Re: How do I change the default admin private/public key through ApacheDS Studio
Hi Emmanuel, It is actually included in my last message The version of my apache DS studio is: Apache Directory Studio Version: 2.0.0.v20130628 © 2006-2013 Apache Software Foundation - All right reserved. From: Emmanuel Lécharny To: users@directory.apache.org Date: 10/07/2017 12:57 PM Subject:Re: How do I change the default admin private/public key through ApacheDS Studio Le 07/10/2017 à 19:08, Ike Ikonne a écrit : > Hi Emmanuel, > > I got a stacktrace when a select the Configuration option of the apache > DS studio. Which version of Studio and ApacheDS are you using ? > > > Unable to load the configuration. > - ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! > org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException: > ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! > at > org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:293) > at > org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:47) > at > org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager.lookupAttributeTypeRegistry(DefaultSchemaManager.java:1604) > at > org.apache.directory.api.ldap.model.entry.DefaultEntry.(DefaultEntry.java:311) > at > org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:359) > at > org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:182) > at > org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:127) > at > org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > Caused by: org.apache.directory.api.ldap.model.exception.LdapException: > ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! > at > org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry.lookup(DefaultSchemaObjectRegistry.java:176) > at > org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:289) > ... 8 more > > ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! > > The version of my apache DS studio is: > > Apache Directory Studio > > Version: 2.0.0.v20130628 > > © 2006-2013 Apache Software Foundation - All right reserved. > Visit https://urldefense.proofpoint.com/v2/url?u=http-3A__directory.apache.org_studio&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=agWnQZZC-kGOwhPE6XrovGlSsnjanlizIW98DPVSs3M&m=RF_YXJaxihmlWk4tpuiU2YUcioFKndfjXubERLCrarc&s=CxVeUNYueBZDHr4okz-PZDMqurOwj3pJ97hx4vPFby8&e= > > This product is licensed under the terms of the Apache License 2.0. > > Some icons from FAMFAMFAM https://urldefense.proofpoint.com/v2/url?u=http-3A__www.famfamfam.com_lab_icons_silk&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=agWnQZZC-kGOwhPE6XrovGlSsnjanlizIW98DPVSs3M&m=RF_YXJaxihmlWk4tpuiU2YUcioFKndfjXubERLCrarc&s=coLTf3H72IYEEl3mlWmr9v7WIX0TJPOp7dMg_38fkIM&e= > > > > > From: Emmanuel Lécharny > To: users@directory.apache.org > Date: 10/07/2017 02:55 AM > Subject:Re: How do I change the default admin private/public key > through ApacheDS Studio > > > > Hi, > > > Le 07/10/2017 à 07:08, Ike Ikonne a écrit : >> Hi all, >> >> I have been trying to generate and install a new private/public key >> for Apache DS listening on port 636. I generated a private key >> in PKCS8 format and with associated public key signed by the CA, but it >> appears >> that the way that I am installing it through Apache DS studio >> is not working. I get Handshake error when I try to connect via >> Apache DS studio on port 636. I would appreciate it if someone could >> enable me with the steps for installing privateKey/Public Key >> for the Apache Directory server via Apache DS studio. > The simplest way would be to set the private key in an external > keystore, as explained in > https://urldefense.proofpoint.com/v2/url?u=http-3A__directory.staging.apache.org_apacheds_basic-2Dug_3.3-2Denabling-2Dssl.html&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=agWnQZZC-kGOwhPE6XrovGlSsnjanlizIW98DPVSs3M&m=tAcHLr7mLU_WskVeqcJbdMQASqhBjL6q3bw5VIEF1xc&s=aA4tiT926p4W_V0mkg_eTXpWgHv37o6J2XZYtXQYGhM&e= > > > You can also store the public and private key in the user's entry > (privateKey and publicKey attributes) but it's less safe. -- > > Emmanuel Lecharny > > Symas.com > directory.apache.org > > > > > > -- Emmanuel Lecharny Symas.com directory.apache.org
Re: How do I change the default admin private/public key through ApacheDS Studio
Hi Emmanuel, I got a stacktrace when a select the Configuration option of the apache DS studio. Unable to load the configuration. - ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException: ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! at org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:293) at org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:47) at org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager.lookupAttributeTypeRegistry(DefaultSchemaManager.java:1604) at org.apache.directory.api.ldap.model.entry.DefaultEntry.(DefaultEntry.java:311) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:359) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:182) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:127) at org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: org.apache.directory.api.ldap.model.exception.LdapException: ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! at org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry.lookup(DefaultSchemaObjectRegistry.java:176) at org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:289) ... 8 more ERR_04269 ATTRIBUTE_TYPE for OID ads-hashalgorithm does not exist! The version of my apache DS studio is: Apache Directory Studio Version: 2.0.0.v20130628 © 2006-2013 Apache Software Foundation - All right reserved. Visit http://directory.apache.org/studio This product is licensed under the terms of the Apache License 2.0. Some icons from FAMFAMFAM http://www.famfamfam.com/lab/icons/silk From: Emmanuel Lécharny To: users@directory.apache.org Date: 10/07/2017 02:55 AM Subject:Re: How do I change the default admin private/public key through ApacheDS Studio Hi, Le 07/10/2017 à 07:08, Ike Ikonne a écrit : > Hi all, > > I have been trying to generate and install a new private/public key > for Apache DS listening on port 636. I generated a private key > in PKCS8 format and with associated public key signed by the CA, but it > appears > that the way that I am installing it through Apache DS studio > is not working. I get Handshake error when I try to connect via > Apache DS studio on port 636. I would appreciate it if someone could > enable me with the steps for installing privateKey/Public Key > for the Apache Directory server via Apache DS studio. The simplest way would be to set the private key in an external keystore, as explained in https://urldefense.proofpoint.com/v2/url?u=http-3A__directory.staging.apache.org_apacheds_basic-2Dug_3.3-2Denabling-2Dssl.html&d=DwIFaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=agWnQZZC-kGOwhPE6XrovGlSsnjanlizIW98DPVSs3M&m=tAcHLr7mLU_WskVeqcJbdMQASqhBjL6q3bw5VIEF1xc&s=aA4tiT926p4W_V0mkg_eTXpWgHv37o6J2XZYtXQYGhM&e= You can also store the public and private key in the user's entry (privateKey and publicKey attributes) but it's less safe. -- Emmanuel Lecharny Symas.com directory.apache.org
How do I change the default admin private/public key through ApacheDS Studio
Hi all, I have been trying to generate and install a new private/public key for Apache DS listening on port 636. I generated a private key in PKCS8 format and with associated public key signed by the CA, but it appears that the way that I am installing it through Apache DS studio is not working. I get Handshake error when I try to connect via Apache DS studio on port 636. I would appreciate it if someone could enable me with the steps for installing privateKey/Public Key for the Apache Directory server via Apache DS studio. Thanks, Ike
Re: How to configure pwdPolicySubentry
Hi Emmanuel, Yes, in fact, the sshPublicKey is an attribute of ldapPublicKey. Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org Date: 01/04/2017 04:42 PM Subject:Re: How to configure pwdPolicySubentry Weird... The cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com entry contains a Structural ObjectClass : organizationalPerson. Have you correctly added the schema that contains the ldapPublicKey ObjectClass ? Le 04/01/2017 à 21:13, Ike Ikonne a écrit : > Hi Emmanuel, > > Thanks for the reply. Here is the LDIF information that you had > requested, the first one is the password policy container, the > second is actually the user where the pwdPolicySubentry attribute > is being updated. > > ** pwdPolicy container *** > dn: ou=sspPwdPolicy,o=ABC,dc=example,dc=com > objectClass: top > objectClass: organizationalUnit > objectClass: pwdPolicy > ou: sspPwdPolicy > pwdAttribute: userPassword > > > *** user container * > dn: cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com > objectClass: ldapPublicKey > objectClass: pkiUser > objectClass: organizationalPerson > objectClass: person > objectClass: top > cn: iikon1 > sn: Ikonne > sshPublicKey:: > QUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQWdRQ2NlK0FEeVFXRy9IcU1WV > > XRiRFdEUytEK2syMVYwVWxyTDhna0J4S0VuazgyU1krbUl0cjNIL0U0VGdFZWp3OGsybGtyc2E0 > > dHZNY3ZMNDNiK0psd21ob2h2S3NpVSs5ZzhkSFBLNFBwejk5QWpwZUVIVnI1cW1LYmFWcnpQSE5 > > vMk5KRSs3bkdpeW8vTEVPVEd2QkxKTmo2YlJzdmo2SVhBcW1qcG9NMEkxdz09ICAgICAgICAgIC > AgICAgICAgICAgICAgICAgICAgICAg > userPassword:: > e1NTSEF9TkcwNGxWdllnWXdWQjVYTHJxdjNCdmtMQU1aRHFhczQ2c1IwdHc9P > Q== > > *** stacktrace from trying to set the pwdPolicySubentry with > dn: ou=sspPwdPolicy,o=ABC,dc=example,dc=com ** > > javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - > OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST > Message ID : 58 > Add Request : > Entry > dn[n]: cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com > > cn: iikon1 > pwdPolicySubentry: ou=sspPwdPolicy,o=ABC,dc=example,dc=com > : ERR_60 Entry cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com does not contain a > STRUCTURAL ObjectClass]; remaining name > 'iikon1,ou=OCE,o=ABC,dc=example,dc=com' > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3133) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3048) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2854) > at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:825) > at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:350) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:279) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:267) > at > javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:209) > > > > From: Emmanuel Lécharny > To: users@directory.apache.org > Date: 01/04/2017 02:25 AM > Subject:Re: How to configure pwdPolicySubentry > > > > Hi, > > > can you past the entry you are injecting ? You may be missing a needed > ObjectClass beside the 'pwdPolicy', which is Auxiliary. A Structural > ObjectClass is needed, 'subentry' in this case. > > > Le 04/01/2017 à 08:07, Ike Ikonne a écrit : >> Hi all, >> >> I am trying to configure a per user pwdPolicy in APACHE Directory >> programmatically, >> but I am getting a stacktrace. I would appreciate a hint on how to get >> this configured >> successfully. >> >> Thanks, >> >> Ike >> >> - javax.naming.directory.SchemaViolationException: [LDAP: error code 65 > - >> OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST >> Message ID : 58 >> Add Request : >> Entry >> dn[n]: cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com >> >> cn: ceu_user11 >> pwdPolicySubentry: >> > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config >> : ERR_60 Entry cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com does not >> contain a STRUCTURAL ObjectClass]; remaining name >> 'cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com' >> at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3133) >> at > com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3048) >> at > co
