Transferring an entire directory from one server to another

2017-02-08 Thread Steve Sobol - Lobos Studios 
Good afternoon

I'm using Studio (on Windows 10) to create a directory tree and do some
local testing of a Java app I'm writing. I'm eventually going to want to
copy the tree over to an ApacheDS server which will run on Ubuntu 16.04 (or
14.04, I forget which I have installed) and start populating it with live
users.

Is the process as simple as exporting everything from the Root DSE down as
an LDIF? Or is it more nuanced than that?

Is there a command-line utility I can use to import the data on the Linux
server? (If not, that's cool, I can use Studio over an SSH tunnel)

 

Thanks

 

--

Lobos Studios | Phone: 877.919.4WEB | LobosStudios.com |
Facebook.com/LobosStudios | @LobosStudios

Web Development - Mobile Development - Helpdesk/Tech Support - Computer
Sales & Service

Acer Authorized Reseller - Computers, Windows and Android Tablets,
Accessories

 

Steve Sobol - CEO, Senior Developer and Server Jockey

st...@lobosstudios.com

RE: Exploring triggers

2017-02-08 Thread Mike Davis 
When I did mine, I used Apache DS Studio to upload the Java byte code. I 
don't know if that makes a difference. We are on M20. I don't know if either 
of those difference matter.

The trigger I was trying to set up was to associate inclusion in a group as 
a trigger to specify a different password policy. So, I could capture the 
group membership changes, but there didn't seem to be a way, from that, to 
update the user to add the pwdPolicySubentry attribute.

-Original Message-
From: Humbi [mailto:s_hu...@yahoo.com.INVALID]
Sent: Tuesday, February 07, 2017 5:34 PM
To: users@directory.apache.org
Subject: AW: Exploring triggers

Here is a simple example, what I did (tried it with apacheds-2.0.0-M23, Java 
8 - works until server restart):
Unzip a new apacheds-2.0.0-M23 and import this ldif (and then if you change 
for example the sn for user1, you can see the sysout):

version: 1

dn: ou=Stored Procedures,ou=system
objectClass: organizationalUnit
objectClass: top
ou: Stored Procedures

