Hi !

Thank you for taking the time to help me, I really do appreciate it. This
explanation is really helping me improve.

Thanks a lot!



[image: dinethr.PNG]

Dineth Chalitha Basnayake.

Undergraduate in Computer Science & Technology,

Uva Wellassa University of Sri Lanka

dinethchali...@gmail.com

[image: facebook.png] <https://www.facebook.com/dineth.basnayake>[image:
Linked in alt.png]
<https://www.linkedin.com/in/dineth-chalitha-basnayake-a79032ba/>[image:
github.png] <https://github.com/DinethUWU>

On Sun, Aug 6, 2017 at 7:34 AM, Emmanuel Lécharny <elecha...@gmail.com>
wrote:

> Now, that's better :-)
>
>
> Although &.5 and 2.0.0-M24 are very different, the interceptor
> architecture hasn't change so much (hopefully). Ok, the doc is totally
> otdated, and we don't use the server.xml fila anymore.
>
>
> Interceptors are all extending the BaseIntercapor abstract class which
> itself implements the Interceptor interface. There is not that much you
> need to implement in your ow interceptor :
>
> - the init() method if you need to initialize some things when the
> interceptor is added to the system (it's called once at startup)
>
> - the destroy() method that is called when teh server is shutdown, would
> you need to cleanup things (AFAICT, no interceptor implements this method)
>
> - and a method for each LDAP operation : add, bind, compare, delete,
> getRootDse (SEARCH), hasEntry (SEARCH), lookup (SEARCH), modify, move
> (MODRDN), moveAndRename(MODRDN), rename (MODRDN),search and unbind. As
> you can see, some of those methods are a specific version of a base
> method - like lookup/hasEntry/getRootDSE which could be done using teh
> search method-, for convenience.
>
> Eachof the Operation methods use a special Context parameter, which
> itself gives you access to various elements :
>
> - the specific operations parameters (like the base DN or the filter for
> the search operation (check each of the Context classes and interfaces)
>
> - the Session (and here, the CoreSession).
>
>
> When an LdapMessage is received, the protocol handlers passes it to the
> CoreSession instance, which creates an operation context from it,
> extracting all the required pieces that are going to be processed by
> interceptors. At this point, the initial LdapMessage is not anymorz
> available from inside interceptors, bt can be rebuilt from the content
> of the operation context - including the controls -.
>
> The Session is also where you'll find information about each current
> operation, and the executing LDAP session. Typically, it gives you
> access to the caller's ID - the principal -, it's IP address,
>
>
> Now, once you have implemented your interceptor, there are two things
> that need to be done in the configuration :
>
> - each interceptor is declared in the configuration file
>
> - each one has an order in the chain
>
> - each one is either enabled or disabled
>
> - each interceptor is associated with a class implementing it
>
>
> The order is critical, and you must add yours at the right place,
> dependning on what you want to do. Usuammy, you want to add your
> inteceptor at the very end of the chain, so with the highest order. The
> order is stored in the ads-interceptororder attribute (see later for an
> example). The class implementing the interceptor is stored using its
> FQDN in the ads-interceptorclassname attribute.
>
> The interceptor will be called only if it's enabled, something that has
> to be set using the ads-enabled attribute.
>
>
> Here are two examples for two different interceptors :
>
>
> - The Normalization interceptor :
>
> dn:
> ads-interceptorId=normalizationInterceptor,ou=interceptors,ads-
> directoryServiceId=default,ou=config
> objectclass: top
> objectclass: ads-base
> objectclass: ads-interceptor
> ads-interceptororder: 1
> ads-interceptorclassname:
> org.apache.directory.server.core.normalization.NormalizationInterceptor