Re: How to configure pwdPolicySubentry
Hi Emmanuel, Thanks for the reply. Here is the LDIF information that you had requested, the first one is the password policy container, the second is actually the user where the pwdPolicySubentry attribute is being updated. ** pwdPolicy container *** dn: ou=sspPwdPolicy,o=ABC,dc=example,dc=com objectClass: top objectClass: organizationalUnit objectClass: pwdPolicy ou: sspPwdPolicy pwdAttribute: userPassword *** user container * dn: cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com objectClass: ldapPublicKey objectClass: pkiUser objectClass: organizationalPerson objectClass: person objectClass: top cn: iikon1 sn: Ikonne sshPublicKey:: QUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQWdRQ2NlK0FEeVFXRy9IcU1WV XRiRFdEUytEK2syMVYwVWxyTDhna0J4S0VuazgyU1krbUl0cjNIL0U0VGdFZWp3OGsybGtyc2E0 dHZNY3ZMNDNiK0psd21ob2h2S3NpVSs5ZzhkSFBLNFBwejk5QWpwZUVIVnI1cW1LYmFWcnpQSE5 vMk5KRSs3bkdpeW8vTEVPVEd2QkxKTmo2YlJzdmo2SVhBcW1qcG9NMEkxdz09ICAgICAgICAgIC AgICAgICAgICAgICAgICAgICAgICAg userPassword:: e1NTSEF9TkcwNGxWdllnWXdWQjVYTHJxdjNCdmtMQU1aRHFhczQ2c1IwdHc9P Q== *** stacktrace from trying to set the pwdPolicySubentry with dn: ou=sspPwdPolicy,o=ABC,dc=example,dc=com ** javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST Message ID : 58 Add Request : Entry dn[n]: cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com cn: iikon1 pwdPolicySubentry: ou=sspPwdPolicy,o=ABC,dc=example,dc=com : ERR_60 Entry cn=iikon1,ou=OCE,o=ABC,dc=example,dc=com does not contain a STRUCTURAL ObjectClass]; remaining name 'iikon1,ou=OCE,o=ABC,dc=example,dc=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3133) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3048) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2854) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:825) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:350) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:279) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:267) at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:209) From: Emmanuel Lécharny To: users@directory.apache.org Date: 01/04/2017 02:25 AM Subject:Re: How to configure pwdPolicySubentry Hi, can you past the entry you are injecting ? You may be missing a needed ObjectClass beside the 'pwdPolicy', which is Auxiliary. A Structural ObjectClass is needed, 'subentry' in this case. Le 04/01/2017 à 08:07, Ike Ikonne a écrit : > Hi all, > > I am trying to configure a per user pwdPolicy in APACHE Directory > programmatically, > but I am getting a stacktrace. I would appreciate a hint on how to get > this configured > successfully. > > Thanks, > > Ike > > - javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - > OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST > Message ID : 58 > Add Request : > Entry > dn[n]: cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com > > cn: ceu_user11 > pwdPolicySubentry: > ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config > : ERR_60 Entry cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com does not > contain a STRUCTURAL ObjectClass]; remaining name > 'cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com' > at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3133) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3048) > at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2854) > at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:825) > at > com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:350) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:279) > at > com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:267 > > > > -- Emmanuel Lecharny Symas.com directory.apache.org
How to configure pwdPolicySubentry
Hi all, I am trying to configure a per user pwdPolicy in APACHE Directory programmatically, but I am getting a stacktrace. I would appreciate a hint on how to get this configured successfully. Thanks, Ike - javax.naming.directory.SchemaViolationException: [LDAP: error code 65 - OBJECT_CLASS_VIOLATION: failed for MessageType : ADD_REQUEST Message ID : 58 Add Request : Entry dn[n]: cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com cn: ceu_user11 pwdPolicySubentry: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config : ERR_60 Entry cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com does not contain a STRUCTURAL ObjectClass]; remaining name 'cn=ceu_user11,ou=OCE,o=ABC,dc=example,dc=com' at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3133) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3048) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2854) at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(LdapCtx.java:825) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:350) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:279) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:267
Re: ipHostNumber
Hi Emmanuel, It works, once I enabled the nis schema I am now able to access the ipHost objectClass. Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org Date: 08/07/2015 05:13 PM Subject:Re: ipHostNumber Le 07/08/15 22:31, Ike Ikonne a écrit : > Hi all, > > I am trying to inherit the ipHostNumber attribute in Apache DS but I am > having a hard time trying to get it to stick. I would appreciate it if > someone > could explain to me which objectclass(es) that I must have to add in order > to inherit this attribute. OpenLDAP has ipHost objectclass that does > exactly the same thing. FTR, ipHostNumber is an AttributeType. ipHost is an auxiliary ObjectClass. If your entry has the ipHost ObjectClass, you can inject the ipHostNumber intot it. Note that both elements are part of the 'nis' schema, which is not enabled on ApacheDS by default. Enable this schema first.
ipHostNumber
Hi all, I am trying to inherit the ipHostNumber attribute in Apache DS but I am having a hard time trying to get it to stick. I would appreciate it if someone could explain to me which objectclass(es) that I must have to add in order to inherit this attribute. OpenLDAP has ipHost objectclass that does exactly the same thing. Thanks, Ike Ikonne
Re: Missing entries
Hi Bill, Have you tried the "Browser Options" of the Apache DS studio. Right-click on the connection and then select properties, you should see "Browser Options" Cheers, Ike From: William Osmond To: users@directory.apache.org Date: 06/25/2015 07:27 PM Subject:Missing entries Hello all, I've been running Apache DS version 2.0.0.v20130628 successfully for some years now, however I've hit a snag. The application is only showing 10 of ~750 entries that used to be present under a particular DN. If I view the master.db in a text editor I can see that the entries are still there, however they're not displayed in the LDAP Browser. Any help would be greatly appreciated! -Bill
Re: Unable to open ApacheDS 2.0.0-M20 Configuration
Hi Emmanuel, I have seen this on Windows 7 64-bit v1.13.00.AL B16 Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org Date: 06/02/2015 10:05 AM Subject:Re: Unable to open ApacheDS 2.0.0-M20 Configuration Le 02/06/15 16:53, Sunil Kalahasti a écrit : > Emmanuel, > > It seems like a Mac version. Ah ! > > If possible, I request you to please point me to a windows version. I don't have a link atm. I have to upload it from home, in a couple of hours, if stefan does not beat me ;-)
Re: Unable to start ApacheDS 2.0.0-M20
Hi, I ran into a similar issue last weekend and it turned out that it was requiring me to upgrade my JRE to at least 1.7.* . Please try upgrading your JRE to 1.7.* , it might resolve it. Thanks, Ike From: Sunil Kalahasti To: "users@directory.apache.org" Date: 06/01/2015 12:45 AM Subject:Unable to start ApacheDS 2.0.0-M20 We are unable to start ApacheDS 2.0.0-M20. Following is the error log: STATUS | wrapper | 2015/06/01 00:39:16 | --> Wrapper Started as Daemon STATUS | wrapper | 2015/06/01 00:39:16 | Launching a JVM... INFO | jvm 1| 2015/06/01 00:39:16 | Exception in thread "main" java.lang.UnsupportedClassVersionError: org/apache/directory/server/wrapper/ApacheDsTanukiWrapper : Unsupported major.minor version 51.0 INFO | jvm 1| 2015/06/01 00:39:16 | at java.lang.ClassLoader.defineClass1(Native Method) INFO | jvm 1| 2015/06/01 00:39:16 | at java.lang.ClassLoader.defineClass(ClassLoader.java:643) INFO | jvm 1| 2015/06/01 00:39:16 | at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) INFO | jvm 1| 2015/06/01 00:39:16 | at java.net.URLClassLoader.defineClass(URLClassLoader.java:277) INFO | jvm 1| 2015/06/01 00:39:16 | at java.net.URLClassLoader.access$000(URLClassLoader.java:73) INFO | jvm 1| 2015/06/01 00:39:16 | at java.net.URLClassLoader$1.run(URLClassLoader.java:212) INFO | jvm 1| 2015/06/01 00:39:16 | at java.security.AccessController.doPrivileged(Native Method) INFO | jvm 1| 2015/06/01 00:39:16 | at java.net.URLClassLoader.findClass(URLClassLoader.java:205) INFO | jvm 1| 2015/06/01 00:39:16 | at java.lang.ClassLoader.loadClass(ClassLoader.java:323) INFO | jvm 1| 2015/06/01 00:39:16 | at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:294) INFO | jvm 1| 2015/06/01 00:39:16 | at java.lang.ClassLoader.loadClass(ClassLoader.java:268) ERROR | wrapper | 2015/06/01 00:39:17 | JVM exited while loading the application. INFO | jvm 1| 2015/06/01 00:39:17 | Could not find the main class: org.apache.directory.server.wrapper.ApacheDsTanukiWrapper. Program will exit. FATAL | wrapper | 2015/06/01 00:39:17 | There were 1 failed launches in a row, each lasting less than 300 seconds. Giving up. FATAL | wrapper | 2015/06/01 00:39:17 | There may be a configuration problem: please check the logs. STATUS | wrapper | 2015/06/01 00:39:17 | <-- Wrapper Stopped It seems it is due the JDK version. We have JDK 1.6.x. As per http://directory.apache.org/apacheds/basic-ug/1.3-installing-and-starting.html , it should work with JDK 6 as well. I request you to please confirm which JDK version we require for ApacheDS 2.0.0-M20. Thanks, Sunil.