dn: storedProcUnitName=com.test.MyTriggerInterceptor,ou=Stored Procedures,ou 
=system
objectClass: javaStoredProcUnit
objectClass: top
objectClass: storedProcUnit
javaByteCode:: yv66vgAAADQAXQcAAgEAHWNvbS90ZXN0L015VHJpZ2dlckludGVyY2VwdG9yB
 wAEAQAQamF2YS9sYW5nL09iamVjdAEABjxpbml0PgEAAygpVgEABENvZGUKAAMACQwABQAGAQAP
 TGluZU51bWJlclRhYmxlAQASTG9jYWxWYXJpYWJsZVRhYmxlAQAEdGhpcwEAH0xjb20vdGVzdC9
 NeVRyaWdnZXJJbnRlcmNlcHRvcjsBAA1jaGFuZ2VUcmlnZ2VyAQBJKExvcmcvYXBhY2hlL2Rpcm
 VjdG9yeS9hcGkvbGRhcC9tb2RlbC9lbnRyeS9FbnRyeTtMamF2YS91dGlsL0FycmF5TGlzdDspV
 gEACVNpZ25hdHVyZQEAgyhMb3JnL2FwYWNoZS9kaXJlY3RvcnkvYXBpL2xkYXAvbW9kZWwvZW50
 cnkvRW50cnk7TGphdmEvdXRpbC9BcnJheUxpc3Q8TG9yZy9hcGFjaGUvZGlyZWN0b3J5L2FwaS9
 sZGFwL21vZGVsL2VudHJ5L01vZGlmaWNhdGlvbjs+OylWCQATABUHABQBABBqYXZhL2xhbmcvU3
 lzdGVtDAAWABcBAANvdXQBABVMamF2YS9pby9QcmludFN0cmVhbTsHABkBABdqYXZhL2xhbmcvU
 3RyaW5nQnVpbGRlcggAGwEADUVudHJ5IGZvdW5kOiAKABgAHQwABQAeAQAVKExqYXZhL2xhbmcv
 U3RyaW5nOylWCwAgACIHACEBAC9vcmcvYXBhY2hlL2RpcmVjdG9yeS9hcGkvbGRhcC9tb2RlbC9
 lbnRyeS9FbnRyeQwAIwAkAQAFZ2V0RG4BAC8oKUxvcmcvYXBhY2hlL2RpcmVjdG9yeS9hcGkvbG
 RhcC9tb2RlbC9uYW1lL0RuOwoAGAAmDAAnACgBAAZhcHBlbmQBAC0oTGphdmEvbGFuZy9PYmplY
 3Q7KUxqYXZhL2xhbmcvU3RyaW5nQnVpbGRlcjsKABgAKgwAKwAsAQAIdG9TdHJpbmcBABQoKUxq
 YXZhL2xhbmcvU3RyaW5nOwoALgAwBwAvAQATamF2YS9pby9QcmludFN0cmVhbQwAMQAeAQAHcHJ
 pbnRsbgoAMwA1BwA0AQATamF2YS91dGlsL0FycmF5TGlzdAwANgA3AQAIaXRlcmF0b3IBABYoKU
 xqYXZhL3V0aWwvSXRlcmF0b3I7CwA5ADsHADoBABJqYXZhL3V0aWwvSXRlcmF0b3IMADwAPQEAB
 G5leHQBABQoKUxqYXZhL2xhbmcvT2JqZWN0OwcAPwEANm9yZy9hcGFjaGUvZGlyZWN0b3J5L2Fw
 aS9sZGFwL21vZGVsL2VudHJ5L01vZGlmaWNhdGlvbgoAGAAJCwA+AEIMAEMARAEADGdldE9wZXJ
 hdGlvbgEAQygpTG9yZy9hcGFjaGUvZGlyZWN0b3J5L2FwaS9sZGFwL21vZGVsL2VudHJ5L01vZG
 lmaWNhdGlvbk9wZXJhdGlvbjsIAEYBAAEgCgAYAEgMACcASQEALShMamF2YS9sYW5nL1N0cmluZ
 zspTGphdmEvbGFuZy9TdHJpbmdCdWlsZGVyOwsAPgBLDABMAE0BAAxnZXRBdHRyaWJ1dGUBADco
 KUxvcmcvYXBhY2hlL2RpcmVjdG9yeS9hcGkvbGRhcC9tb2RlbC9lbnRyeS9BdHRyaWJ1dGU7CwA
 5AE8MAFAAUQEAB2hhc05leHQBAAMoKVoBAAhvbGRFbnRyeQEAMUxvcmcvYXBhY2hlL2RpcmVjdG
 9yeS9hcGkvbGRhcC9tb2RlbC9lbnRyeS9FbnRyeTsBAARtb2RzAQAVTGphdmEvdXRpbC9BcnJhe
 Uxpc3Q7AQAMbW9kaWZpY2F0aW9uAQA4TG9yZy9hcGFjaGUvZGlyZWN0b3J5L2FwaS9sZGFwL21v
 ZGVsL2VudHJ5L01vZGlmaWNhdGlvbjsBABZMb2NhbFZhcmlhYmxlVHlwZVRhYmxlAQBPTGphdmE
 vdXRpbC9BcnJheUxpc3Q8TG9yZy9hcGFjaGUvZGlyZWN0b3J5L2FwaS9sZGFwL21vZGVsL2VudH
 J5L01vZGlmaWNhdGlvbjs+OwEADVN0YWNrTWFwVGFibGUBAApTb3VyY2VGaWxlAQAZTXlUcmlnZ
 2VySW50ZXJjZXB0b3IuamF2YQAhAAEAAwAAAgABAAUABgABAAcvAAEAAQUqtwAI
 sQIACgYAAQcACwwAAQUADAANCQAOAA8AAgAQAgARAAcAAAD
 kAAQABF6yABK7ABhZEhq3ABwquQAfAQC2ACW2ACm2AC0rtgAyTqcANC25ADgBAMAAPk2yAB
 K7ABhZtwBALLkAQQEAtgAlEkW2AEcsuQBKAQC2ACW2ACm2AC0tuQBOAQCa/8mxBAAKI
 gAICgAbAAwALQANAEAADgBFAA8AUQANAFQADABdABEACwAAACAAAwAAAF4AUgBTAABe
 AFQAVQABAC0AJwBWAFcAAgBYDAABXgBUAFkAAQBaFAAC/wAjAAQHACAHADMABwA
 5AAAwAAEAWwIAXA==
storedProcLangId: Java
storedProcUnitName: com.test.MyTriggerInterceptor

dn: ou=users,dc=example,dc=com
objectClass: organizationalUnit
objectClass: top
ou: userss
ou: users

dn: cn=user1,ou=users,dc=example,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: user1
sn: TestUser

dn: cn=changeTrigger,dc=example,dc=com
objectClass: subentry
objectClass: top
objectClass: triggerExecutionSubentry
cn: changeTrigger
prescriptiveTriggerSpecification: AFTER Modify CALL "com.test.MyTriggerInter 
ceptor:changeTrigger" ($oldEntry, $modification);
subtreeSpecification: {}


And this is the java-source:

package com.test;

import java.util.ArrayList;
import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;

public class MyTriggerInterceptor {

public static void changeTrigger(Entry oldEntry, ArrayList 
mods ) {
System.out.println("Entry found: " + oldEntry.getDn());

for (Modification modification : mods) {
System.out.println(modification.getOperation()

FINAL REMINDER: CFP for ApacheCon closes February 11th

2017-02-08 Thread Rich Bowen 
Dear Apache Enthusiast,

This is your FINAL reminder that the Call for Papers (CFP) for ApacheCon
Miami is closing this weekend - February 11th. This is your final
opportunity to submit a talk for consideration at this event.

