Thanks Emmanuel, I’m happy to help!
By the way, at your suggestion, I changed my app to use Caffeine for its
in-memory cache - you’re right, it really is very trivial to use! And it
resolved the conflict with ehcache v2 vs v3 in the embedded DS.
One other odd roadblock I’ve hit today - is getting the embedded ApacheDS to
authenticate simple binds when the test LDIF data has hashed passwords.
My LDIF file has:
dn: uid=monkey,ou=Users,ou=SSORest Eval,o=IDF Connect,c=US
objectClass: inetOrgPerson
...
uid: monkey
userpassword:: 0oH9vgVVuRPRwp+ZFDo617xmz4M=
I generated the above value by calling:
String storagePwd = new String(
PasswordUtil.createStoragePassword(
password.getBytes(StandardCharsets.UTF_8),
LdapSecurityConstants.HASH_METHOD_SHA
), StandardCharsets.UTF_8);
But then when I do a simple bind in my unit test, I get the error message:
[2018-12-26
15:05:09.179][pool-5-thread-1][INFO][][o.a.d.s.c.a.AbstractAuthenticator] -
[ERR_230 Password not correct for user ‘uid=monkey,ou=Users,ou=SSORest
Eval,o=IDF Connect,c=US']
[2018-12-26
15:05:09.179][pool-5-thread-1][INFO][][o.a.d.s.c.a.AuthenticationInterceptor] -
[Authenticator
org.apache.directory.server.core.authn.SimpleAuthenticator@602fe822 failed to
authenticate: uid=monkey,ou=Users,ou=SSORest Eval,o=IDF Connect,c=US]
[2018-12-26
15:05:09.179][pool-5-thread-1][INFO][][o.a.d.s.c.a.AuthenticationInterceptor] -
[Cannot bind to the server ]
I seem to be stuck on something trivial. I also followed the sample code
invoking MessageDigest as per
https://directory.apache.org/apacheds/basic-ug/3.1-authentication-options.html#but-how-to-obtain-the-hash-value-for-a-password
, but as expected it generated the same value as PasswordUtil…
I’ve also tried specifying the attribute as:
userpassword: {SHA}0oH9vgVVuRPRwp+ZFDo617xmz4M=
Am I not formatting the LDIF properly for the embedded DS? Naturally it works
fine when the userpassword attribute is in cleartext in the ldif.
Thanks!
Best regards,
Richard
> On Dec 26, 2018, at 5:42 AM, Emmanuel Lécharny wrote:
>
>
> On 26/12/2018 06:06, Richard Sand wrote:
>> Here it is…. It was more work than I thought!
>>
>> https://github.com/apache/directory-server/pull/9/files
>>
>> ehCache is upgraded from 2.10.4 to 3.6.1.
>>
>> Core class service, unit test codes, directory-cache.xml file…
>>
>> I look forward to your feedback. I wonder how much I broke…
>
>
> Whao ! A Xmas present !
>
>
> I'll have a look later as soon as I will be done with my big LDAP API
> refactoring - which is soon done -, hopefully later today or tomorrow.
>
>
> And, yes, I expected such a change to be a bit of hairy, considering the
> cache being used pretty everywhere in the server... That is probably the
> reason we didn't want to migrate to this new version with a slightly
> different API.
>
>
> Many thanks, Richard !
>
>