Re: Creating top level organization
Hi all, Yes, I get the same thing also after installing apacheds-2.0.0-M20-64bit; I opened a ticket regarding this issue a while back, and it appeared to have been fixed in apacheds-2.0.0-M19-64bit, but it looks like we regressed in apacheds-2.0.0-M20-64bit. I need help with it too. Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org Date: 05/31/2015 09:48 AM Subject:Re: Creating top level organization Le 31/05/15 16:05, Sohail Aboobaker a écrit : > Hi, > > I have a new install of Apache ds 2.0 and Directory Studio. I need to create a new organization like o=sevenseas but when I try to open configuration from Directory Studio, it fails to open the configuration view with "ATTRIBUTE_TYPE for OID ads-basedn does not exist!" error. I downloaded the nightly build but the nightly build doesn't contain any view or perspective on mac. All I get is a blank LDAP perspective without any views. The nightly build has been stopped being created more than 2 months ago. I just have pushed the latest build on http://people.apache.org/~elecharny/ Download it, unzip it, and start the app : $ open products/org.apache.directory.studio.product/macosx/cocoa/x86_64/ApacheDirectoryStudio.app You should be able to configure ApacheDS.
Re: stacktrace in wrapper.log
Hi all, Could you send to me a link on how to open a JIRA ticket for ApacheDS? Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 12/03/2014 09:56 AM Subject:Re: stacktrace in wrapper.log Le 03/12/14 16:31, Ike Ikonne a écrit : > Hi all, > > I am getting the following on the wrapper.log, I was wondering if anyone > knows why this exception > is being thrown, my platform is windows 7. Also, why is it that when I > start ApacheDS as a service > I see a new directory {APACHEDS_INSTALL}/bin/%INSTANCE%? I was under the > impression > that the instance at {APACHEDS_INSTALL}/instances/default would be used. Can you create a JIRA for this one ? I'm currently reviewing the installers, and I'd like to have a close look at this pb. Please provide the ApacheDS version too Thanks ! > > > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:ERROR Could not read > configuration file from URL > [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. > INFO | jvm 1| 2014/12/02 21:46:44 | > java.lang.IllegalArgumentException > INFO | jvm 1| 2014/12/02 21:46:44 | at > sun.net.www.ParseUtil.decode(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > sun.net.www.protocol.file.Handler.openConnection(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > sun.net.www.protocol.file.Handler.openConnection(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > java.net.URL.openConnection(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:555) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:526) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.log4j.LogManager.(LogManager.java:127) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.slf4j.impl.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:66) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:277) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:288) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.directory.server.wrapper.ApacheDsTanukiWrapper.(ApacheDsTanukiWrapper.java:40) > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:ERROR Ignoring > configuration file [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. > INFO | jvm 1| 2014/12/02 21:46:44 | Wrapper (Version 3.2.3) > http://wrapper.tanukisoftware.org > INFO | jvm 1| 2014/12/02 21:46:44 | Copyright 1999-2006 Tanuki > Software, Inc. All Rights Reserved. > INFO | jvm 1| 2014/12/02 21:46:44 | > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN No appenders could be > found for logger > (org.apache.directory.server.wrapper.ApacheDsTanukiWrapper). > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN Please initialize the > log4j system properly. > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN See > http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. > INFO | wrapper | 2014/12/02 21:46:48 | Waiting to start... > INFO | wrapper | 2014/12/02 21:46:53 | Waiting to start... > INFO | wrapper | 2014/12/02 21:46:58 | Waiting to start... > INFO | jvm 1| 2014/12/02 21:47:00 |_ _ > > INFO | jvm 1| 2014/12/02 21:47:00 | / \ _ _____ ___| > |__ ___| _ \/ ___| > INFO | jvm 1| 2014/12/02 21:47:00 | / _ \ | '_ \ / _` |/ > __| '_ \ / _ \ | | \___ \ > INFO | jvm 1| 2014/12/02 21:47:00 | / ___ \| |_) | (_| | > (__| | | | __/ |_| |___) | > INFO | jvm 1| 2014/12/02 21:47:00 |/_/ \_\ .__/ > \__,_|\___|_| |_|\___|/|/ > INFO | jvm 1| 2014/12/02 21:47:00 ||_| > INFO | jvm 1| 2014/12/02 21:47:00 | > STATUS | wrapper | 2014/12/02 21:47:02 | ApacheDS - default started.
Re: stacktrace in wrapper.log
Hi all, My apache DS version is ApacheDS-2.0.0-M19 Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 12/03/2014 09:56 AM Subject:Re: stacktrace in wrapper.log Le 03/12/14 16:31, Ike Ikonne a écrit : > Hi all, > > I am getting the following on the wrapper.log, I was wondering if anyone > knows why this exception > is being thrown, my platform is windows 7. Also, why is it that when I > start ApacheDS as a service > I see a new directory {APACHEDS_INSTALL}/bin/%INSTANCE%? I was under the > impression > that the instance at {APACHEDS_INSTALL}/instances/default would be used. Can you create a JIRA for this one ? I'm currently reviewing the installers, and I'd like to have a close look at this pb. Please provide the ApacheDS version too Thanks ! > > > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:ERROR Could not read > configuration file from URL > [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. > INFO | jvm 1| 2014/12/02 21:46:44 | > java.lang.IllegalArgumentException > INFO | jvm 1| 2014/12/02 21:46:44 | at > sun.net.www.ParseUtil.decode(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > sun.net.www.protocol.file.Handler.openConnection(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > sun.net.www.protocol.file.Handler.openConnection(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > java.net.URL.openConnection(Unknown Source) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:555) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:526) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.log4j.LogManager.(LogManager.java:127) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.slf4j.impl.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:66) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:277) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:288) > INFO | jvm 1| 2014/12/02 21:46:44 | at > org.apache.directory.server.wrapper.ApacheDsTanukiWrapper.(ApacheDsTanukiWrapper.java:40) > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:ERROR Ignoring > configuration file [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. > INFO | jvm 1| 2014/12/02 21:46:44 | Wrapper (Version 3.2.3) > http://wrapper.tanukisoftware.org > INFO | jvm 1| 2014/12/02 21:46:44 | Copyright 1999-2006 Tanuki > Software, Inc. All Rights Reserved. > INFO | jvm 1| 2014/12/02 21:46:44 | > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN No appenders could be > found for logger > (org.apache.directory.server.wrapper.ApacheDsTanukiWrapper). > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN Please initialize the > log4j system properly. > INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN See > http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. > INFO | wrapper | 2014/12/02 21:46:48 | Waiting to start... > INFO | wrapper | 2014/12/02 21:46:53 | Waiting to start... > INFO | wrapper | 2014/12/02 21:46:58 | Waiting to start... > INFO | jvm 1| 2014/12/02 21:47:00 |_ _ > > INFO | jvm 1| 2014/12/02 21:47:00 | / \ _ _____ ___| > |__ ___| _ \/ ___| > INFO | jvm 1| 2014/12/02 21:47:00 | / _ \ | '_ \ / _` |/ > __| '_ \ / _ \ | | \___ \ > INFO | jvm 1| 2014/12/02 21:47:00 | / ___ \| |_) | (_| | > (__| | | | __/ |_| |___) | > INFO | jvm 1| 2014/12/02 21:47:00 |/_/ \_\ .__/ > \__,_|\___|_| |_|\___|/|/ > INFO | jvm 1| 2014/12/02 21:47:00 ||_| > INFO | jvm 1| 2014/12/02 21:47:00 | > STATUS | wrapper | 2014/12/02 21:47:02 | ApacheDS - default started.