This year, we are running several mini conferences in conjunction with
the main event, so if you're submitting for one of those events, please
pay attention to the instructions below.

Apache: Big Data
* Event information:
http://events.linuxfoundation.org/events/apache-big-data-north-america
* CFP:
http://events.linuxfoundation.org/events/apache-big-data-north-america/program/cfp

Apache: IoT (Internet of Things)
* Event Information: http://us.apacheiot.org/
* CFP -
http://events.linuxfoundation.org/events/apachecon-north-america/program/cfp
(Indicate 'IoT' in the Target Audience field)

CloudStack Collaboration Conference
* Event information: http://us.cloudstackcollab.org/
* CFP -
http://events.linuxfoundation.org/events/apachecon-north-america/program/cfp
(Indicate 'CloudStack' in the Target Audience field)

FlexJS Summit
* Event information - http://us.apacheflexjs.org/
* CFP -
http://events.linuxfoundation.org/events/apachecon-north-america/program/cfp
(Indicate 'Flex' in the Target Audience field)

TomcatCon
* Event information - https://tomcat.apache.org/conference.html
* CFP -
http://events.linuxfoundation.org/events/apachecon-north-america/program/cfp
(Indicate 'Tomcat' in the Target Audience field)

All other topics and projects
* Event information -
http://events.linuxfoundation.org/events/apachecon-north-america/program/about
* CFP -
http://events.linuxfoundation.org/events/apachecon-north-america/program/cfp

Admission to any of these events also grants you access to all of the
others.

Thanks, and we look forward to seeing you in Miami!

-- 
Rich Bowen
VP Conferences, Apache Software Foundation
rbo...@apache.org
Twitter: @apachecon



(You are receiving this email because you are subscribed to a dev@ or
users@ list of some Apache Software Foundation project. If you do not
wish to receive email from these lists any more, you must follow that
list's unsubscription procedure. View the headers of this message for
unsubscription instructions.)

Re: Is it possible to use separate kerberos server with ApacheDS ldap server?

2017-02-08 Thread Yu Wei 
@elecha...@gmail.com

I have setup kerberos + GSSAPI + Cyrus-SASL + OpenLDAP and it worked well.


To setup this, I added slapd.conf in directory /etc/sasl2/ on centos as below,

[dcos@kdc sasl2]$ cat slapd.conf
keytab: /var/keytab/ldap.keytab
mech_list: CRAM-MD5 DIGEST-MD5 GSSAPI


So, how could I make similar configuration with ApacheDS?


Thanks,

Jared, (韦煜)
Software developer
Interested in open source software, big data, Linux


From: Emmanuel Lécharny 
Sent: Tuesday, February 7, 2017 3:37:23 PM
To: users@directory.apache.org
Subject: Re: Is it possible to use separate kerberos server with ApacheDS ldap 
server?



Le 07/02/2017 à 08:20, Yu Wei a écrit :
> Hi,
>
>
> I setup MIT kerberos server and verified that it worked well.
>
> Could I use my MIT kerberos server with apacheds ldap server?

Why not ? People routinely use OpenLDAP in parallel of a MIT kerberos
server. ApacheDS is *just* a plain LDAP server, with an additional
Kerberos Server using ApacheDS LDAP server as a storage system.
>
> How could I configure it?
I don't know about the MIT server's configuration. You probably want to
look for places describing how to make OpenLDAP a backend for a Kerberos
server, and configure ApacheDS accordingly.

--
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Exploring triggers

2017-02-08 Thread Emmanuel Lécharny 


Le 07/02/2017 à 10:56, s_humbi a écrit :
> I was playing around a little bit with triggers and stored procedures.
>
> For me (as beginner) almost everything worked fine, except this big problem 
> (don't know if it is a bug or if i did something wrong):
> If you restart the server, the attribute triggerExecutionSubentry in the 
> subentry gets lost...
> [10:52:14] WARN [org.apache.directory.server.core.trigger.TriggerSpecCache] - 
> Found triggerExecutionSubentry 'cn=trigger,dc=ds,dc=test,dc=net' without any 
> prescriptiveTriggerSpecification

What is the content of the cn=trigger,dc=ds,dc=test,dc=net entry ?

You should have a prescriptiveTriggerSpecification attributeType in it
pointing to the triggerExecutionSubentry entry.

