Solodovnik wrote: > > BTW why versions for api-all and apacheds-test-framework are not aligned? > > Because the LDAP API (LDAP client and shared libraries) and ApacheDS > (LDAP server) are different projects with their own release cycles :) > > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
Works for me so far on Apache Jenkins :) We'll see :) BTW why versions for api-all and apacheds-test-framework are not aligned? On Wed, 31 Oct 2018 at 20:30, Adam Levine wrote: > As a side note: > I was doing a new install recently and decided I would use AM25. > > I don't know if I simply corrupted a file unknowingly, or raised an > obscure bug in ADStudio... at any rate, using the Studio to add new > partitions caused AS to fail to restart. Somewhere the new partitions were > not properly put in place. I was able to repeat this several times. > > I went back down to 24, and had no problems. > > I was going to file a bug for AS/ASD, but was unable to recreate my > failures again, and I tried several times. > > The point of this email is to keep this in mind if you see corruption after > restarting 25 with new partitions. > > Cheers > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
Here is it: https://pastebin.com/pbHs3U24 Please let me know if anything need to be changed :) On Tue, 30 Oct 2018 at 19:59, Maxim Solodovnik wrote: > Hello Stefan, > > sorry for personal replies (I just hit 'Reply All') > > Thanks a lot for the link to apacheds-test-framework > It works as expected and contains all necessary classes (including > `CreateLdapServerRule`) > So I was able to create my first tests :) > > Our application uses `api-all` to communicate with LDAP server > This is why I have "schema conflict" > > I'll try to contribute to 7-embedding-apacheds.mdtext > <https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext> > later > today/tomorrow (was unable to find git repo for site) so will send complete > file > > Thanks a lot for the help! > > > On Tue, 30 Oct 2018 at 02:12, Stefan Seelmann > wrote: > >> On 10/29/18 1:29 PM, Maxim Solodovnik wrote: >> > Thanks for the answer Stefan, >> > >> > I'm trying to write my first test >> > >> > Here are some findings and questions: >> > >> > 1) It seems `org.apache.directory.api:api-all` and >> > `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif >> > bundled, is it safe to exclude api-ldap-schema-data from >> > `org.apache.directory.server:apacheds-server-integ` ? >> >> As written in the other mail, please don't use server-integ or >> core-integ as dependency, but apacheds-test-framework. >> >> I guess the duplication is because api-all is a fat jar which contains >> all other api modules and dependences (using maven-shade-plugin). But >> it's strange that you have api-all, I don't see it as dependency in >> server-integ (using mvn dependency:tree)... >> > > > -- > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
Hello Stefan, sorry for personal replies (I just hit 'Reply All') Thanks a lot for the link to apacheds-test-framework It works as expected and contains all necessary classes (including `CreateLdapServerRule`) So I was able to create my first tests :) Our application uses `api-all` to communicate with LDAP server This is why I have "schema conflict" I'll try to contribute to 7-embedding-apacheds.mdtext <https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext> later today/tomorrow (was unable to find git repo for site) so will send complete file Thanks a lot for the help! On Tue, 30 Oct 2018 at 02:12, Stefan Seelmann wrote: > On 10/29/18 1:29 PM, Maxim Solodovnik wrote: > > Thanks for the answer Stefan, > > > > I'm trying to write my first test > > > > Here are some findings and questions: > > > > 1) It seems `org.apache.directory.api:api-all` and > > `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif > > bundled, is it safe to exclude api-ldap-schema-data from > > `org.apache.directory.server:apacheds-server-integ` ? > > As written in the other mail, please don't use server-integ or > core-integ as dependency, but apacheds-test-framework. > > I guess the duplication is because api-all is a fat jar which contains > all other api modules and dependences (using maven-shade-plugin). But > it's strange that you have api-all, I don't see it as dependency in > server-integ (using mvn dependency:tree)... > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
It seems it is possible to use multiple DN in one ldif file I guess my issue was caused by the fact I have created dn: dc=org dn: dc.apache,dc=org in my ldif file, and these DNs seems to be autocreated by ApacheDS So the only issue remain is: missing sources in maven artifacts :) Do you think creating @Rule and/or reusable parts out of FrameworkRunner worth PR? Or maybe there are some better options? On Mon, 29 Oct 2018 at 22:45, Maxim Solodovnik wrote: > And one more question (hope I'm not asking too much :))) > > Is it possible to use embedded LdapServer without using @RunWith ? > I'm already using @RunWith(SpringJUnit4ClassRunner.class) and it seems > "There can be the only one (c)" :) > > Here is the example how @RunWith can be converted to @Rule > Maybe common code can be extracted to satisfy both approaches? > > > On Mon, 29 Oct 2018 at 20:17, Maxim Solodovnik > wrote: > >> Please disregard question #2, It seems to be possible to have only one >> partition :) >> >> What version of apacheds-core-integ >> <https://mvnrepository.com/artifact/org.apache.directory.server/apacheds-core-integ> >> should >> I use? AM25 seems to be the latest, but its sources artifact somehow >> contains sources for 1 java file only :( is this known issue? (just double >> checked [1]) >> >> [1] >> http://central.maven.org/maven2/org/apache/directory/server/apacheds-core-integ/2.0.0.AM25/ >> >> On Mon, 29 Oct 2018 at 19:29, Maxim Solodovnik >> wrote: >> >>> Thanks for the answer Stefan, >>> >>> I'm trying to write my first test >>> >>> Here are some findings and questions: >>> >>> 1) It seems `org.apache.directory.api:api-all` and >>> `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif >>> bundled, is it safe to exclude api-ldap-schema-data from >>> `org.apache.directory.server:apacheds-server-integ` ? >>> >>> 2) it seems it is impossible to have more than 1 DN in ldif file being >>> loaded with @ApplyLdifFiles. And as far as I understand from >>> logs @CreatePartition is required for every DN, is this correct? >>> >>> 3) Maybe simple test with working config is available somewhere? >>> >>> I'll try to create PR for docs as soon as my first test will work :) >>> >>> >>> >>> On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann >>> wrote: >>> >>>> Hi Maxim, >>>> >>>> we no longer use the Confluence wiki for maintaining the documentation. >>>> All the pages there are really old (your example was updated 2010), and >>>> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be >>>> deleted or at least marked as "outdated", let's discuss and decide that >>>> in a separate thread. >>>> >>>> Documentation was moved to the Apache CMS, but is far from being >>>> completed. The page you refer should probably be below [1] but is empty. >>>> So if you want to help better move it there, the source is [2]. As you >>>> see, documentation is not in a good shape, help is very appreciated. >>>> >>>> Kind Regards, >>>> Stefan >>>> >>>> [1] >>>> >>>> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html >>>> [2] >>>> >>>> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext >>>> >>>> >>>> On 10/28/18 4:27 PM, Maxim Solodovnik wrote: >>>> > Hello Emmanuel, >>>> > >>>> > It seems this wiki page >>>> > >>>> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests >>>> > Have broken formatting >>>> > Can you please fix it? >>>> > Or I can try to do it (but currently don't have enough karma :( ) >>>> > >>>> > Thanks in advance! >>>> > >>>> >>>> >>> >>> -- >>> WBR >>> Maxim aka solomax >>> >> >> >> -- >> WBR >> Maxim aka solomax >> > > > -- > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
