I sent a patch in for this very problem Febr 28.
The jx.diff.txt patch is attached.
The js.sasl.qop.txt will allow GSSAPI tracfic to be encryted.
Richard Geoffrion wrote:
Greetings list!
---Background---
LDAP server: OpenLDAP 2.3.27
Schemas in use: core.schema, cosine.schema, inetorgperson.schema,
nis.schema, and samba.schema
JXplorer version: build JXv3.2 2007-02-26 21:08 EST
Issue:
Where objectclass equals "account" and objectclass equals
"posixAccount", JXplorer considers uid AND userid values as "mandatory"
but an attempt to fill in the missing value for userid causes the
error: LDAP: error code 20 - modify/add: uid: value #0 already exists];
remaining name 'uid=testuser,ou=People,dc=example,dc=lan'
Possible bug:
I think JXplorer is pulling uid from nis.schema and userid from
cosine.schema...which causes jxplorer to falsely require the "double
needs" for something that is in actuality....the same value.
or said another way....
I think JXplorer is using the account objectClass from RFC1274 and the
posixAccount objectClass from RFC2307. one references userID as a must,
the other one as uid as a must and jxplorer treats these as
different..which it shouldn't
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Index: src/com/ca/commons/jndi/ConnectionData.java
===================================================================
RCS file: /cvsroot/jxplorer/javasrc/com/ca/commons/jndi/ConnectionData.java,v
retrieving revision 1.13
diff -u -r1.13 ConnectionData.java
--- src/com/ca/commons/jndi/ConnectionData.java 11 Jul 2005 05:28:22 -0000
1.13
+++ src/com/ca/commons/jndi/ConnectionData.java 1 Mar 2007 17:22:54 -0000
@@ -499,6 +499,14 @@
{
env.put(Context.SECURITY_AUTHENTICATION, "GSSAPI");
//Maybe include something like JNDIOps.setupKerberosProperties
here??
+ env.put("javax.security.sasl.qop","auth-conf");
+ // Above says use confidentiality, i.e. encrypted packets
+ // We do it here, so it only applies to the GSSAPI,
+ // i.e. Kerberos, that can always do encryption.
+ // If added to jxconfig.txt, it would apply to all
+ // SASL connections, and not sure if password+SSL would
+ // pass the QOP test.
+ // DEE
}
// Add any 'extra' properties to the list.
@@ -554,4 +562,4 @@
extraProperties.put(key, property);
}
-}
\ No newline at end of file
+}
Index: src/com/ca/commons/naming/DXAttributes.java
===================================================================
RCS file: /cvsroot/jxplorer/javasrc/com/ca/commons/naming/DXAttributes.java,v
retrieving revision 1.13
diff -u -r1.13 DXAttributes.java
--- src/com/ca/commons/naming/DXAttributes.java 10 Aug 2005 07:27:14 -0000
1.13
+++ src/com/ca/commons/naming/DXAttributes.java 28 Feb 2007 21:59:23 -0000
@@ -898,6 +898,7 @@
//XXX ;binary hack
if (attOID.indexOf(";binary")>0) attOID =
attOID.substring(0,attOID.indexOf(";binary"));
+ attOID = getldapAliasName(attOID); //DEE
String ldapName = getldapName(attOID);
@@ -924,6 +925,8 @@
//XXX isNonString hack
if (attOID.indexOf(";binary")>0) attOID =
attOID.substring(0,attOID.indexOf(";binary"));
+ attOID = getldapAliasName(attOID); //DEE
+
String ldapName = getldapName(attOID);
registerOID(attOID, ldapName);
@@ -956,6 +959,40 @@
}
/**
+ * <p>If a "must" name has an alias, like "o" and "organization",
+ * or "uid" and "userid", and schemas like "account" and
+ * "posixAccount" use different aliases in in different Objects
+ * and an entry has multiple ObjectTypes we dont want to add
+ * "uid" and "userid" as "must", as this will causes problems.
+ * So we will check for the aliases, and use the first one.
+ * If we can't find it, will just return the same name. DEE</p>
+ */
+
+ public String getldapAliasName(String attOID)
+ {
+ try
+ {
+ Attributes myldapEntry = schema.getAttributes("AttributeDefinition/" +
attOID);
+ Attribute myOID = myldapEntry.get("OID");
+ NamingEnumeration myOIDs = myOID.getAll();
+ String myattOID = (String) myOIDs.next(); // get OID too
+
+ Attribute myname = myldapEntry.get("NAME");
+ NamingEnumeration mynames = myname.getAll();
+ String myattname = (String) mynames.next(); // get first name
+ //log.info("DEE **** myattOID: " + myattOID + " myattname: " +
myattname);
+ registerOID(myattOID, myattname);
+ return myattname;
+ }
+ catch (Exception e)
+ {
+ log.info("getldapAliasName unable to map alias for:" + attOID + e);
+ }
+ //log.info("DEE **** final attOID: " + attOID);
+ return attOID;
+ }
+
+ /**
* This method does it's darndnest to return a string ldap name.<p>
* First, it checks whether the string is <i>already</i> an ldap
* name; if it is, it returns it unchanged.<p>
@@ -1476,4 +1513,4 @@
-}
\ No newline at end of file
+}
Index: src/com/ca/directory/jxplorer/viewer/TableAttributeEditor.java
===================================================================
RCS file:
/cvsroot/jxplorer/javasrc/com/ca/directory/jxplorer/viewer/TableAttributeEditor.java,v
retrieving revision 1.12
diff -u -r1.12 TableAttributeEditor.java
--- src/com/ca/directory/jxplorer/viewer/TableAttributeEditor.java 26 Oct
2006 22:29:58 -0000 1.12
+++ src/com/ca/directory/jxplorer/viewer/TableAttributeEditor.java 28 Feb
2007 21:59:23 -0000
@@ -679,6 +679,7 @@
entry.expandAllAttributes();
currentDN = entry.getDN();
+log.info("DEE ** entry being displayed:\n" + entry);
tableData.insertAttributes(entry);
popupTableTool.setDN(currentDN); // Sets the DN in
SmartPopupTableTool.
myEditor.setDN(currentDN); // Sets the DN in the
attributeValueCellEditor which can be used to identify the entry that is being
modified/
@@ -884,4 +885,4 @@
promptForSave(false);
}
}
-}
\ No newline at end of file
+}
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Jxplorer-users mailing list
Jxplorer-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jxplorer-users