(actually, this is one of the pitfalls in this approach, as this
attributeType should be virtual, not physical : the server *knows* which
entries are part of the subentry's selected entries, and we can
dynamically add this attributeType when teh entry is requested by a
client. Sadly, we currently expect the entry itself to contain this
element...)

>
>
> This is what i found out (without warranty, comments/imporovements welcome). 
> Maybe it helps a little bit.
>
> Approach:
>
> 1Implementing Stored Procedure
> 2Adding entry for Stored Procedure
> 3Adding the trigger as Attritbute (trigger for one Entry only)
> 4Or adding Triggers for more Entries, e.g. (Sub)-Tree
> 5Activate and deactivate Triggers
>
>
> More docs:
> http://joacim.breiler.com/apacheds/ch09s02.html#Planned%20New%20Features%20for%20Triggers
> http://people.apache.org/~ersiner/ldapcon.2007/LDAPcon.2007_LDAP.Stored.Procedures.and.Triggers.in.ApacheDS_by.Ersin.Er_Paper.pdf
>
>
> 1Implementing the Stored Procedure
>
> Stored Prodedure are simple POJO with one or more public static methods 
> (later called by the trigger).
>
> Example:
>
> package com.test;
>
> import java.util.ArrayList;
> import org.apache.directory.api.ldap.model.entry.Entry;
> import org.apache.directory.api.ldap.model.entry.Modification;
>
> public class TestTriggerInterceptor {
>
> public static void helloTrigger(Entry oldEntry, ArrayList 
> mods ) {  
> System.out.println("Entry found: " + oldEntry.getDn());
>   
> for (Modification modification : mods) {
> System.out.println(modification.getOperation()
>+ " "
>+ modification.getAttribute());
> }
> }
> }

yes. This need to be documented, because there is many more to say about
this POJO, but basically, it's quite simple.

One aspect that absolutely *need* to be re-worked is teh security aspect
of this approach. Basically, we are giving a hell lot of power to those
being able to inject a storedProcedure into the server. ACIs can be a
first step, but we need more, and that may involve Java security.

As I said, all this trigger/SP feature is highly experimental, and is
currently not our main point of interest (there are a LOT of other basic
aspects that need our focus atm). But we would be really pleased to see
people being involved in it. As usual, contributions are very welcomed !


>
>
> 2Adding Stored Procedures
>
> Adding a new ou for triggers, for example: ou=Stored Procedures,ou=system
>
> Adding a new entry (=StoredProcedure) for saving the StoredProcedure  
> (ObjectClass  javaStoredProcUnit)
>
> Example:
>
> DN: storedProcUnitName=com.test.TestTriggerInterceptor,ou=Stored 
> Procedures,ou=system
>
> Definition LDAP Stored Procedure:
>
> •ObjectClass: javaStoredProcUnit and storedProcUnit
>
> •storedProcUnitName: complete classname, e.g. 
> com.test.TestTriggerInterceptor
> •storedProcLangId: always “Java”
> •javaByteCode: Upload byte-code with ds-studio (the .class - File)
>
>
> 3Adding the trigger as Attritbute  for one Entry only:
>
> Adding the attribut entryTriggerSpecification in the entry.
>
> The Value of the Attribute entryTriggerSpecification is the trigger, example:
> AFTER Modify CALL "com.test.TestTriggerInterceptor:helloTrigger" ($oldEntry, 
> $modification);
>
> -->helloTrigger is the public static Method, we implemented above
>
> Possible Triggers:
> •AFTER Modify CALL
> •AFTER Add CALL …
> •AFTER Delete CALL …
> •AFTER ModifyDN CALL …
>
>
> Some possible parameters for the trigger:
> (found in org.apache.directory.api.ldap.trigger.StoredProcedureParameter):
>
> Modify_OBJECT( "$object" )
> Modify_MODIFICATION( "$modification" )
> Modify_OLD_ENTRY( "$oldEntry" )
> Modify_NEW_ENTRY( "$newEntry" )
> Add_ENTRY( "$entry" )
> Add_ATTRIBUTES( "$attributes" )
> Delete_NAME( "$name" )
> Delete_DELETED_ENTRY( "$deletedEntry" )
> ModifyDN_ENTRY( "$entry" )
> ModifyDN_NEW_RDN( "$newrdn" )
> ModifyDN_DELETE_OLD_RDN( "$deleteoldrdn" )
> ModifyDN_NEW_SUPERIOR( "$newSuperior" )
> ModifyDN_OLD_RDN( "$oldRDN" )
> ModifyDN_OLD_SUPERIOR_DN( "$oldRDN" )
> ModifyDN_NEW_DN( "$oldRDN" )
>
> Examples for static mehtods and trigger