And one more question (hope I'm not asking too much :))) Is it possible to use embedded LdapServer without using @RunWith ? I'm already using @RunWith(SpringJUnit4ClassRunner.class) and it seems "There can be the only one (c)" :) Here is the example how @RunWith can be converted to @Rule Maybe common code can be extracted to satisfy both approaches? On Mon, 29 Oct 2018 at 20:17, Maxim Solodovnik wrote: > Please disregard question #2, It seems to be possible to have only one > partition :) > > What version of apacheds-core-integ > <https://mvnrepository.com/artifact/org.apache.directory.server/apacheds-core-integ> > should > I use? AM25 seems to be the latest, but its sources artifact somehow > contains sources for 1 java file only :( is this known issue? (just double > checked [1]) > > [1] > http://central.maven.org/maven2/org/apache/directory/server/apacheds-core-integ/2.0.0.AM25/ > > On Mon, 29 Oct 2018 at 19:29, Maxim Solodovnik > wrote: > >> Thanks for the answer Stefan, >> >> I'm trying to write my first test >> >> Here are some findings and questions: >> >> 1) It seems `org.apache.directory.api:api-all` and >> `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif >> bundled, is it safe to exclude api-ldap-schema-data from >> `org.apache.directory.server:apacheds-server-integ` ? >> >> 2) it seems it is impossible to have more than 1 DN in ldif file being >> loaded with @ApplyLdifFiles. And as far as I understand from >> logs @CreatePartition is required for every DN, is this correct? >> >> 3) Maybe simple test with working config is available somewhere? >> >> I'll try to create PR for docs as soon as my first test will work :) >> >> >> >> On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann >> wrote: >> >>> Hi Maxim, >>> >>> we no longer use the Confluence wiki for maintaining the documentation. >>> All the pages there are really old (your example was updated 2010), and >>> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be >>> deleted or at least marked as "outdated", let's discuss and decide that >>> in a separate thread. >>> >>> Documentation was moved to the Apache CMS, but is far from being >>> completed. The page you refer should probably be below [1] but is empty. >>> So if you want to help better move it there, the source is [2]. As you >>> see, documentation is not in a good shape, help is very appreciated. >>> >>> Kind Regards, >>> Stefan >>> >>> [1] >>> >>> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html >>> [2] >>> >>> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext >>> >>> >>> On 10/28/18 4:27 PM, Maxim Solodovnik wrote: >>> > Hello Emmanuel, >>> > >>> > It seems this wiki page >>> > >>> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests >>> > Have broken formatting >>> > Can you please fix it? >>> > Or I can try to do it (but currently don't have enough karma :( ) >>> > >>> > Thanks in advance! >>> > >>> >>> >> >> -- >> WBR >> Maxim aka solomax >> > > > -- > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
Please disregard question #2, It seems to be possible to have only one partition :) What version of apacheds-core-integ <https://mvnrepository.com/artifact/org.apache.directory.server/apacheds-core-integ> should I use? AM25 seems to be the latest, but its sources artifact somehow contains sources for 1 java file only :( is this known issue? (just double checked [1]) [1] http://central.maven.org/maven2/org/apache/directory/server/apacheds-core-integ/2.0.0.AM25/ On Mon, 29 Oct 2018 at 19:29, Maxim Solodovnik wrote: > Thanks for the answer Stefan, > > I'm trying to write my first test > > Here are some findings and questions: > > 1) It seems `org.apache.directory.api:api-all` and > `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif > bundled, is it safe to exclude api-ldap-schema-data from > `org.apache.directory.server:apacheds-server-integ` ? > > 2) it seems it is impossible to have more than 1 DN in ldif file being > loaded with @ApplyLdifFiles. And as far as I understand from > logs @CreatePartition is required for every DN, is this correct? > > 3) Maybe simple test with working config is available somewhere? > > I'll try to create PR for docs as soon as my first test will work :) > > > > On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann > wrote: > >> Hi Maxim, >> >> we no longer use the Confluence wiki for maintaining the documentation. >> All the pages there are really old (your example was updated 2010), and >> refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be >> deleted or at least marked as "outdated", let's discuss and decide that >> in a separate thread. >> >> Documentation was moved to the Apache CMS, but is far from being >> completed. The page you refer should probably be below [1] but is empty. >> So if you want to help better move it there, the source is [2]. As you >> see, documentation is not in a good shape, help is very appreciated. >> >> Kind Regards, >> Stefan >> >> [1] >> >> https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html >> [2] >> >> https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext >> >> >> On 10/28/18 4:27 PM, Maxim Solodovnik wrote: >> > Hello Emmanuel, >> > >> > It seems this wiki page >> > >> https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests >> > Have broken formatting >> > Can you please fix it? >> > Or I can try to do it (but currently don't have enough karma :( ) >> > >> > Thanks in advance! >> > >> >> > > -- > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
Re: Broken formatting in Wiki