> ads-interceptorid: normalizationInterceptor
> ads-enabled: TRUE
>
> Its order is 1, it's the very first interceptor being called. The FCQN
> (org.apache.directory.server.core.normalization.NormalizationInterceptor)
> for this interceptor is stored in the ads-interceptorclassname
> attribute, and this interceptor is enabled.
>
>
> - The KeyDerivation interceptor :
>
> dn:
> ads-interceptorId=keyDerivationInterceptor,ou=interceptors,ads-
> directoryServiceId=default,ou=config
> objectclass: top
> objectclass: ads-base
> objectclass: ads-interceptor
> ads-enabled: FALSE
> ads-interceptororder: 8
> ads-interceptorclassname:
> org.apache.directory.server.core.kerberos.KeyDerivationInterceptor
> ads-interceptorid: keyDerivationInterceptor
>
> This interceptor is used when Kerberos is enabled, to compute the
> derived kerberos keys when a user changes its password.
>
> It's position is 8, becuase it has to be executed before the
> passwordHashing Interceptor, but here, as yu can see, it's disabled : it
> won't be executed at all.
>
>
> It's enough to set your configuration file with your interceptor for
> this interceptor to be automaticaly called at the right place in teh
> chain of interceptors : the server uses reflection at startup to know
> where to set it - if it's enabled -  and for which operation it will be
> called (if you don't have a delete() method in your interceptor, for
> instance it will never be called when a user sends a Delete operation to
> the server). The configuratio is processed at startup, btw, so you'll
> need to restart the server if you change the configuration.
>
>
> I hope it helps.
>
>
>
> Le 05/08/2017 à 20:19, Dineth Chalitha Basnayaka a écrit :
> > Hi !
> >
> > I am very new to apacheDS so forgive me if I am interrupting you. I tried
> > with tutorial "Implementing a simple custom Interceptor for ApacheDS" (
> > http://directory.apache.org/apacheds/advanced-ug/6-
> implementing-interceptor.html)
> > . It was nice explanation and it work for me. But it related
> apcheds-1.5.5.
> > When its come to apacheds2.0.0-M24 I saw
> > org.apache.directory.server.core.hash.PasswordHashingInterceptor and
> more
> > default interceptors are already implement there.
> > So now I'am trying to implementing my own interceptor. In order to get
> the
> > interceptor installed in a default installation of ApacheDS2.0.0-M24
> little
> > bit confused me. Because there have some different with
> ApacheDS2.0.0-M24
> > and apcheds-1.5.5 installation layouts.In ApacheDs2.0.0-M24 installation
> > layout not showing the server.xml file. If you can give some information
> to
> > install new Custom interceptors to apacheDS.2.0.0-M24 Its really helpful
> > for me.
> >
> > Thanks for your consideration.
> >
> >
> >
> >
> > [image: dinethr.PNG]
> >
> > Dineth Chalitha Basnayake.
> >
> > Undergraduate in Computer Science & Technology,
> >
> > Uva Wellassa University of Sri Lanka
> >
> > dinethchali...@gmail.com
> >
> > [image: facebook.png] <https://www.facebook.com/dineth.basnayake>[image:
> > Linked in alt.png]
> > <https://www.linkedin.com/in/dineth-chalitha-basnayake-a79032ba/>[image:
> > github.png] <https://github.com/DinethUWU>
> >
> > On Fri, Aug 4, 2017 at 10:22 AM, Emmanuel Lécharny <elecha...@gmail.com>
> > wrote:
> >
> >>
> >> Le 04/08/2017 à 05:32, Dineth Chalitha Basnayaka a écrit :
> >>> Can you give what are the possible places in ldap server I can access
> >> that
> >>> message.
> >> http://www.catb.org/esr/faqs/smart-questions.html#explicit
> >>
> >> In other word, ApacheDS is a 200 000 lines of code project. Im not going
> >> to go throught it to show you how to get the information you need, it
> >> would simply take me days. Either you tell me where in the code you want
> >> to access LDAPMessage, or you are totally on your own.
> >>
> >>
> >> Thanks.
> >>
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>
>

Reply via email to