Re: Problems upgrading ApacheDS 2.0.0.AM25 -> 2.0.0
On 2020/03/20 04:18:44, Emmanuel Lécharny wrote: > Hi Francesco, > > I applied a fix for this bug (and another one that I found at the same > time). > > I may cut a release soon. Hey, I was about to ask the JIRA number but a new release is way better, thanks :-) > On 19/03/2020 19:08, Emmanuel Lécharny wrote: > > Hi Francesco > > > > > > sorry for the latency... > > > > There is a clear bug in the way we handle a filter like > > (ObjectClass=top) in the search engine. As 'top' is never present in > > the index - for obvious reason : *every* single entry has such an > > attribute value -, the filter returns no candidate, so the > > encapsulating filter evaluation simply stops : > > > > (&(objectClass=top:[0])(cn=testLDAPGroup)) (note the [0] here). > > > > > > The code that does that is : > > > > private long getConjunctionScan( PartitionTxn partitionTxn, > > BranchNode node ) throws LdapException > > { > > long count = Long.MAX_VALUE; > > List children = node.getChildren(); > > > > for ( ExprNode child : children ) > > { > > if ( ( count == 1 ) && ( child instanceof ScopeNode ) ) > > { > > // We can stop here > > break; > > } > > > > annotate( partitionTxn, child ); > > count = Math.min( ( ( Long ) child.get( COUNT_ANNOTATION ) > > ), count ); > > > > if ( count == 0 ) > > { > > // No need to continue <- Obviously a bad idea > > in this very case... > > break; > > } > > } > > > > In your case, there is a workaround : changing your filter to be > > "(&(objectClass=*)(cn=testLDAPGroup))" > > > > > > I'll open a JIRA. > > > > > > Thanks for the report and the test case ! > > > > > > On 17/03/2020 15:02, Francesco Chicchiriccò wrote: > >> On 2020/03/15 14:46:27, Francesco Chicchiricc�� > >> wrote: > >>> On 2020/03/15 14:14:56, Emmanuel Lécharny wrote: > >>>> Hi Francesco, > >>>> > >>>> On 15/03/2020 14:49, Francesco Chicchiriccò wrote: > >>>>> Hi there, > >>>>> I am upgrading Apache DS from 2.0.0.AM25 to 2.0.0 and experiencing > >>>>> some troubles. > >>>> Hmmm, there is no such 2.0.0. > >>> Ah, sorry, I was meaning 2.0.0.AM26 of course. > >>> > >>>>> For example, this used to work fine (e.g. to find the group with > >>>>> the given cn) previously: > >>>>> > >>>>> ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -x -W -b > >>>>> "ou=groups,o=isp" > >>>>> '(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(cn=lastGroup3ae5600a))' > >>>>> > >>>>> cn > >>>>> > >>>>> Now this does not return any result; when I change the filter to > >>>>> > >>>>> '(&(objectClass=groupOfUniqueNames)(cn=lastGroup3ae5600a))' > >>>>> > >>>>> it works again. > >>>>> > >>>>> Also > >>>>> > >>>>> '(&(objectClass=top)(cn=lastGroup3ae5600a))' > >>>>> > >>>>> is working fine; so it seems that top is somehow disturbing. > >>>>> > >>>>> Any ideas? Thanks! > >>>> Do you have an env I can use to test that ? > >> Hi Emmanuel, > >> sorry it took so long to get something simpler to reproduce the problem. > >> > >> I have assembled at > >> > >> https://github.com/ilgrosso/apacheds > >> > >> Just clone and run > >> > >> mvn clean verify > >> > >> The tests executed are > >> > >> https://github.com/ilgrosso/apacheds/blob/master/src/test/java/net/tirasa/sample/apacheds/ApacheDSApplicationTests.java#L42 > >> > >> > >> > >> which runs with filter > >> > >> (&(objectClass=groupOfUniqueNames)(cn=testLDAPGroup)) > >> > >> and finds the group, and > >> > >> https://github.com/ilgrosso/apacheds/blob/master/src/test/java/net/tirasa/sample/apacheds/ApacheDSApplicationTests.java#L59 > >> > >> > >> > >> which runs with filter > >> > >> (&(objectClass=top)(cn=testLDAPGroup)) > >> > >> and does not find the group. > >> > >> The ApacheDS init is in > >> > >> https://github.com/ilgrosso/apacheds/blob/master/src/main/java/net/tirasa/sample/apacheds/ApacheDSStart.java#L193 > >> > >> > >> > >> Thanks for your support. > >> Regards. > >> > >> > >> - > >> To unsubscribe, e-mail: users-unsubscr...