Thanks for the answer Stefan, I'm trying to write my first test Here are some findings and questions: 1) It seems `org.apache.directory.api:api-all` and `org.apache.directory.api:api-ldap-schema-data` have conflicting ldif bundled, is it safe to exclude api-ldap-schema-data from `org.apache.directory.server:apacheds-server-integ` ? 2) it seems it is impossible to have more than 1 DN in ldif file being loaded with @ApplyLdifFiles. And as far as I understand from logs @CreatePartition is required for every DN, is this correct? 3) Maybe simple test with working config is available somewhere? I'll try to create PR for docs as soon as my first test will work :) On Sun, 28 Oct 2018 at 23:01, Stefan Seelmann wrote: > Hi Maxim, > > we no longer use the Confluence wiki for maintaining the documentation. > All the pages there are really old (your example was updated 2010), and > refer to ApacheDS 1.5 instead of 2.0. Maybe the wiki pages should be > deleted or at least marked as "outdated", let's discuss and decide that > in a separate thread. > > Documentation was moved to the Apache CMS, but is far from being > completed. The page you refer should probably be below [1] but is empty. > So if you want to help better move it there, the source is [2]. As you > see, documentation is not in a good shape, help is very appreciated. > > Kind Regards, > Stefan > > [1] > https://directory.apache.org/apacheds/advanced-ug/7-embedding-apacheds.html > [2] > > https://svn.apache.org/repos/asf/directory/site/trunk/content/apacheds/advanced-ug/7-embedding-apacheds.mdtext > > > On 10/28/18 4:27 PM, Maxim Solodovnik wrote: > > Hello Emmanuel, > > > > It seems this wiki page > > > https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests > > Have broken formatting > > Can you please fix it? > > Or I can try to do it (but currently don't have enough karma :( ) > > > > Thanks in advance! > > > > -- WBR Maxim aka solomax
Broken formatting in Wiki
Hello Emmanuel, It seems this wiki page https://cwiki.apache.org/confluence/display/DIRxSRVx11/4.2.+Using+ApacheDS+for+unit+tests Have broken formatting Can you please fix it? Or I can try to do it (but currently don't have enough karma :( ) Thanks in advance! -- WBR Maxim aka solomax
Re: The length of controls must not be null
Sure Thanks a lot for the investigation! On Mon, Apr 3, 2017 at 9:58 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le 03/04/2017 à 14:22, Maxim Solodovnik a écrit : >> Yes, >> Search for the user from OM (via directory API) fails with >> "DecoderException: The length of controls must not be null" >> (The full stack trace is in the first message of this thread) > > > > Sorry that it took me so understand what was going on. The stack trace > is clear a control should not be null. We do have a null control in the > SearcResultDone : > > 30 0e 02 01 02 65 07 0a 01 00 04 00 04 00 a0 00 > > which is : > > 30 0e LdapMessage > 02 01 02Message ID : 02 > 65 07 ProtocolOp : SearchResultDone > 0a 01 00 LDAPResult.resultCode : LDAP_SUCCESS > 04 00 LDAPResult.matchedDN : "" > 04 00 LDAPResult.errorMessage : "" > a0 00 Controls : empty > > > Going back to RFC 4511 : > > LDAPMessage ::= SEQUENCE { > messageID MessageID, > protocolOp CHOICE { > ... > searchResDone SearchResultDone, > ..., > intermediateResponse IntermediateResponse }, > controls [0] Controls OPTIONAL } > > We may have no controls, as it's optional. In this case, the 0xA0 ... > part at the end will simply not exist. Let's see what is Controls > structure : > > Controls ::= SEQUENCE OF control Control > > > Here, if the SEQUENCE is empty, the encoded bytes for the length wll be > 0x00, so we will have 0xA0 0x00. > > The Controls code in the API is : > > public void action( LdapMessageContainer<MessageDecorator Message>> container ) throws DecoderException > { > TLV tlv = container.getCurrentTLV(); > int expectedLength = tlv.getLength(); > > // The Length should be null > if ( expectedLength == 0 ) > { > LOG.error( "The length of controls must not be null" ); > > // This will generate a PROTOCOL_ERROR > throw new DecoderException( "The length of controls must not > be null" ); > } > > if ( IS_DEBUG ) > { > LOG.debug( "A new list of controls has been initialized" ); > } > } > > > As you can see, there are two errors : > - the comment is wrong and should read : "The Length should *not* be null > - the length could actually be null > > Bottom line, this is a bug that need to be fixed, and I'll do that ASAP. > > May I ask you to filla JIRA with your first mail ad the stack trace for > clarity ? > > Thanks ! > > -- > Emmanuel Lecharny > > Symas.com > directory.apache.org > -- WBR Maxim aka solomax
Re: The length of controls must not be null
Yes, Search for the user from OM (via directory API) fails with "DecoderException: The length of controls must not be null" (The full stack trace is in the first message of this thread) On Mon, Apr 3, 2017 at 7:19 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > Hi Maxim, > > > I checked both pcap files, they seems to be ok (except that they are > truncated). > > > The difference bewteen the ldapSearch pcap file and the om pcap file is > that there is a unbind in the ldapSearch one, but otherwise, there is no > control in any of them. > > > Did you get the error with 'om' ? > > > > Le 29/03/2017 à 12:22, Maxim Solodovnik a écrit : >> Hello Emmanuel, >> >> Here are 2 dumps: one made by ldapsearch tool, other made by directory java >> API >> https://yadi.sk/d/fl2jDtBQ3GSuuq >> >> Hope this helps >> >> BTW everything works as expected with recent Samba >> >> On Sat, Mar 25, 2017 at 12:18 AM, Maxim Solodovnik <solomax...@gmail.com> >> wrote: >>> Thanks for the quick answer >>> I'll ask issue reported to capture request/response with whireshark and >>> share it >>> >>> >>> On Sat, Mar 25, 2017 at 12:14 AM, Emmanuel Lécharny <elecha...@gmail.com> >>> wrote: >>>> Hi Maxim, >>>> >>>> >>>> sorry, but the dump does not make a lot of sense. All that I can tell is >>>> that the end of this dump looks like some SearchResultEntry : >>>> >>>> 30 2B >>>> 04 0E >>>> msTSManagingLS >>>> 31 19 >>>> 04 17 >>>> 00455-001-9680336-84768 >>>> >>>> 30 1E >>>> 04 12 >>>> msTSLicenseVersion >>>> 31 08 >>>> 04 06 >>>> 33 39 33 32 31 36 >>>> >>>> 30 27 >>>> 04 0E >>>> msRSEpireDate >>>> 31 15 >>>> 04 13 >>>> 20170506060320.000Z >>>> >>>> 30 22 >>>> 04 0B >>>> whenChanged >>>> 31 13 >>>> 04 11 >>>> 20170307060321.0Z >>>> >>>> 30 17 >>>> 04 0A >>>> uSNChanged >>>> 31 09 >>>> 04 07 >>>> 1409108 >>>> >>>> 30 4B >>>> 04 11 >>>> d i s t i n g u i s h e d N a m e >>>> 31 36 >>>> 04 34 >>>> CN=keycoll,OU=Service,OU=Holding,dc=company,DC=local >>>> >>>> >>>> And that there is a SearchResultDone at the very end : >>>> >>>> >>>> 30 0E >>>> 02 01 03 >>>> e(65) 07 SearchResultDone >>>> 0A 01 00 >>>> 04 00 >>>> 04 00 >>>> A0 00 >>>> >>>> >>>> but everything before is pretty much garbage (with some 2bytes chars in >>>> it.) >>>> >>>> >>>> What would be valuable is to capture some PDU with Wireshark. That would >>>> be much better. >>>> >>>> >>>> -- >>>> Emmanuel Lecharny >>>> >>>> Symas.com >>>> directory.apache.org >>>> >>> >>> >>> -- >>> WBR >>> Maxim aka solomax >> >> > > -- > Emmanuel Lecharny > > Symas.com > directory.apache.org > -- WBR Maxim aka solomax
Re: The length of controls must not be null
