Hi Martin, Sorry for not getting to this sooner...
On 7/23/07, Martin Alderson <[EMAIL PROTECTED]> wrote:
Hi all, I'm looking for some advice on how to interact with an embedded ApacheDS server from a Quartz scheduled job. This job will periodically add/modify an entry. I had been using something like DirectoryService.getInstance().getConfiguration().getPartitionNexus().modify(...) but I need this operation to go through the interceptor chain.
Aye. The best way to interact would be to actually get a JNDI context from inside the job using the JNDI InitialContextFactory for the server's CoreContextFactory. It's the proxy objects that pipe calls in from the JNDI contexts into the InterceptorChain. I think I need to get a JNDI context using (new InitialDirContext(env))
where env contains some credentials. I guess I need the credentials of the admin user for this. Is there any way for the server to know the operation is coming from the same process so it can automatically use the admin users credentials as stored in the directory? If not how should I get the admin credentials?
Good question. I don't think there is a way that the moment. There has been some past discussions about this but nothing conclusive. Other services have the admin credentials provided in their configuration which is bad bad and more bad. We need to figure something out here. I'd be glad to help out on it but these next few days are going to be really hard for me. Thinking about it, I guess this is tied in to having the admin user
credentials specified in the configuration file which also seems bad to me.
Heh thinking the same here. Couldn't this be scrapped and have a way to authenticate as the admin user
automatically from within the same process?
Yeah this is something we need to do. I have not figured out any good means to do this at the present moment. I guess if we had the security manager stuff in place we could find a way to determine if certain code can just run as admin. The problem is that any user can add a SP and execute it to gain admin access without using a security manager. We have to figure something out here. Sorry for not having a clear solution in mind. Alex