@directory.apache.org > >> For additional commands, e-mail: users-h...@directory.apache.org > >> > > - > To unsubscribe, e-mail: users-unsubscr...@directory.apache.org > For additional commands, e-mail: users-h...@directory.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Re: Problems upgrading ApacheDS 2.0.0.AM25 -> 2.0.0
On 2020/03/15 14:46:27, Francesco Chicchiricc�� wrote: > On 2020/03/15 14:14:56, Emmanuel Lécharny wrote: > > Hi Francesco, > > > > On 15/03/2020 14:49, Francesco Chicchiriccò wrote: > > > Hi there, > > > I am upgrading Apache DS from 2.0.0.AM25 to 2.0.0 and experiencing some > > > troubles. > > > > Hmmm, there is no such 2.0.0. > > Ah, sorry, I was meaning 2.0.0.AM26 of course. > > > > For example, this used to work fine (e.g. to find the group with the > > > given cn) previously: > > > > > > ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -x -W -b > > > "ou=groups,o=isp" > > > '(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(cn=lastGroup3ae5600a))' > > > cn > > > > > > Now this does not return any result; when I change the filter to > > > > > > '(&(objectClass=groupOfUniqueNames)(cn=lastGroup3ae5600a))' > > > > > > it works again. > > > > > > Also > > > > > > '(&(objectClass=top)(cn=lastGroup3ae5600a))' > > > > > > is working fine; so it seems that top is somehow disturbing. > > > > > > Any ideas? Thanks! > > > > Do you have an env I can use to test that ? Hi Emmanuel, sorry it took so long to get something simpler to reproduce the problem. I have assembled at https://github.com/ilgrosso/apacheds Just clone and run mvn clean verify The tests executed are https://github.com/ilgrosso/apacheds/blob/master/src/test/java/net/tirasa/sample/apacheds/ApacheDSApplicationTests.java#L42 which runs with filter (&(objectClass=groupOfUniqueNames)(cn=testLDAPGroup)) and finds the group, and https://github.com/ilgrosso/apacheds/blob/master/src/test/java/net/tirasa/sample/apacheds/ApacheDSApplicationTests.java#L59 which runs with filter (&(objectClass=top)(cn=testLDAPGroup)) and does not find the group. The ApacheDS init is in https://github.com/ilgrosso/apacheds/blob/master/src/main/java/net/tirasa/sample/apacheds/ApacheDSStart.java#L193 Thanks for your support. Regards. - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Re: Problems upgrading ApacheDS 2.0.0.AM25 -> 2.0.0
On 2020/03/15 14:14:56, Emmanuel Lécharny wrote: > Hi Francesco, > > On 15/03/2020 14:49, Francesco Chicchiriccò wrote: > > Hi there, > > I am upgrading Apache DS from 2.0.0.AM25 to 2.0.0 and experiencing some > > troubles. > > Hmmm, there is no such 2.0.0. Ah, sorry, I was meaning 2.0.0.AM26 of course. > > For example, this used to work fine (e.g. to find the group with the given > > cn) previously: > > > > ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -x -W -b > > "ou=groups,o=isp" > > '(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(cn=lastGroup3ae5600a))' > > cn > > > > Now this does not return any result; when I change the filter to > > > > '(&(objectClass=groupOfUniqueNames)(cn=lastGroup3ae5600a))' > > > > it works again. > > > > Also > > > > '(&(objectClass=top)(cn=lastGroup3ae5600a))' > > > > is working fine; so it seems that top is somehow disturbing. > > > > Any ideas? Thanks! > > Do you have an env I can use to test that ? Repo is https://github.com/ilgrosso/syncope - in the branch 2_1_X_APACHE_DS_2_0_0_M26 With JAVA_HOME set to JDK 8, do first mvn -T 1C -PskipTests,all,without-eclipse then cd fit/build-tools mvn -Pdebug At this point you will see that ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -x -w secret -b "ou=groups,o=isp" '(&(objectClass=top)(cn=testLDAPGroup))' cn finds no items while ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -x -w secret -b "ou=groups,o=isp" '(&(objectClass=groupOfUniqueNames)(cn=testLDAPGroup))' cn works. Thanks for you support. Regards. - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Re: Problems upgrading ApacheDS 2.0.0.AM25 -> 2.0.0