Hello Emmanuel, Here are 2 dumps: one made by ldapsearch tool, other made by directory java API https://yadi.sk/d/fl2jDtBQ3GSuuq Hope this helps BTW everything works as expected with recent Samba On Sat, Mar 25, 2017 at 12:18 AM, Maxim Solodovnik <solomax...@gmail.com> wrote: > Thanks for the quick answer > I'll ask issue reported to capture request/response with whireshark and > share it > > > On Sat, Mar 25, 2017 at 12:14 AM, Emmanuel Lécharny <elecha...@gmail.com> > wrote: >> >> Hi Maxim, >> >> >> sorry, but the dump does not make a lot of sense. All that I can tell is >> that the end of this dump looks like some SearchResultEntry : >> >> 30 2B >> 04 0E >> msTSManagingLS >> 31 19 >> 04 17 >> 00455-001-9680336-84768 >> >> 30 1E >> 04 12 >> msTSLicenseVersion >> 31 08 >> 04 06 >> 33 39 33 32 31 36 >> >> 30 27 >> 04 0E >> msRSEpireDate >> 31 15 >> 04 13 >> 20170506060320.000Z >> >> 30 22 >> 04 0B >> whenChanged >> 31 13 >> 04 11 >> 20170307060321.0Z >> >> 30 17 >> 04 0A >> uSNChanged >> 31 09 >> 04 07 >> 1409108 >> >> 30 4B >> 04 11 >> d i s t i n g u i s h e d N a m e >> 31 36 >> 04 34 >> CN=keycoll,OU=Service,OU=Holding,dc=company,DC=local >> >> >> And that there is a SearchResultDone at the very end : >> >> >> 30 0E >> 02 01 03 >> e(65) 07 SearchResultDone >> 0A 01 00 >> 04 00 >> 04 00 >> A0 00 >> >> >> but everything before is pretty much garbage (with some 2bytes chars in >> it.) >> >> >> What would be valuable is to capture some PDU with Wireshark. That would >> be much better. >> >> >> -- >> Emmanuel Lecharny >> >> Symas.com >> directory.apache.org >> > > > > -- > WBR > Maxim aka solomax -- WBR Maxim aka solomax
Re: The length of controls must not be null
Thanks for the quick answer I'll ask issue reported to capture request/response with whireshark and share it On Sat, Mar 25, 2017 at 12:14 AM, Emmanuel Lécharnywrote: > Hi Maxim, > > > sorry, but the dump does not make a lot of sense. All that I can tell is > that the end of this dump looks like some SearchResultEntry : > > 30 2B > 04 0E > msTSManagingLS > 31 19 > 04 17 > 00455-001-9680336-84768 > > 30 1E > 04 12 > msTSLicenseVersion > 31 08 > 04 06 > 33 39 33 32 31 36 > > 30 27 > 04 0E > msRSEpireDate > 31 15 > 04 13 > 20170506060320.000Z > > 30 22 > 04 0B > whenChanged > 31 13 > 04 11 > 20170307060321.0Z > > 30 17 > 04 0A > uSNChanged > 31 09 > 04 07 > 1409108 > > 30 4B > 04 11 > d i s t i n g u i s h e d N a m e > 31 36 > 04 34 > CN=keycoll,OU=Service,OU=Holding,dc=company,DC=local > > > And that there is a SearchResultDone at the very end : > > > 30 0E > 02 01 03 > e(65) 07 SearchResultDone > 0A 01 00 > 04 00 > 04 00 > A0 00 > > > but everything before is pretty much garbage (with some 2bytes chars in > it.) > > > What would be valuable is to capture some PDU with Wireshark. That would > be much better. > > > -- > Emmanuel Lecharny > > Symas.com > directory.apache.org > > -- WBR Maxim aka solomax
The length of controls must not be null
Hello All, We are using directory API 1.0.0-RC2 to perform LDAP queries One of our users uses Samba 4.0.0alpha10 as LDAP server And report he got weird stacktrace (sorry for the huge hex dump): Maybe you can say what is wrong based on this dump? The original report is in Russian, I can provide the link to it if you like to Thanks in advance for the help! [ERROR] [NioProcessor-66] org.apache.directory.api.ldap. codec.actions.controls.InitControls - The length of controls must not be null WARN 03-24 10:54:10.115 LdapNetworkConnection.java 68766033 1912 org.apache.directory.ldap.client.api.LdapNetworkConnection [NioProcessor-66] - org.apache.directory.api.ldap.codec.api.ResponseCarryingException: The length of controls must not be null (Hexdump: 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 50 00 06 00 1A 00 08 00 01 00 43 00 74 00 78 00 43 00 66 00 67 00 50 00 72 00 65 00 73 00 65 00 6E 00 74 00 35 35 31 65 30 62 62 30 18 00 08 00 01 00 43 00 74 00 78 00 43 00 66 00 67 00 46 00 6C 00 61 00 67 00 73 00 31 00 30 30 66 30 65 30 65 37 12 00 08 00 01 00 43 00 74 00 78 00 53 00 68 00 61 00 64 00 6F 00 77 00 30 32 30 30 30 30 30 30 2A 00 02 00 01 00 43 00 74 00 78 00 4D 00 69 00 6E 00 45 00 6E 00 63 00 72 00 79 00 70 00 74 00 69 00 6F 00 6E 00 4C 00 65 00 76 00 65 00 6C 00 30 31 20 00 54 00 01 00 43 00 74 00 78 00 57 00 6F 00 72 00 6B 00 44 00 69 00 72 00 65 00 63 00 74 00 6F 00 72 00 79 00 34 33 33 61 35 63 35 30 37 32 36 66 36 37 37 32 36 31 36 64 32 30 34 36 36 39 36 63 36 35 37 33 32 30 32 38 37 38 33 38 33 36 32 39 35 63 34 62 36 35 37 39 34 33 36 66 36 63 36 63 36 35 36 33 37 34 36 66 37 32 35 37 35 30 34 36 34 38 34 34 34 34 30 30 22 00 7C 00 01 00 43 00 74 00 78 00 49 00 6E 00 69 00 74 00 69 00 61 00 6C 00 50 00 72 00 6F 00 67 00 72 00 61 00 6D 00 34 33 33 61 35 63 35 30 37 32 36 66 36 37 37 32 36 31 36 64 32 30 34 36 36 39 36 63 36 35 37 33 32 30 32 38 37 38 33 38 33 36 32 39 35 63 34 62 36 35 37 39 34 33 36 66 36 63 36 63 36 35 36 33 37 34 36 66 37 32 35 37 35 30 34 36 34 38 34 34 34 34 35 63 34 62 36 35 37 39 34 33 36 66 36 63 36 63 36 35 36 33 37 34 36 66 37 32 35 37 35 30 34 36 32 65 36 35 37 38 36 35 30 30 22 0A 41 00 00 00 00 00 00 00 00 00 00 00 70 B3 76 0A 00 00 00 00 00 00 00 00 00 00 00 00 28 FF 83 08 08 00 00 00 70 0C 15 E8 00 00 00 00 78 B4 2E 0A 00 00 00 00 6B 65 79 63 6F 6C 6C 00 00 00 00 00 41 00 00 00 70 B3 76 0A A8 9B C8 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 98 9B C8 0A 0A 00 00 00 70 0C 15 E8 00 00 00 00 D0 98 C8 0A 00 00 00 00 67 69 76 65 6E 4E 61 6D 65 00 79 08 41 00 00 00 68 9B C8 0A 28 9C C8 0A 00 00 00 00 E8 9B C8 0A 00 00 00 00 00 00 00 00 8D A0 7E 08 08 00 00 00 70 0C 15 E8 00 00 00 00 00 00 00 00 00 00 00 00 18 9C C8 0A 07 00 00 00 73 0C 15 E8 41 00 00 00 00 00 00 00 00 00 00 00 A8 9B C8 0A 00 00 00 00 00 00 00 00 00 00 00 00 28 FF 83 08 08 00 00 00 70 0C 15 E8 00 00 00 00 F8 19 79 08 01 00 00 00 6B 65 79 63 6F 6C 6C 00 61 63 6B 22 49 00 00 00 A8 9B C8 0A 70 9C C8 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 9C C8 0A 0D 00 00 00 70 0C 15 E8 00 00 00 00 73 0C 15 E8 00 00 00 00 69 6E 73 74 61 6E 63 65 54 79 70 65 00 00 00 00 98 9A B4 0A 41 00 00 00 28 9C C8 0A A8 EB 1D 0A 00 00 00 00 B0 9C C8 0A 00 00 00 00 00 00 00 00 8D A0 7E 08 08 00 00 00 70 0C 15 E8 00 00 00 00 5C 70 69 70 65 5C 73 70 E0 9C C8 0A 01 00 00 00 00 00 00 00 39 00 00 00 00 00 00 00 00 00 00 00 70 9C C8 0A 00 00 00 00 00 00 00 00 00 00 00 00 28 FF 83 08 02 00 00 00 70 0C 15 E8 00 00 00 00 73 0C 15 E8 00 00 00 00 34 00 15 E8 19 00 00 00 80 98 C8 0A 78 C3 9B 0A 80 9D 08 0A 94 47 8E 08 18 00 00 00 18 00 00 00 00 00 00 00 AC 6B 0C 0A B4 6B 0C 0A 10 AD CE 0A A4 72 00 00 19 00 00 00 43 4F 4D 50 41 4E 59 2E 4C 4F 43 41 4C 00 20 20 2B 1C F2 E8 41 00 00 00 00 00 00 00 00 00 00 00 D8 86 0C 0A 00 00 00 00 00 00 00 00 30 2B 04 0E 6D 73 54 53 4D 61 6E 61 67 69 6E 67 4C 53 31 19 04 17 30 30 34 37 37 2D 30 30 31 2D 39 36 38 30 33 33 36 2D 38 34 37 36 38 30 1E 04 12 6D 73 54 53 4C 69 63 65 6E 73 65 56 65 72 73 69 6F 6E 31 08 04 06 33 39 33 32 31 36 30 27 04 0E 6D 73 54 53 45 78 70 69 72 65 44 61 74 65 31 15 04 13 32 30 31 37 30 35 30 36 30 36 30 33 32 30 2E 30 30 30 5A 30 22 04 0B 77 68 65 6E 43 68 61 6E 67 65 64 31 13 04 11 32 30 31 37 30 33 30 37 30 36 30 33 32 31 2E 30 5A 30 17 04 0A 75 53 4E 43 68 61 6E 67 65 64 31 09 04 07 31 34 30 39 31 30 38 30 4B 04 11 64 69 73 74 69 6E 67 75 69 73 68 65 64 4E 61 6D 65 31 36 04 34 43 4E 3D 6B 65 79 63 6F 6C 6C 2C 4F 55 3D 53 65 72 76 69 63 65 2C 4F 55 3D 48 6F 6C 64 69 6E 67 2C 44 43 3D 63 6F 6D 70 61 6E 79 2C 44 43 3D 6C 6F 63 61 6C 30 0E 02 01 03 65 07 0A 01 00 04 00 04 00 A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Maybe Cursor should also extends Closable