stacktrace in wrapper.log
Hi all, I am getting the following on the wrapper.log, I was wondering if anyone knows why this exception is being thrown, my platform is windows 7. Also, why is it that when I start ApacheDS as a service I see a new directory {APACHEDS_INSTALL}/bin/%INSTANCE%? I was under the impression that the instance at {APACHEDS_INSTALL}/instances/default would be used. INFO | jvm 1| 2014/12/02 21:46:44 | log4j:ERROR Could not read configuration file from URL [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. INFO | jvm 1| 2014/12/02 21:46:44 | java.lang.IllegalArgumentException INFO | jvm 1| 2014/12/02 21:46:44 | at sun.net.www.ParseUtil.decode(Unknown Source) INFO | jvm 1| 2014/12/02 21:46:44 | at sun.net.www.protocol.file.Handler.openConnection(Unknown Source) INFO | jvm 1| 2014/12/02 21:46:44 | at sun.net.www.protocol.file.Handler.openConnection(Unknown Source) INFO | jvm 1| 2014/12/02 21:46:44 | at java.net.URL.openConnection(Unknown Source) INFO | jvm 1| 2014/12/02 21:46:44 | at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:555) INFO | jvm 1| 2014/12/02 21:46:44 | at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:526) INFO | jvm 1| 2014/12/02 21:46:44 | at org.apache.log4j.LogManager.(LogManager.java:127) INFO | jvm 1| 2014/12/02 21:46:44 | at org.slf4j.impl.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:66) INFO | jvm 1| 2014/12/02 21:46:44 | at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:277) INFO | jvm 1| 2014/12/02 21:46:44 | at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:288) INFO | jvm 1| 2014/12/02 21:46:44 | at org.apache.directory.server.wrapper.ApacheDsTanukiWrapper.(ApacheDsTanukiWrapper.java:40) INFO | jvm 1| 2014/12/02 21:46:44 | log4j:ERROR Ignoring configuration file [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. INFO | jvm 1| 2014/12/02 21:46:44 | Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org INFO | jvm 1| 2014/12/02 21:46:44 | Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. INFO | jvm 1| 2014/12/02 21:46:44 | INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN No appenders could be found for logger (org.apache.directory.server.wrapper.ApacheDsTanukiWrapper). INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN Please initialize the log4j system properly. INFO | jvm 1| 2014/12/02 21:46:44 | log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. INFO | wrapper | 2014/12/02 21:46:48 | Waiting to start... INFO | wrapper | 2014/12/02 21:46:53 | Waiting to start... INFO | wrapper | 2014/12/02 21:46:58 | Waiting to start... INFO | jvm 1| 2014/12/02 21:47:00 |_ _ INFO | jvm 1| 2014/12/02 21:47:00 | / \ _ _____ ___| |__ ___| _ \/ ___| INFO | jvm 1| 2014/12/02 21:47:00 | / _ \ | '_ \ / _` |/ __| '_ \ / _ \ | | \___ \ INFO | jvm 1| 2014/12/02 21:47:00 | / ___ \| |_) | (_| | (__| | | | __/ |_| |___) | INFO | jvm 1| 2014/12/02 21:47:00 |/_/ \_\ .__/ \__,_|\___|_| |_|\___|/|/ INFO | jvm 1| 2014/12/02 21:47:00 ||_| INFO | jvm 1| 2014/12/02 21:47:00 | STATUS | wrapper | 2014/12/02 21:47:02 | ApacheDS - default started.
Re: Issue with starting ApacheDS
Hi Yes, in fact, if I re-install ApachDS, it runs for say a couple of weeks, then all of a sudden I notice this behavior and then I have to reinstall ApachDS again to get things going, it is really annoying and I would like to get to the bottom of it ... Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 12/02/2014 11:13 AM Subject:Re: Issue with starting ApacheDS Le 02/12/14 17:26, Ike Ikonne a écrit : > Hi All, > > I have noticed that everyone now and then that I am not able to start > Apache DS as a windows service; > so today I tried to start it as a console application and then I see the > following stacktrace, does > anyone have an idea what is going on? I have copied log4.properties to my > ApacheDS instance > conf directory but I still continue to see the stacktrace and moreover, my > Apache DS will not > start anymore. Here is the stacktrace and the log4.properties that I am > using. > > jvm 1| C:\ApacheDS-2.0.0-M18\lib\wrapper.dll: Can't load > IA 32-bit .dll on a AMD 64-bit platform Have you loaded and installed a 32 bits package on your 64 bit machine ?
Issue with starting ApacheDS
Hi All, I have noticed that everyone now and then that I am not able to start Apache DS as a windows service; so today I tried to start it as a console application and then I see the following stacktrace, does anyone have an idea what is going on? I have copied log4.properties to my ApacheDS instance conf directory but I still continue to see the stacktrace and moreover, my Apache DS will not start anymore. Here is the stacktrace and the log4.properties that I am using. ** C:\ApacheDS-2.0.0-M18\bin>wrapper.exe -c ../conf/wrapper.conf wrapper | --> Wrapper Started as Console wrapper | Launching a JVM... jvm 1| log4j:ERROR Could not read configuration file from URL [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. jvm 1| java.lang.IllegalArgumentException jvm 1| at sun.net.www.ParseUtil.decode(ParseUtil.java:202) jvm 1| at sun.net.www.protocol.file.Handler.openConnection(Handler.java:82) jvm 1| at sun.net.www.protocol.file.Handler.openConnection(Handler.java:72) jvm 1| at java.net.URL.openConnection(URL.java:971) jvm 1| at org.apache.log4j.PropertyConfigurator.doConfigure(PropertyConfigurator.java:555) jvm 1| at org.apache.log4j.helpers.OptionConverter.selectAndConfigure(OptionConverter.java:526) jvm 1| at org.apache.log4j.LogManager.(LogManager.java:127) jvm 1| at org.slf4j.impl.Log4jLoggerFactory.getLogger(Log4jLoggerFactory.java:66) jvm 1| at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:277) jvm 1| at org.slf4j.LoggerFactory.getLogger(LoggerFactory.java:288) jvm 1| at org.apache.directory.server.wrapper.ApacheDsTanukiWrapper.(ApacheDsTanukiWrapper.java:40) jvm 1| log4j:ERROR Ignoring configuration file [file:/%INSTANCE_DIRECTORY%/conf/log4j.properties]. jvm 1| Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1| Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1| jvm 1| jvm 1| WARNING - Unable to load the Wrapper's native library 'wrapper.dll'. jvm 1| The file is located on the path at the following location but jvm 1| could not be loaded: jvm 1| C:\ApacheDS-2.0.0-M18\bin\..\lib\wrapper.dll jvm 1| Please verify that the file is readable by the current user jvm 1| and that the file has not been corrupted in any way. jvm 1| One common cause of this problem is running a 32-bit version jvm 1| of the Wrapper with a 64-bit version of Java, or vica versa. jvm 1| This is a 64-bit JVM. jvm 1| Reported cause: jvm 1| C:\ApacheDS-2.0.0-M18\lib\wrapper.dll: Can't load IA 32-bit .dll on a AMD 64-bit platform jvm 1| System signals will not be handled correctly. jvm 1| jvm 1| log4j:WARN No appenders could be found for logger (org.apache.directory.server.wrapper.ApacheDsTanukiWrapper). jvm 1| log4j:WARN Please initialize the log4j system properly. jvm 1| log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. wrapper | <-- Wrapper Stopped * log4j.rootCategory=WARN, stdout, R log4j.appender.stdout=org.apache.log4j.ConsoleAppender log4j.appender.stdout.layout=org.apache.log4j.PatternLayout log4j.appender.R=org.apache.log4j.RollingFileAppender log4j.appender.R.File=apacheds-rolling.log log4j.appender.R.MaxFileSize=1024KB # Keep some backup files log4j.appender.R.MaxBackupIndex=5 log4j.appender.R.layout=org.apache.log4j.PatternLayout log4j.appender.R.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n log4j.appender.stdout.layout.ConversionPattern=[%d{HH:mm:ss}] %p [%c] - %m%n # with these we'll not get inundated when switching to DEBUG log4j.logger.org.apache.directory.shared.ldap.name=WARN log4j.logger.org.springframework=WARN log4j.logger.org.apache.directory.shared.codec=WARN log4j.logger.org.apache.directory.shared.asn1=WARN
Re: Problems with executing Open Configiration from apacheDS Studio
Hi Kiran, Thanks, will do. Ike From: Kiran Ayyagari To: "users@directory.apache.org" , Date: 11/19/2014 05:10 PM Subject:Re: Problems with executing Open Configiration from apacheDS Studio search for config.ldif under the ApacheDS installation. (it will be under '/instances/default/conf/' assuming 'default' is the name of your server instance) On Thu, Nov 20, 2014 at 6:55 AM, Ike Ikonne wrote: > Hi, > > Where can I find that particular LDIFF so that I may modify it? > > Thanks, > > Ike > > > > From: Emmanuel Lécharny > To: users@directory.apache.org, > Date: 11/19/2014 04:51 PM > Subject:Re: Problems with executing Open Configiration from > apacheDS Studio > > > > Le 19/11/14 19:41, Ike Ikonne a écrit : > > Hi all, > > > > I get this stacktrace when I try to perform "Open Configuration" through > > Apache DS studio version Version: 2.0.0-SNAPSHOT. Have anyone > > ran into this issue, if so, how do I go about resolving it. I am trying > > to create a new DSE. Which other option do I have to create a new > > DSE if "Open Configuration" option is not available for now. > > It's due to some change sin the ApacheDS configuration that has not been > - yet - handled by Studio. > > We are working on that, and it takes time, as we needed a recent version > fo ApacheDS and the LDAP API, version that we just had released as of > today. > > I won't promise a new Studio version any time soon, it might take a few > weeks, but this is definitively on our todo list. > > Btw, you can - and I'm ashamed to have to tell you that - update the > configuration manually by updating the ldif file that contains it. It's > certainly not teh right thing to do, but I have no other option to offer > atm... > > > > -- Kiran Ayyagari http://keydap.com
Re: Problems with executing Open Configiration from apacheDS Studio
Hi, Where can I find that particular LDIFF so that I may modify it? Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 11/19/2014 04:51 PM Subject:Re: Problems with executing Open Configiration from apacheDS Studio Le 19/11/14 19:41, Ike Ikonne a écrit : > Hi all, > > I get this stacktrace when I try to perform "Open Configuration" through > Apache DS studio version Version: 2.0.0-SNAPSHOT. Have anyone > ran into this issue, if so, how do I go about resolving it. I am trying > to create a new DSE. Which other option do I have to create a new > DSE if "Open Configuration" option is not available for now. It's due to some change sin the ApacheDS configuration that has not been - yet - handled by Studio. We are working on that, and it takes time, as we needed a recent version fo ApacheDS and the LDAP API, version that we just had released as of today. I won't promise a new Studio version any time soon, it might take a few weeks, but this is definitively on our todo list. Btw, you can - and I'm ashamed to have to tell you that - update the configuration manually by updating the ldif file that contains it. It's certainly not teh right thing to do, but I have no other option to offer atm...