On 2020/03/15 13:49:27, Francesco Chicchiricc�� wrote: [...] > Also > > '(&(objectClass=top)(cn=lastGroup3ae5600a))' > > is working fine; so it seems that top is somehow disturbing. Sorry, I was meaning that the filer above is *not* working. Regards. - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Problems upgrading ApacheDS 2.0.0.AM25 -> 2.0.0
Hi there, I am upgrading Apache DS from 2.0.0.AM25 to 2.0.0 and experiencing some troubles. For example, this used to work fine (e.g. to find the group with the given cn) previously: ldapsearch -h localhost -p 1389 -D "uid=admin,ou=system" -x -W -b "ou=groups,o=isp" '(&(&(objectClass=top)(objectClass=groupOfUniqueNames))(cn=lastGroup3ae5600a))' cn Now this does not return any result; when I change the filter to '(&(objectClass=groupOfUniqueNames)(cn=lastGroup3ae5600a))' it works again. Also '(&(objectClass=top)(cn=lastGroup3ae5600a))' is working fine; so it seems that top is somehow disturbing. Any ideas? Thanks! - To unsubscribe, e-mail: users-unsubscr...@directory.apache.org For additional commands, e-mail: users-h...@directory.apache.org
Re: [ApacheDS] Migration from AD
On 15/01/2013 14:55, Bettinazzi Tullio wrote: I would like to migrate my AD repository to Apache DS but I didn't find any migration tool. The most important informations I need to migrate are users and their passwords. Is it possible ? Could someone suggest a tool? Hi Tullio, if you are interested, and especially if you need to migrate only user profiles from AD to ApacheDS, I'd suggest an approach based on Apache Syncope. The idea could be to synchronize user profiles from AD to Syncope (which features a full-Java agentless AD connector) and then propagate such users to ApacheDS (via standard LDAPv3 connector). You can see an example close to your use case at [1]. Post your questions / comments to u...@syncope.apache.org in case. Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database -- Francesco Chicchiriccò ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member http://people.apache.org/~ilgrosso/
Re: Cloning an ActiveDirectory tree
On 13/07/2012 08:26, Philippe de Rochambeau wrote: Hello, I would like to partially clone my company ActiveDirectory tree in ApacheDS 2M7 to test a Spring application which uses kerberos authentication on Centos. Any suggestions as to how I should do that? Do I just create user accounts with samaccountnames equal to account names in the AD directory, and existing sampasswords? Hi Philippe, if you are interested, and especially if you need to migrate only user profiles from AD to ApacheDS, I'd rather suggest an alternative approach based on Apache Syncope. The idea could be to synchronize user profiles from AD to Syncope (which features a full-Java agentless AD connector) and then propagate such users to ApacheDS (via standard LDAPv3 connector). You can see an example close to your use case at [1]. Post your questions / comments to syncope-u...@incubator.apache.org in case. Regards. [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Synchronize+Active+Directory+with+SQL+database -- Francesco Chicchiriccò ASF Member, Apache Cocoon PMC and Apache Syncope PPMC Member http://people.apache.org/~ilgrosso/