Hello All, As I can see in latest directory-api sources interface Cursor extends Iterable Maybe it worth to be changed to interface Cursor extends Iterable, Closable This way will be no need to declare void close(); explicitly Also It will be possible to use try (EntryCursor cursor = new EntryCursorImpl(...)) { } catch (...) { } constructs WDYT? not sure maybe this question better fits dev@ list -- WBR Maxim aka solomax
parse DN using directory API
Hello, Is it possible to parse DN as string using directory API? I found couple of methods but they private or package protected :( Thanks in advance PS using 1.0.0-M31 -- WBR Maxim aka solomax
Re: parse DN using directory API
Here is the use case I read memberOf attributes of user (MS AD version), interpret it as String, and then need to parse it as Dn. Currently I can't use FastDnParser.parse and need to "re-invent the weel". Maybe I misuse the API? On Fri, Sep 4, 2015 at 5:29 PM, Kiran Ayyagari <kayyag...@apache.org> wrote: > On Fri, Sep 4, 2015 at 7:14 PM, Maxim Solodovnik <solomax...@gmail.com> > wrote: > > > Hello, > > > > Is it possible to parse DN as string using directory API? I found couple > of > > > hmm, can you elaborate on what you are trying to do > > > methods but they private or package protected :( > > > sure we can do that based on the usecase > > > > Thanks in advance > > > > PS using 1.0.0-M31 > > > > -- > > WBR > > Maxim aka solomax > > > > > > -- > Kiran Ayyagari > http://keydap.com > -- WBR Maxim aka solomax
Re: parse DN using directory API
I need to extract group name from the Dn returned, so iterating through the Rdns is sufficient right now :) On Fri, Sep 4, 2015 at 6:18 PM, Maxim Solodovnik <solomax...@gmail.com> wrote: > My bad :( > I thought "public Dn( SchemaManager schemaManager, String... upRdns )" > only accepts pairs "XY=ASDFG" > sorry for the noise :( > > On Fri, Sep 4, 2015 at 6:15 PM, Emmanuel Lécharny <elecha...@gmail.com> > wrote: > >> Le 04/09/15 14:09, Kiran Ayyagari a écrit : >> > On Fri, Sep 4, 2015 at 8:05 PM, Maxim Solodovnik <solomax...@gmail.com> >> > wrote: >> > >> >> Here is the use case >> >> I read memberOf attributes of user (MS AD version), interpret it as >> String, >> >> and then need to parse it as Dn. Currently I can't use >> FastDnParser.parse >> >> and need to "re-invent the weel". >> >> >> > you can just create a DN using new Dn(dnStr) >> > and that internally parses it. >> > >> > The only downside of the above method is that the DN is not schema aware >> >> But once you have done that, you can iterate on the RDNs, then on the >> AVAs. >> >> Now, what exactly are you going to do with the parsed DN ? Isn't it >> enough to have a Dn instance ? >> > > > > -- > WBR > Maxim aka solomax > -- WBR Maxim aka solomax
Re: parse DN using directory API
My bad :( I thought "public Dn( SchemaManager schemaManager, String... upRdns )" only accepts pairs "XY=ASDFG" sorry for the noise :( On Fri, Sep 4, 2015 at 6:15 PM, Emmanuel Lécharny <elecha...@gmail.com> wrote: > Le 04/09/15 14:09, Kiran Ayyagari a écrit : > > On Fri, Sep 4, 2015 at 8:05 PM, Maxim Solodovnik <solomax...@gmail.com> > > wrote: > > > >> Here is the use case > >> I read memberOf attributes of user (MS AD version), interpret it as > String, > >> and then need to parse it as Dn. Currently I can't use > FastDnParser.parse > >> and need to "re-invent the weel". > >> > > you can just create a DN using new Dn(dnStr) > > and that internally parses it. > > > > The only downside of the above method is that the DN is not schema aware > > But once you have done that, you can iterate on the RDNs, then on the AVAs. > > Now, what exactly are you going to do with the parsed DN ? Isn't it > enough to have a Dn instance ? > -- WBR Maxim aka solomax
Re: ApacheDS file name
I believe I'm behind corporate FW right now :( Will try to double check later from home On Wed, Jul 8, 2015 at 12:55 PM, Stefan Seelmann m...@stefan-seelmann.de wrote: On 07/08/2015 08:37 AM, Maxim Solodovnik wrote: just have tried: http://www.eu.apache.org/dist/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz I downloaded the same, signature and md5sum is good. file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: *gzip compressed data* pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142 gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) seelm...@apache.org *WARNING: Bad signature, doesn't match file contents!* not sure what is wrong Are you behind a corporate firewall/virus scanner that intercepts the download? On Wed, Jul 8, 2015 at 12:31 PM, Maxim Solodovnik solomax...@gmail.com wrote: hm, file http://www.motorlogy.com/apache/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142 gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) seelm...@apache.org *WARNING: Bad signature, doesn't match file contents!* will try different mirror sorry for the noise On Wed, Jul 8, 2015 at 12:26 PM, Stefan Seelmann m...@stefan-seelmann.de wrote: On 07/08/2015 08:11 AM, Maxim Solodovnik wrote: Hello, Just have tried latest available ApacheDS (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz) the file name clearly states it is tar gzip, but it turns to be plain tar (without gzip compression) I would propose to add gzip compression or to change the name Not sure if it is issue, or maybe you are already aware of it Hm, I just downloaded it from a mirror and it is a propert tar.gz, see below. From which mirror did you download? Can you please validate checksums and PGP signature? $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz 121396 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: gzip compressed data $ gunzip ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar 135700 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar: POSIX tar archive Kind Regards, Stefan -- WBR Maxim aka solomax -- WBR Maxim aka solomax
ApacheDS file name
Hello, Just have tried latest available ApacheDS (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz) the file name clearly states it is tar gzip, but it turns to be plain tar (without gzip compression) I would propose to add gzip compression or to change the name Not sure if it is issue, or maybe you are already aware of it -- WBR Maxim aka solomax
Re: ApacheDS file name