Problems with executing Open Configiration from apacheDS Studio
Hi all, I get this stacktrace when I try to perform "Open Configuration" through Apache DS studio version Version: 2.0.0-SNAPSHOT. Have anyone ran into this issue, if so, how do I go about resolving it. I am trying to create a new DSE. Which other option do I have to create a new DSE if "Open Configuration" option is not available for now. Thanks, Ike Unable to load the configuration. - ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! org.apache.directory.shared.ldap.model.exception.LdapNoSuchAttributeException: ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! at org.apache.directory.shared.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:317) at org.apache.directory.shared.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:47) at org.apache.directory.shared.ldap.schemamanager.impl.DefaultSchemaManager.lookupAttributeTypeRegistry(DefaultSchemaManager.java:1620) at org.apache.directory.shared.ldap.model.entry.DefaultEntry.(DefaultEntry.java:310) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:358) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:182) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:127) at org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: org.apache.directory.shared.ldap.model.exception.LdapException: ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! at org.apache.directory.shared.ldap.model.schema.registries.DefaultSchemaObjectRegistry.lookup(DefaultSchemaObjectRegistry.java:176) at org.apache.directory.shared.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:313) ... 8 more ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersle
Re: Secured LDAP Account
Hi Syed, Try this link that has already been suggested to you in the previous thread ... you should see an example of how to specify a trustmanager that won't do any certificate validation. Once you get this working, then, you will build on it and then use a trustmanager that would actually perform certificate validation. http://svn.apache.org/viewvc/directory/apacheds/trunk/ldap-client-test/src/test/java/org/apache/directory/shared/client/api/LdapSSLConnectionTest.java?revision=1567956&view=markup From: Syed Mudassir Ahmed To: users@directory.apache.org, Date: 11/05/2014 12:16 PM Subject:Re: Secured LDAP Account No, I don't. Good question. I have no idea as well. Can you please provide an example/reference that I can follow? Thanks, Syed. Syed M Ahmed Senior Member of Technical Staff Gaian Solutions India Pvt Ltd On Wed, Nov 5, 2014 at 10:31 PM, Ike Ikonne wrote: > Hi Syed, > > So, in your Java program, do you have the server certificate in the > keystore that your Java program is using to establish SSL connection > with the LDAP server? > > Thanks, > > Ike > > > > > From: Syed Mudassir Ahmed > To: users@directory.apache.org, > Date: 11/05/2014 10:57 AM > Subject:Re: Secured LDAP Account > > > > Yes, > Certificate is generated on the server side. And port is 636. > I am able to connect to my server through LDAPBrowser using LDAPS > protocol and 636 port number. > But not using java program. > > Thanks, > Syed. > > Syed M Ahmed > Senior Member of Technical Staff > Gaian Solutions India Pvt Ltd > > > On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne wrote: > > > Hi all, > > > > Do you have the LDAP Server certificate included in your > > TrustManager Algorithm? Also, make sure that you are using > > secure socket to bind to port 636. > > > > Ike > > > > > > > > > > From: Syed Mudassir Ahmed > > To: users@directory.apache.org, > > Date: 11/05/2014 10:14 AM > > Subject:Secured LDAP Account > > > > > > > > I am trying to obtain an ldap connection. Using port 389 I am > > successfully > > able to get connection. > > But when I try to use LdapNetworkConnection(, 636, true) and > > then invoke bind(dn, password), I am getting PROTOCOL_ERROR. > > Using LdapBrowser I am able to connect to my LDAP server over port 636. > > But through Java program its not getting connected. Can u help? > > > > Thanks, > > Syed. > > > > Syed M Ahmed > > Senior Member of Technical Staff > > Gaian Solutions India Pvt Ltd > > > > > >
Re: Secured LDAP Account
Hi Syed, Just to make sure, you may add this to the command-line that you are using to run your Java program, -Djavax.net.debug=ssl,handshake,trustmanager This will tell all the truth about what is going on regarding the SSL aspect of the connection. Thanks, Ike From: Syed Mudassir Ahmed To: users@directory.apache.org, Date: 11/05/2014 10:57 AM Subject:Re: Secured LDAP Account Yes, Certificate is generated on the server side. And port is 636. I am able to connect to my server through LDAPBrowser using LDAPS protocol and 636 port number. But not using java program. Thanks, Syed. Syed M Ahmed Senior Member of Technical Staff Gaian Solutions India Pvt Ltd On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne wrote: > Hi all, > > Do you have the LDAP Server certificate included in your > TrustManager Algorithm? Also, make sure that you are using > secure socket to bind to port 636. > > Ike > > > > > From: Syed Mudassir Ahmed > To: users@directory.apache.org, > Date: 11/05/2014 10:14 AM > Subject:Secured LDAP Account > > > > I am trying to obtain an ldap connection. Using port 389 I am > successfully > able to get connection. > But when I try to use LdapNetworkConnection(, 636, true) and > then invoke bind(dn, password), I am getting PROTOCOL_ERROR. > Using LdapBrowser I am able to connect to my LDAP server over port 636. > But through Java program its not getting connected. Can u help? > > Thanks, > Syed. > > Syed M Ahmed > Senior Member of Technical Staff > Gaian Solutions India Pvt Ltd > >
Re: Secured LDAP Account
Hi Syed, So, in your Java program, do you have the server certificate in the keystore that your Java program is using to establish SSL connection with the LDAP server? Thanks, Ike From: Syed Mudassir Ahmed To: users@directory.apache.org, Date: 11/05/2014 10:57 AM Subject:Re: Secured LDAP Account Yes, Certificate is generated on the server side. And port is 636. I am able to connect to my server through LDAPBrowser using LDAPS protocol and 636 port number. But not using java program. Thanks, Syed. Syed M Ahmed Senior Member of Technical Staff Gaian Solutions India Pvt Ltd On Wed, Nov 5, 2014 at 9:56 PM, Ike Ikonne wrote: > Hi all, > > Do you have the LDAP Server certificate included in your > TrustManager Algorithm? Also, make sure that you are using > secure socket to bind to port 636. > > Ike > > > > > From: Syed Mudassir Ahmed > To: users@directory.apache.org, > Date: 11/05/2014 10:14 AM > Subject:Secured LDAP Account > > > > I am trying to obtain an ldap connection. Using port 389 I am > successfully > able to get connection. > But when I try to use LdapNetworkConnection(, 636, true) and > then invoke bind(dn, password), I am getting PROTOCOL_ERROR. > Using LdapBrowser I am able to connect to my LDAP server over port 636. > But through Java program its not getting connected. Can u help? > > Thanks, > Syed. > > Syed M Ahmed > Senior Member of Technical Staff > Gaian Solutions India Pvt Ltd > >
Re: Secured LDAP Account
Hi all, Do you have the LDAP Server certificate included in your TrustManager Algorithm? Also, make sure that you are using secure socket to bind to port 636. Ike From: Syed Mudassir Ahmed To: users@directory.apache.org, Date: 11/05/2014 10:14 AM Subject:Secured LDAP Account I am trying to obtain an ldap connection. Using port 389 I am successfully able to get connection. But when I try to use LdapNetworkConnection(, 636, true) and then invoke bind(dn, password), I am getting PROTOCOL_ERROR. Using LdapBrowser I am able to connect to my LDAP server over port 636. But through Java program its not getting connected. Can u help? Thanks, Syed. Syed M Ahmed Senior Member of Technical Staff Gaian Solutions India Pvt Ltd