just have tried: http://www.eu.apache.org/dist/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: *gzip compressed data* pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142 gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) seelm...@apache.org *WARNING: Bad signature, doesn't match file contents!* not sure what is wrong On Wed, Jul 8, 2015 at 12:31 PM, Maxim Solodovnik solomax...@gmail.com wrote: hm, file http://www.motorlogy.com/apache/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142 gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) seelm...@apache.org *WARNING: Bad signature, doesn't match file contents!* will try different mirror sorry for the noise On Wed, Jul 8, 2015 at 12:26 PM, Stefan Seelmann m...@stefan-seelmann.de wrote: On 07/08/2015 08:11 AM, Maxim Solodovnik wrote: Hello, Just have tried latest available ApacheDS (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz) the file name clearly states it is tar gzip, but it turns to be plain tar (without gzip compression) I would propose to add gzip compression or to change the name Not sure if it is issue, or maybe you are already aware of it Hm, I just downloaded it from a mirror and it is a propert tar.gz, see below. From which mirror did you download? Can you please validate checksums and PGP signature? $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz 121396 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: gzip compressed data $ gunzip ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar 135700 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar: POSIX tar archive Kind Regards, Stefan -- WBR Maxim aka solomax -- WBR Maxim aka solomax
Re: ApacheDS file name
hm, file http://www.motorlogy.com/apache/directory/studio/2.0.0.v20150606-M9/ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz pgp ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz.asc gpg: Signature made Sun 07 Jun 2015 14:18:58 NOVT using RSA key ID 28686142 gpg: BAD signature from Stefan Seelmann (CODE SIGNING KEY) seelm...@apache.org *WARNING: Bad signature, doesn't match file contents!* will try different mirror sorry for the noise On Wed, Jul 8, 2015 at 12:26 PM, Stefan Seelmann m...@stefan-seelmann.de wrote: On 07/08/2015 08:11 AM, Maxim Solodovnik wrote: Hello, Just have tried latest available ApacheDS (ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz) the file name clearly states it is tar gzip, but it turns to be plain tar (without gzip compression) I would propose to add gzip compression or to change the name Not sure if it is issue, or maybe you are already aware of it Hm, I just downloaded it from a mirror and it is a propert tar.gz, see below. From which mirror did you download? Can you please validate checksums and PGP signature? $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz 121396 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz: gzip compressed data $ gunzip ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar.gz $ ls -s ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar 135700 ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar $ file ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar ApacheDirectoryStudio-2.0.0.v20150606-M9-linux.gtk.x86_64.tar: POSIX tar archive Kind Regards, Stefan -- WBR Maxim aka solomax
Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M29 released
Somehow new release is not available: Failed to collect dependencies at org.apache.directory.api:api-all:jar:1.0.0-M29: Failed to read artifact descriptor for org.apache.directory.api:api-all:jar:1.0.0-M29: Failure to find org.apache.directory.api:api-parent:pom:1.0.0-M29 Am I doing something wrong? Or maybe anything wrong with repo and/or release? On Fri, Apr 3, 2015 at 5:56 PM, Emmanuel Lecharny elecha...@apache.org wrote: The Apache Directory Team is proud to announce the availability of the 1.0.0-M29 version of the Apache Directory LDAP API. The Apache Directory LDAP client API is an ongoing effort to provide an enhanced LDAP API, as a replacement for JNDI and the existing LDAPAPI (jLdap and Mozilla LDAP API). This is a schema aware API, with some convenient ways to access a LDAP server. This API is not only targeting the Apache Directory Server, but should work pristine with any LDAP server. It's also an extensible API : new Controls, schema elements and network layer could be added or used in the near future. It's also OSGi capable. Another bug fix release, with a few new fonctionalities being added : - a LDIF anonymizer - VLV support Here is the list of fixed issues : Bugs : -- * https://issues.apache.org/jira/browse/DIRAPI-100 Implement the GSSAPI SASL Bind mechanism * https://issues.apache.org/jira/browse/DIRAPI-107 LdifReader missing attributes * https://issues.apache.org/jira/browse/DIRAPI-219 DateUtils.toGeneralizedTime does not work with some Locales * https://issues.apache.org/jira/browse/DIRAPI-220 The FilterEncoder.encodeFilterValue() does not accept escaped hex values like \2A * https://issues.apache.org/jira/browse/DIRAPI-223 The SchemaObject extension key should be case-insensitive * https://issues.apache.org/jira/browse/DIRAPI-226 Injecting non pure ASCII values into a HR attribute read from a LDIF does not work Improvements : -- * https://issues.apache.org/jira/browse/DIRAPI-46 Add a generic schema loader which looks for schema elements under the value of the 'subschemaSubentry' of the RootDSE * https://issues.apache.org/jira/browse/DIRAPI-225 Add a LDIF anonymizer that takes a LDIF file and replace the value with random text New features : -- * https://issues.apache.org/jira/browse/DIRAPI-165 Add a FilterBuillder * https://issues.apache.org/jira/browse/DIRAPI-224 Add support for the VLV control Feel free to experiment, we highly appreciate your feedback ! Website : http://directory.apache.org/api Download : http://directory.apache.org/api/downloads.html User's Guide : http://directory.apache.org/api/user-guide.html The Apache Directory Team -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com -- WBR Maxim aka solomax
Re: Dereferencing aliases
Works as expected Thanks a lot for the help! On 16 October 2014 16:05, Maxim Solodovnik solomax...@gmail.com wrote: Thanks a lot for the quick reply, will try it! On 16 October 2014 16:03, Kiran Ayyagari kayyag...@apache.org wrote: the support for dereferencing aliases* is already there, you just need to set the derefAliases option in the search request. * note that referral chasing is different and is not currently supported On Thu, Oct 16, 2014 at 2:04 PM, Maxim Solodovnik solomax...@gmail.com wrote: Hello All, Recently I got report from one of our users [1] asking for dereferencing aliases. According to the code of EntryCursorImpl.get() I suppose it is not currently possible, am I right? If yes maybe you have plans to implement it? (so I can tell our user some time frame) Thanks in advance [1] https://issues.apache.org/jira/browse/OPENMEETINGS-1105 -- WBR Maxim aka solomax -- Kiran Ayyagari http://keydap.com -- WBR Maxim aka solomax -- WBR Maxim aka solomax
Dereferencing aliases
Hello All, Recently I got report from one of our users [1] asking for dereferencing aliases. According to the code of EntryCursorImpl.get() I suppose it is not currently possible, am I right? If yes maybe you have plans to implement it? (so I can tell our user some time frame) Thanks in advance [1] https://issues.apache.org/jira/browse/OPENMEETINGS-1105 -- WBR Maxim aka solomax
Re: Dereferencing aliases
Thanks a lot for the quick reply, will try it! On 16 October 2014 16:03, Kiran Ayyagari kayyag...@apache.org wrote: the support for dereferencing aliases* is already there, you just need to set the derefAliases option in the search request. * note that referral chasing is different and is not currently supported On Thu, Oct 16, 2014 at 2:04 PM, Maxim Solodovnik solomax...@gmail.com wrote: Hello All, Recently I got report from one of our users [1] asking for dereferencing aliases. According to the code of EntryCursorImpl.get() I suppose it is not currently possible, am I right? If yes maybe you have plans to implement it? (so I can tell our user some time frame) Thanks in advance [1] https://issues.apache.org/jira/browse/OPENMEETINGS-1105 -- WBR Maxim aka solomax -- Kiran Ayyagari http://keydap.com -- WBR Maxim aka solomax
CursorLdapReferralException while iterating EntryCursor
Hello, I'm getting CursorLdapReferralException while iterating EntryCursor: [1] line 258 Could you please explain the meaning of this exception? I was sure if cursor.next() return the true cursor.get() should be successful. Thanks in advance [1] https://svn.apache.org/viewvc/openmeetings/branches/3.0.x/src/main/java/org/apache/openmeetings/ldap/LdapLoginManagement.java?view=markup -- WBR Maxim aka solomax
Re: [Solved] Re: Changing logging level
Will commit this part: logger name=org.apache.mina.filter.ssl.SslFilter level=OFF/ On 25 July 2014 20:50, Michael Wuttke michael.wut...@beuth-hochschule.de wrote: Hello I added to the ~/red5/conf/logback.xml file of the Openmeetings application the following lines: logger name=org.apache.mina.filter.ssl.SslFilter level value=OFF/ /logger and to the ~/red5/webapp/openmeetings/WEB-INF/classes/logback-config.xml file the following line: logger name=org.apache.mina.filter.ssl.SslFilter level=OFF/ See also the source file: https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/main/webapp/WEB-INF/classes/logback-config.xml Now the logging of Openmeetings works as expected. No passwords where printed to the log file openmeetings.log any more. The correct log to disable is org.apache.directory.api.ldap.model.message.BindRequestImpl : logger name=org.apache.directory.api.ldap.model.message.BindRequestImpl level=NONE/ Your hint doesn't help. The passwords where printed anyway. Thanks a lot for your help! Michael Am 23.07.2014 um 19:08 schrieb Emmanuel Lécharny: Le 23/07/2014 18:45, mwut...@beuth-hochschule.de a écrit : Hello Emmanuel, thank you for your help and advise. I will try it. Thanks ! Give us some feedback, that would be appreciated ! -- WBR Maxim aka solomax
Re: Changing logging level
Our user (Michael in CC) changes the level to OFF and still get passwords printed I can't reproduce this, and have no idea what else can I suggest :( On 23 July 2014 20:37, Kiran Ayyagari kayyag...@apache.org wrote: Hi Maxim, I suggest you change the logging level of org.apache.directory to WARN even at INFO level ApacheDS logs a lot of data On Wed, Jul 23, 2014 at 6:55 PM, Maxim Solodovnik solomax...@gmail.com wrote: Hello, I have successfully integrated Apache directory API into our project openmeetings.apache.org. We using logback to configure logging in our project. User claims in mailing lists and direct emails: LDAP passwords are being printed to the log in plain text I have modified logback config: [1] and the issue is not reproducible for me, but it doesn't help the user. What else can be checked to investigate/fix this issue? [ https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/main/webapp/WEB-INF/classes/logback-config.xml ] -- WBR Maxim aka solomax -- Kiran Ayyagari http://keydap.com -- WBR Maxim aka solomax
Re: Changing logging level
Thanks Kiran! Will try to localize On 23 July 2014 20:42, Kiran Ayyagari kayyag...@apache.org wrote: On Wed, Jul 23, 2014 at 7:09 PM, Maxim Solodovnik solomax...@gmail.com wrote: Our user (Michael in CC) changes the level to OFF and still get passwords printed looks like a logging configuration issue on his part I can't reproduce this, and have no idea what else can I suggest :( On 23 July 2014 20:37, Kiran Ayyagari kayyag...@apache.org wrote: Hi Maxim, I suggest you change the logging level of org.apache.directory to WARN even at INFO level ApacheDS logs a lot of data On Wed, Jul 23, 2014 at 6:55 PM, Maxim Solodovnik solomax...@gmail.com wrote: Hello, I have successfully integrated Apache directory API into our project openmeetings.apache.org. We using logback to configure logging in our project. User claims in mailing lists and direct emails: LDAP passwords are being printed to the log in plain text I have modified logback config: [1] and the issue is not reproducible for me, but it doesn't help the user. What else can be checked to investigate/fix this issue? [ https://svn.apache.org/repos/asf/openmeetings/branches/3.0.x/src/main/webapp/WEB-INF/classes/logback-config.xml ] -- WBR Maxim aka solomax -- Kiran Ayyagari http://keydap.com -- WBR Maxim aka solomax -- Kiran Ayyagari http://keydap.com -- WBR Maxim aka solomax
Re: Changing logging level
@Michael, can you subscribe to this list and share some logs? On 23 July 2014 21:07, Emmanuel Lécharny elecha...@gmail.com wrote: Le 23/07/2014 15:46, Maxim Solodovnik a écrit : Thanks Kiran! Will try to localize In any case, we should *never* log a password. The only place I can imagine the password will be printed is the BER decoding part, where we are printing the PDU we receive from a client, while we have no idea about what PDU they are. If you can get some of the client logs, that could help. -- WBR Maxim aka solomax
Re: Changing logging level
The messages are being printed by o.a.m.f.s.SslFilter:570 so you need to add line with org.apache.mina.core.filterchain http://mina.apache.org/mina-project/apidocs/org/apache/mina/core/filterchain/IoFilterAdapter.html package On 23 July 2014 21:50, Michael Wuttke michael.wut...@beuth-hochschule.de wrote: Hello, here is an extract of the openmeetings.log file: DEBUG 07-23 16:39:23.804 o.a.w.p.AsynchronousDataStore$PageSavingRunnable:354 [Wicket-PageSavingThread] - Saving asynchronously: Entry [sessionId=CF4118EC81E38EDD29BF16316D7DA5AE, pageId=0]... DEBUG 07-23 16:39:23.805 o.a.w.p.PageAccessSynchronizer:346 [http-nio-0.0.0.0-5080-exec-8] - 'http-nio-0.0.0.0-5080-exec-8' notifying blocked threads DEBUG 07-23 16:39:23.805 o.a.w.p.DiskDataStore:186 [Wicket-PageSavingThread] - Storing data for page with id '0' in session with id 'CF4118EC81E38EDD29BF16316D7DA5AE' DEBUG 07-23 16:39:34.585 o.a.w.p.h.s.ServletWebRequest:189 [http-nio-0.0.0.0-5080-exec-5] - Calculating context relative path from: context path '/openmeetings', filterPrefix '', uri '/openmeetings/signin' DEBUG 07-23 16:39:34.585 o.a.w.p.PageAccessSynchronizer:100 [http-nio-0.0.0.0-5080-exec-5] - 'http-nio-0.0.0.0-5080-exec-5' attempting to acquire lock to page with id '0' DEBUG 07-23 16:39:34.586 o.a.w.p.PageAccessSynchronizer:125 [http-nio-0.0.0.0-5080-exec-5] - http-nio-0.0.0.0-5080-exec-5 acquired lock to page 0 DEBUG 07-23 16:39:34.587 o.a.o.d.d.s.SessiondataDao:68 [http-nio-0.0.0.0-5080-exec-5] - startsession :: startsession DEBUG 07-23 