Re: ApacheDS won't start
Hi all, I ran into the same issue a while back, the only thing that worked for me was to re-install APACHE DS. Thanks, Ike From: John Oliver To: users@directory.apache.org, Date: 09/11/2014 11:51 AM Subject:Re: ApacheDS won't start On Thu, Sep 11, 2014 at 06:47:21PM +0200, Emmanuel Lécharny wrote: > Le 11/09/14 17:54, John Oliver a écrit : > > apacheds-2.0.0_M15 (yes, I know it's older, but it's a stand-in for the > > production server, and the developers say there's a reason to stick with > > this, so whatever...) on CentOS 6.5 > > > > It installs and starts and runs just fine. I've been iterating through > > builds, rebuilding the VM each time. Today, though, I wound up just > > reboting my VM instead of reimaging... and it didn't start. There was a > > stale PID file left behind. Deleting it didn't fix. > > /var/lib/apacheds-2.0.0_M15/default/log/wrapper.log had a line " JVM > > process was still running after receiving a SIGCHLD signal." When I try > > to start, I get: > > > > STATUS | wrapper | 2014/09/11 08:06:12 | --> Wrapper Started as Daemon > > STATUS | wrapper | 2014/09/11 08:06:12 | Launching a JVM... > > INFO | jvm 1| 2014/09/11 08:06:13 | Wrapper (Version 3.2.3) > > http://wrapper.tanukisoftware.org > > INFO | jvm 1| 2014/09/11 08:06:13 | Copyright 1999-2006 Tanuki > > Software, Inc. All Rights Reserved. > > INFO | jvm 1| 2014/09/11 08:06:13 | > > STATUS | wrapper | 2014/09/11 08:06:19 | <-- Wrapper Stopped > > > > Turning on DEBUG hasn't helped. What else can I look at or try? > > I guess it's a slower machine... > > You have to increase the timeout in the configuration file (it's set to > 30s, which might be a bit too low for the wrapper). It's a virtual machine. But it was able to start before the reboot. My wrapper.conf has: wrapper.startup.timeout=120 wrapper.ping.timeout=240 It doesn't die in two minutes, it dies in maybe 5 seconds. I think I need to find a way to get it to spit ut more logs, but /var/lib/apacheds-2.0.0_M15/default/log/apacheds.log contains nothing. -- *** * John Oliver http://www.john-oliver.net/ * * * ***
Re: SASL DIGEST-MD5 Authentication
Hi Kiran, Thanks, the example that you sent made a huge difference; I have now managed to get DIGEST-MD5 to work. One of the problem is that I needed to restart APACHE DS for all the configurations to take effect, that is my observation. Again, thank you for the wonderful example, it made a difference; now, would CRAM-MD5 follow the same pattern? Thanks, Ike From: Kiran Ayyagari To: "users@directory.apache.org" , Date: 08/15/2014 02:11 PM Subject:Re: SASL DIGEST-MD5 Authentication I have successfully tested DIGEST-MD5(SASL) using Studio Here is my server configuration http://pastebin.com/b0tsyVGK I have added the below entry in my /etc/hosts file 127.0.0.1 example.com I have added a user entry with DN uid=kirana,ou=system The Studio connection network tab looks like this http://i.imgur.com/qfg2Aii.png and the Authentication tab like this http://i.imgur.com/eUFu3Gq.png HTH On Thu, Aug 14, 2014 at 6:10 AM, Ike Ikonne wrote: > Hi all, > > Anyone has any more suggestions on how I can get DIGEST-MD5 SASL > to work for me? I haven't had any luck yet and I have tried all the > suggestions > from the group and I do thank you all for that, I still have a need to > get that authentication mechanism to work in my environment. > > Thanks, > > Ike > > > > > From: Kiran Ayyagari > To: "users@directory.apache.org" , > Date: 08/07/2014 12:08 AM > Subject: Re: SASL DIGEST-MD5 Authentication > > > > On Thu, Aug 7, 2014 at 4:10 AM, Ike Ikonne wrote: > > > Hi, > > > > I use JNDI API on JRE 1.7 to establish connection to APACHE DS. > > I am able to establish SIMPLE authentication to APACHE DS, I am > > just trying to get DIGEST-MD5 to work. Here are my enironment: > > > > Hashtable env = new Hashtable(); > > env.put(Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory); > > > > if (authMethod != null) > > env.put(Context.SECURITY_AUTHENTICATION, authMethod); > > if (principal != null) > > env.put(Context.SECURITY_PRINCIPAL, principal); > > if (credentials != null) > > env.put(Context.SECURITY_CREDENTIALS, credentials); > > if (referral != null) > > env.put(Context.REFERRAL, referral); > > if (ldapVer != null) > > env.put("java.naming.ldap.version", ldapVer); > >env.put("java.naming.security.sasl.realm", "example.com"); > > > > Tell me, do I need to configure the example.com realm or is it > > configured as a default by APACHE DS? > > > your must be able to resolve your realm name (here example.com), either > add an entry in your hosts file or in your internal DNS server > > > > > Thanks, > > > > Ike > > > > > > > > > > From: Emmanuel Lécharny > > To: users@directory.apache.org, > > Date: 08/06/2014 04:28 PM > > Subject:Re: SASL DIGEST-MD5 Authentication > > > > > > > > Le 06/08/14 22:40, Ike Ikonne a écrit : > > > Hi all, > > > > > > Again, thanks all for your response; so, do I need to make any > > > external configuration other than the configuration to the APACHE DS? > > > How do I change the default realm to point to my domain realm? > > > Do I need to install/setup cyrus-sasl library to make this to work? > > > > No. We depends on the JVM which supports SASL. > > > > What client are you using ? > > > > > > > > > -- > Kiran Ayyagari > http://keydap.com > > -- Kiran Ayyagari http://keydap.com
Re: SASL DIGEST-MD5 Authentication
Hi all, Anyone has any more suggestions on how I can get DIGEST-MD5 SASL to work for me? I haven't had any luck yet and I have tried all the suggestions from the group and I do thank you all for that, I still have a need to get that authentication mechanism to work in my environment. Thanks, Ike From: Kiran Ayyagari To: "users@directory.apache.org" , Date: 08/07/2014 12:08 AM Subject:Re: SASL DIGEST-MD5 Authentication On Thu, Aug 7, 2014 at 4:10 AM, Ike Ikonne wrote: > Hi, > > I use JNDI API on JRE 1.7 to establish connection to APACHE DS. > I am able to establish SIMPLE authentication to APACHE DS, I am > just trying to get DIGEST-MD5 to work. Here are my enironment: > > Hashtable env = new Hashtable(); > env.put(Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory); > > if (authMethod != null) > env.put(Context.SECURITY_AUTHENTICATION, authMethod); > if (principal != null) > env.put(Context.SECURITY_PRINCIPAL, principal); > if (credentials != null) > env.put(Context.SECURITY_CREDENTIALS, credentials); > if (referral != null) > env.put(Context.REFERRAL, referral); > if (ldapVer != null) > env.put("java.naming.ldap.version", ldapVer); >env.put("java.naming.security.sasl.realm", "example.com"); > > Tell me, do I need to configure the example.com realm or is it > configured as a default by APACHE DS? > your must be able to resolve your realm name (here example.com), either add an entry in your hosts file or in your internal DNS server > > Thanks, > > Ike > > > > > From: Emmanuel Lécharny > To: users@directory.apache.org, > Date: 08/06/2014 04:28 PM > Subject:Re: SASL DIGEST-MD5 Authentication > > > > Le 06/08/14 22:40, Ike Ikonne a écrit : > > Hi all, > > > > Again, thanks all for your response; so, do I need to make any > > external configuration other than the configuration to the APACHE DS? > > How do I change the default realm to point to my domain realm? > > Do I need to install/setup cyrus-sasl library to make this to work? > > No. We depends on the JVM which supports SASL. > > What client are you using ? > > > -- Kiran Ayyagari http://keydap.com
Re: SASL DIGEST-MD5 Authentication