16:39:34.588 o.a.o.u.c.ManageCryptStyle:32 [http-nio-0.0.0.0-5080-exec-5] - getInstanceOfCrypt:: configKeyCryptClassName: org.apache.openmeetings.util.crypt.MD5Implementation DEBUG 07-23 16:39:34.596 o.a.o.l.LdapLoginManagement:163 [http-nio-0.0.0.0-5080-exec-5] - LdapLoginmanagement.doLdapLogin DEBUG 07-23 16:39:34.602 o.a.m.f.s.SslFilter:406 [NioProcessor-18] - Adding the SSL Filter sslFilter to the chain DEBUG 07-23 16:39:34.604 o.a.m.f.s.SslFilter:645 [NioProcessor-18] - Session Client[3](ssl...) : Starting the first handshake DEBUG 07-23 16:39:34.604 o.a.m.f.s.SslFilter:570 [NioProcessor-18] - Session Client[3](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=154 cap=264: 16 03 01 00 95 01 00 00 91 03 01 53 CF C9 26 2D...] DEBUG 07-23 16:39:34.605 o.a.m.f.s.SslFilter:570 [http-nio-0.0.0.0-5080-exec-5] - Session Client[3](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=97 cap=97: 30 5F 02 01 01 60 5A 02 01 03 04 3F 43 4E 3D 6D...] DEBUG 07-23 16:39:34.606 o.a.m.f.s.SslFilter:570 [http-nio-0.0.0.0-5080-exec-5] - Session Client[3](ssl...): Writing Message : MessageWriteRequest, parent : WR WrapperWriteRequest: MessageType : BIND_REQUEST Message ID : 1 BindRequest Version : '3' Name : 'CN=binduser,OU=YXZ,OU=Users,DC=company,DC=com' Simple authentication : 'password/hash value' DEBUG 07-23 16:39:34.606 o.a.m.f.s.SslFilter:452 [NioProcessor-18] - Session Client[3](ssl...): Message received : HeapBuffer[pos=0 lim=2048 cap=2048: 16 03 01 13 C9 02 00 00 4D 03 01 53 CF C9 26 09...] DEBUG 07-23 16:39:34.607 o.a.m.f.s.SslFilter:685 [NioProcessor-18] - Session Client[3](ssl...): Processing the SSL Data DEBUG 07-23 16:39:34.607 o.a.m.f.s.SslFilter:452 [NioProcessor-18] - Session Client[3](ssl...): Message received : HeapBuffer[pos=0 lim=3022 cap=4096: 97 FD 69 A4 E4 5D 9F 0D 53 46 BE 07 D4 4B 4F 66...] DEBUG 07-23 16:39:34.623 o.a.m.f.s.SslFilter:570 [NioProcessor-18] - Session Client[3](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=274 cap=528: 16 03 01 01 0D 0B 00 00 03 00 00 00 10 00 01 02...] DEBUG 07-23 16:39:34.624 o.a.m.f.s.SslFilter:570 [NioProcessor-18] - Session Client[3](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=6 cap=8: 14 03 01 00 01 01] DEBUG 07-23 16:39:34.624 o.a.m.f.s.SslFilter:570 [NioProcessor-18] - Session Client[3](ssl...): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=53 cap=66: 16 03 01 00 30 53 CA 7F 1E D9 07 AB 4D D9 6C 12...] DEBUG 07-23 16:39:34.624 o.a.m.f.s.SslFilter:685 [NioProcessor-18] - Session Client[3](ssl...): Processing the SSL Data DEBUG 07-23 16:39:34.823 o.a.m.f.s.SslFilter:452 [NioProcessor-18] - Session Client[3](ssl...): Message received : HeapBuffer[pos=0 lim=59 cap=4096: 14 03 01 00 01 01 16 03 01 00 30 FC 65 E5 CD 51...] DEBUG 07-23 16:39:34.825 o.a.m.f.s.SslFilter:685 [NioProcessor-18] - Session Client[3](SSL): Processing the SSL Data DEBUG 07-23 16:39:34.825 o.a.m.f.s.SslFilter:570 [NioProcessor-18] - Session Client[3](SSL): Writing Message : WriteRequest: HeapBuffer[pos=0 lim=97 cap=97: 30 5F 02 01 01 60 5A 02 01 03 04 3F 43 4E 3D 6D...] DEBUG 07-23 16:39:34.826 o.a.m.f.s.SslFilter:570 [NioProcessor-18] - Session Client[3](SSL): Writing Message : MessageWriteRequest, parent : WR WrapperWriteRequest: MessageType : BIND_REQUEST Message ID : 1 BindRequest Version : '3'
Re: Changing logging level
Thanks for the great library and immediate support :) On 23 July 2014 23:24, Emmanuel Lécharny elecha...@gmail.com wrote: Le 23/07/2014 18:13, Maxim Solodovnik a écrit : Thanks :) Actually, shame on us. The bug was already listed in JIRA nearly 4 years ago : https://issues.apache.org/jira/browse/DIRSERVER-1544 The fix was sadly partial : http://svn.apache.org/viewvc/directory/shared/trunk/ldap/src/main/java/org/apache/directory/shared/ldap/model/message/BindRequestImpl.java?r1=987606r2=991816pathrev=1066123 The code base is quite big, and it's hard to be thorough... -- WBR Maxim aka solomax
Re: Changing logging level
sure, I'll turn it on :) Thanks again On 23 July 2014 23:37, Emmanuel Lécharny elecha...@gmail.com wrote: Le 23/07/2014 18:28, Maxim Solodovnik a écrit : Thanks for the great library and immediate support :) We will probably not cut a release right away. If you can set the log level so that the BondRequest is not exposed, that would be a workaround. The correct log to disable is org.apache.directory.api.ldap.model.message.BindRequestImpl : logger name=org.apache.directory.api.ldap.model.message.BindRequestImpl level=NONE/ That will avoid dumping any of the BindRequest messages. -- WBR Maxim aka solomax
Re: Changing logging level
I'll turn it off, sorry ~midnight here :) On 23 July 2014 23:39, Maxim Solodovnik solomax...@gmail.com wrote: sure, I'll turn it on :) Thanks again On 23 July 2014 23:37, Emmanuel Lécharny elecha...@gmail.com wrote: Le 23/07/2014 18:28, Maxim Solodovnik a écrit : Thanks for the great library and immediate support :) We will probably not cut a release right away. If you can set the log level so that the BondRequest is not exposed, that would be a workaround. The correct log to disable is org.apache.directory.api.ldap.model.message.BindRequestImpl : logger name=org.apache.directory.api.ldap.model.message.BindRequestImpl level=NONE/ That will avoid dumping any of the BindRequest messages. -- WBR Maxim aka solomax -- WBR Maxim aka solomax
[LDAP API] secure connection example
Hello All, I would like to ask a question regarding establishing secure LDAP connection using Java API (1.0.0-M22 http://directory.apache.org/api/downloads.html) http://directory.apache.org/api/user-guide/5-ldap-security.html contains no documentation Here is error log: http://pastebin.com/buKTicGu I would appreciate any help -- WBR Maxim aka solomax
Re: [LDAP API] secure connection example
Thanks for the quick response This was my first idea Unfortunately I have no environment to test :( The user, reported this says: thank you for your hints. I will have a look at it. The thing is: with moodle mahara (php software) it works with all the ldaps settings. ;-( The code I'm using: is here https://svn.apache.org/viewvc/openmeetings/branches/3.0.x/src/main/java/org/apache/openmeetings/ldap/LdapLoginManagement.java?view=markup line ~228 Maybe I'm using API somehow wrong? or additional keystores should be added ... Thanks in advance On 27 June 2014 23:15, Emmanuel Lécharny elecha...@gmail.com wrote: Le 27/06/2014 17:23, Maxim Solodovnik a écrit : Hello All, I would like to ask a question regarding establishing secure LDAP connection using Java API (1.0.0-M22 http://directory.apache.org/api/downloads.html) http://directory.apache.org/api/user-guide/5-ldap-security.html contains no documentation Here is error log: http://pastebin.com/buKTicGu Mist certainly an invalid password, or an unknown user : LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 - (unknown username or bad password) ( http://social.technet.microsoft.com/Forums/windowsserver/en-US/c1d8d706-a506-4973-9542-1e88a2a66ac0/ad-lds-and-locked-out-accounts-response-codes?forum=winserverDS ) -- WBR Maxim aka solomax