Hi all, Here is my hash mechanism configuration, it is turned off: My apache DS is running on Windows 7 OS, the user that I am trying to authenticate is "uid=admin,ou=system" and my sasl base DN is pointed at ou=system . dn: ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directo ryServiceId=default,ou=config objectclass: ads-interceptor objectclass: ads-base objectclass: top ads-interceptorclassname: org.apache.directory.server.core.hash.SshaPassword HashingInterceptor ads-interceptorid: passwordHashingInterceptor ads-interceptororder: 9 ads-enabled: FALSE From: Kiran Ayyagari To: "users@directory.apache.org" , Date: 08/07/2014 12:24 PM Subject:Re: SASL DIGEST-MD5 Authentication On Thu, Aug 7, 2014 at 10:46 PM, Ike Ikonne wrote: > Hi Kiran, > > I have modified the hosts file where my Apache DS and client > are running to: > > # localhost name resolution is handled within DNS itself. > 127.0.0.1 localhost > 127.0.0.1 example.com > # ::1 localhost > > > Here is my Apache DS configuration: > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=con > fig > objectclass: top > objectclass: ads-base > objectclass: ads-dsBasedServer > objectclass: ads-ldapServer > objectclass: ads-server > ads-confidentialityrequired: FALSE > ads-maxpdusize: 200 > ads-maxsizelimit: 1000 > ads-maxtimelimit: 15000 > ads-replenabled: true > ads-replpingersleep: 5 > ads-saslhost: iikonne.xxx.xxx.com < > ads-saslprincipal: ldap/ldap.example@example.com > ads-saslrealms: example.com <-- > ads-saslrealms: apache.org > ads-serverid: ldapServer > ads-enabled: TRUE > ads-searchbasedn: ou=system <-- > > > But, I still continue to get the error message: > > LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response > format violation. Nonexis > tent realm: example.com > > What could I still be doing wrong? > make sure the credentials are stored in plain text in the server By default they are all hashed and you need to disable the hashing interceptor 1. go to ads-interceptorId=passwordHashingInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config 2. set ads-enabled to FALSE 3. restart the server > > > Thanks, > > Ike > > > > > > > From: Kiran Ayyagari > To: "users@directory.apache.org" , > Date: 08/07/2014 12:08 AM > Subject:Re: SASL DIGEST-MD5 Authentication > > > > On Thu, Aug 7, 2014 at 4:10 AM, Ike Ikonne wrote: > > > Hi, > > > > I use JNDI API on JRE 1.7 to establish connection to APACHE DS. > > I am able to establish SIMPLE authentication to APACHE DS, I am > > just trying to get DIGEST-MD5 to work. Here are my enironment: > > > > Hashtable env = new Hashtable(); > > env.put(Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory); > > > > if (authMethod != null) > > env.put(Context.SECURITY_AUTHENTICATION, authMethod); > > if (principal != null) > > env.put(Context.SECURITY_PRINCIPAL, principal); > > if (credentials != null) > > env.put(Context.SECURITY_CREDENTIALS, credentials); > > if (referral != null) > > env.put(Context.REFERRAL, referral); > > if (ldapVer != null) > > env.put("java.naming.ldap.version", ldapVer); > >env.put("java.naming.security.sasl.realm", "example.com"); > > > > Tell me, do I need to configure the example.com realm or is it > > configured as a default by APACHE DS? > > > your must be able to resolve your realm name (here example.com), either > add an entry in your hosts file or in your internal DNS server > > > > > Thanks, > > > > Ike > > > > > > > > > > From: Emmanuel Lécharny > > To: users@directory.apache.org, > > Date: 08/06/2014 04:28 PM > > Subject:Re: SASL DIGEST-MD5 Authentication > > > > > > > > Le 06/08/14 22:40, Ike Ikonne a écrit : > > > Hi all, > > > > > > Again, thanks all for your response; so, do I need to make any > > > external configuration other than the configuration to the APACHE DS? > > > How do I change the default realm to point to my domain realm? > > > Do I need to install/setup cyrus-sasl library to make this to work? > > > > No. We depends on the JVM which supports SASL. > > > > What client are you using ? > > > > > > > > > -- > Kiran Ayyagari > http://keydap.com > > -- Kiran Ayyagari http://keydap.com
Re: SASL DIGEST-MD5 Authentication
Hi Kiran, I have modified the hosts file where my Apache DS and client are running to: # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost 127.0.0.1 example.com # ::1 localhost Here is my Apache DS configuration: dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=con fig objectclass: top objectclass: ads-base objectclass: ads-dsBasedServer objectclass: ads-ldapServer objectclass: ads-server ads-confidentialityrequired: FALSE ads-maxpdusize: 200 ads-maxsizelimit: 1000 ads-maxtimelimit: 15000 ads-replenabled: true ads-replpingersleep: 5 ads-saslhost: iikonne.xxx.xxx.com < ads-saslprincipal: ldap/ldap.example@example.com ads-saslrealms: example.com <-- ads-saslrealms: apache.org ads-serverid: ldapServer ads-enabled: TRUE ads-searchbasedn: ou=system <-- But, I still continue to get the error message: LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Nonexis tent realm: example.com What could I still be doing wrong? Thanks, Ike From: Kiran Ayyagari To: "users@directory.apache.org" , Date: 08/07/2014 12:08 AM Subject:Re: SASL DIGEST-MD5 Authentication On Thu, Aug 7, 2014 at 4:10 AM, Ike Ikonne wrote: > Hi, > > I use JNDI API on JRE 1.7 to establish connection to APACHE DS. > I am able to establish SIMPLE authentication to APACHE DS, I am > just trying to get DIGEST-MD5 to work. Here are my enironment: > > Hashtable env = new Hashtable(); > env.put(Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory); > > if (authMethod != null) > env.put(Context.SECURITY_AUTHENTICATION, authMethod); > if (principal != null) > env.put(Context.SECURITY_PRINCIPAL, principal); > if (credentials != null) > env.put(Context.SECURITY_CREDENTIALS, credentials); > if (referral != null) > env.put(Context.REFERRAL, referral); > if (ldapVer != null) > env.put("java.naming.ldap.version", ldapVer); >env.put("java.naming.security.sasl.realm", "example.com"); > > Tell me, do I need to configure the example.com realm or is it > configured as a default by APACHE DS? > your must be able to resolve your realm name (here example.com), either add an entry in your hosts file or in your internal DNS server > > Thanks, > > Ike > > > > > From: Emmanuel Lécharny > To: users@directory.apache.org, > Date: 08/06/2014 04:28 PM > Subject:Re: SASL DIGEST-MD5 Authentication > > > > Le 06/08/14 22:40, Ike Ikonne a écrit : > > Hi all, > > > > Again, thanks all for your response; so, do I need to make any > > external configuration other than the configuration to the APACHE DS? > > How do I change the default realm to point to my domain realm? > > Do I need to install/setup cyrus-sasl library to make this to work? > > No. We depends on the JVM which supports SASL. > > What client are you using ? > > > -- Kiran Ayyagari http://keydap.com
Re: SASL DIGEST-MD5 Authentication
Hi, I use JNDI API on JRE 1.7 to establish connection to APACHE DS. I am able to establish SIMPLE authentication to APACHE DS, I am just trying to get DIGEST-MD5 to work. Here are my enironment: Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, ldapCtxFactory); if (authMethod != null) env.put(Context.SECURITY_AUTHENTICATION, authMethod); if (principal != null) env.put(Context.SECURITY_PRINCIPAL, principal); if (credentials != null) env.put(Context.SECURITY_CREDENTIALS, credentials); if (referral != null) env.put(Context.REFERRAL, referral); if (ldapVer != null) env.put("java.naming.ldap.version", ldapVer); env.put("java.naming.security.sasl.realm", "example.com"); Tell me, do I need to configure the example.com realm or is it configured as a default by APACHE DS? Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 08/06/2014 04:28 PM Subject:Re: SASL DIGEST-MD5 Authentication Le 06/08/14 22:40, Ike Ikonne a écrit : > Hi all, > > Again, thanks all for your response; so, do I need to make any > external configuration other than the configuration to the APACHE DS? > How do I change the default realm to point to my domain realm? > Do I need to install/setup cyrus-sasl library to make this to work? No. We depends on the JVM which supports SASL. What client are you using ?
Re: SASL DIGEST-MD5 Authentication
Hi all, Again, thanks all for your response; so, do I need to make any external configuration other than the configuration to the APACHE DS? How do I change the default realm to point to my domain realm? Do I need to install/setup cyrus-sasl library to make this to work? Here is my configuration: dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=con fig objectclass: top objectclass: ads-base objectclass: ads-dsBasedServer objectclass: ads-ldapServer objectclass: ads-server ads-confidentialityrequired: FALSE ads-maxpdusize: 200 ads-maxsizelimit: 1000 ads-maxtimelimit: 15000 ads-replenabled: true ads-replpingersleep: 5 ads-saslhost: iikonne.xxx.xxx.com ads-saslprincipal: ldap/iikonne.xxx.xxx@xxx.com ads-saslrealms: example.com ads-saslrealms: apache.org ads-serverid: ldapServer ads-enabled: TRUE ads-searchbasedn: ou=users,ou=system From: Pierre Smits To: Apache Directory Users List , Date: 08/06/2014 03:25 PM Subject:Re: SASL DIGEST-MD5 Authentication Ike, Of course, you have to change example.com and EXAMPLE.COM for your realms. Regards, Pierre Smits *ORRTIZ.COM <http://www.orrtiz.com>* Services & Solutions for Cloud- Based Manufacturing, Professional Services and Retail & Trade http://www.orrtiz.com On Wed, Aug 6, 2014 at 10:01 PM, Ike Ikonne wrote: > Hi > > After making the change that you suggested, I get the following from the > server > > LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response > format violation. Nonexis > tent realm: example.com > > Here is how my apache directory configuration looks like: > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config > objectclass: ads-server > objectclass: ads-ldapServer > objectclass: ads-dsBasedServer > objectclass: ads-base > objectclass: top > ads-serverId: ldapServer > ads-confidentialityRequired: FALSE > ads-maxSizeLimit: 1000 > ads-maxTimeLimit: 15000 > ads-maxpdusize: 200 > ads-saslHost: iikonne.xxx.com > ads-saslPrincipal: ldap/ldap.example@example.com > ads-saslRealms: example.com > ads-saslRealms: apache.org > ads-searchBaseDN: ou=users,ou=system > ads-replEnabled: true > ads-replPingerSleep: 5 > ads-enabled: TRUE > > > > > > From: Emmanuel Lécharny > To: users@directory.apache.org, > Date: 08/06/2014 02:47 PM > Subject:Re: SASL DIGEST-MD5 Authentication > > > > Le 06/08/14 21:16, Ike Ikonne a écrit : > > Hi all, > > > > I would appreciate it if someone could direct me on how to setup > > APACHE DS to support SASL DIGEST-MD5. How can I setup > > the realm for the example.com default domain? > > You have to set the saslHost parameter in the ldapServer entry : > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config > objectclass: ads-server > objectclass: ads-ldapServer > objectclass: ads-dsBasedServer > objectclass: ads-base > objectclass: top > ads-serverId: ldapServer > ads-confidentialityRequired: FALSE > ads-maxSizeLimit: 1000 > ads-maxTimeLimit: 15000 > ads-maxpdusize: 200 > ads-saslHost: ldap.example.com <<< > ads-saslPrincipal: ldap/ldap.example@example.com > ads-saslRealms: example.com > ads-saslRealms: apache.org > ads-searchBaseDN: ou=users,ou=system > ads-replEnabled: true > ads-replPingerSleep: 5 > ads-enabled: TRUE > > >
Re: SASL DIGEST-MD5 Authentication
Hi After making the change that you suggested, I get the following from the server LDAP: error code 49 - INVALID_CREDENTIALS: DIGEST-MD5: digest response format violation. Nonexis tent realm: example.com Here is how my apache directory configuration looks like: dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config objectclass: ads-server objectclass: ads-ldapServer objectclass: ads-dsBasedServer objectclass: ads-base objectclass: top ads-serverId: ldapServer ads-confidentialityRequired: FALSE ads-maxSizeLimit: 1000 ads-maxTimeLimit: 15000 ads-maxpdusize: 200 ads-saslHost: iikonne.xxx.com ads-saslPrincipal: ldap/ldap.example@example.com ads-saslRealms: example.com ads-saslRealms: apache.org ads-searchBaseDN: ou=users,ou=system ads-replEnabled: true ads-replPingerSleep: 5 ads-enabled: TRUE From: Emmanuel Lécharny To: users@directory.apache.org, Date: 08/06/2014 02:47 PM Subject:Re: SASL DIGEST-MD5 Authentication Le 06/08/14 21:16, Ike Ikonne a écrit : > Hi all, > > I would appreciate it if someone could direct me on how to setup > APACHE DS to support SASL DIGEST-MD5. How can I setup > the realm for the example.com default domain? You have to set the saslHost parameter in the ldapServer entry : dn: ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config objectclass: ads-server objectclass: ads-ldapServer objectclass: ads-dsBasedServer objectclass: ads-base objectclass: top ads-serverId: ldapServer ads-confidentialityRequired: FALSE ads-maxSizeLimit: 1000 ads-maxTimeLimit: 15000 ads-maxpdusize: 200 ads-saslHost: ldap.example.com <<< ads-saslPrincipal: ldap/ldap.example@example.com ads-saslRealms: example.com ads-saslRealms: apache.org ads-searchBaseDN: ou=users,ou=system ads-replEnabled: true ads-replPingerSleep: 5 ads-enabled: TRUE
SASL DIGEST-MD5 Authentication
Hi all, I would appreciate it if someone could direct me on how to setup APACHE DS to support SASL DIGEST-MD5. How can I setup the realm for the example.com default domain? Thanks, Ike
Re: Error while using the Open Configuration through Apache Ldap Studio
Sure! I haven't filled a JIRA before, but if you give me an instruction on how to do it, I will gladly do so. Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 03/24/2014 12:17 AM Subject:Re: Error while using the Open Configuration through Apache Ldap Studio One last thing : could you fill a JIRA with the error you've go ? That wil help us as a reminder to fix this issue ! Le 3/24/14 6:10 AM, Ike Ikonne a écrit : > Thanks! I really do appreciate the responsiveness of the ApacheDS group. > You are great! > > Ike > > > > From: Emmanuel Lécharny > To: users@directory.apache.org, > Date: 03/24/2014 12:08 AM > Subject:Re: Error while using the Open Configuration through > Apache Ldap Studio > > > > Le 3/24/14 5:14 AM, Ike Ikonne a écrit : >> Hi Emmanuel, >> >> Right, so, apache studio Version: 2.0.0-SNAPSHOT, which version of >> apacheDS server >> does it respond to in regards to the "Open Configuration" operation. Do > we >> know? > Yes, it works with 2.0.0-M15, although you really should use 2.0.0-M16. > > We have to fix the error you've got though. 2.0.0-M16 is one week old, > and we haven't had time yet to get the configuration plugin updated. > > -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: Error while using the Open Configuration through Apache Ldap Studio
Thanks! I really do appreciate the responsiveness of the ApacheDS group. You are great! Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 03/24/2014 12:08 AM Subject:Re: Error while using the Open Configuration through Apache Ldap Studio Le 3/24/14 5:14 AM, Ike Ikonne a écrit : > Hi Emmanuel, > > Right, so, apache studio Version: 2.0.0-SNAPSHOT, which version of > apacheDS server > does it respond to in regards to the "Open Configuration" operation. Do we > know? Yes, it works with 2.0.0-M15, although you really should use 2.0.0-M16. We have to fix the error you've got though. 2.0.0-M16 is one week old, and we haven't had time yet to get the configuration plugin updated. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: Error while using the Open Configuration through Apache Ldap Studio
Hi Emmanuel, Right, so, apache studio Version: 2.0.0-SNAPSHOT, which version of apacheDS server does it respond to in regards to the "Open Configuration" operation. Do we know? Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 03/23/2014 11:07 PM Subject:Re: Error while using the Open Configuration through Apache Ldap Studio Le 3/24/14 4:45 AM, Ike Ikonne a écrit : > Hi Thanks for your response, has apacheds-2.0.0-M15 been updated to > support apache studio? This works the other way around. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: Error while using the Open Configuration through Apache Ldap Studio
Hi Thanks for your response, has apacheds-2.0.0-M15 been updated to support apache studio? Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 03/23/2014 10:42 PM Subject:Re: Error while using the Open Configuration through Apache Ldap Studio Le 3/24/14 1:44 AM, Ike Ikonne a écrit : > Hi all, > > I am getting the following stacktrace when I try to use the "Open > Configuration" > of Apache Directory studio. The version of the Apache Directory server > that > I am trying to "Open Configuration" against is apacheds-2.0.0-M16. My > machine > OS is Windows 7, and the version of the ApacheDS install that I used is > apacheds-2.0.0-M16.exe. The Apache Studio version that I am running is > Version: 2.0.0-SNAPSHOT > > Any suggestions would be highly appreciated. We haven't updated Studio yet to support the latest M16 configuration. -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Error while using the Open Configuration through Apache Ldap Studio
Hi all, I am getting the following stacktrace when I try to use the "Open Configuration" of Apache Directory studio. The version of the Apache Directory server that I am trying to "Open Configuration" against is apacheds-2.0.0-M16. My machine OS is Windows 7, and the version of the ApacheDS install that I used is apacheds-2.0.0-M16.exe. The Apache Studio version that I am running is Version: 2.0.0-SNAPSHOT Any suggestions would be highly appreciated. Here is the stacktrace: org.apache.directory.shared.ldap.model.exception.LdapNoSuchAttributeException: ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! at org.apache.directory.shared.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:317) at org.apache.directory.shared.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:47) at org.apache.directory.shared.ldap.schemamanager.impl.DefaultSchemaManager.lookupAttributeTypeRegistry(DefaultSchemaManager.java:1620) at org.apache.directory.shared.ldap.model.entry.DefaultEntry.(DefaultEntry.java:310) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:358) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:182) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:127) at org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: org.apache.directory.shared.ldap.model.exception.LdapException: ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! at org.apache.directory.shared.ldap.model.schema.registries.DefaultSchemaObjectRegistry.lookup(DefaultSchemaObjectRegistry.java:176) at org.apache.directory.shared.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:313) ... 8 more
Re: How to import an LDIF schema into appache direcory
Great! Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 02/13/2013 03:04 PM Subject:Re: How to import an LDIF schema into appache direcory Le 2/13/13 8:50 PM, Ike Ikonne a écrit : > Hi Kiran, > > Great!, that did it! I now see th objectClass. Yes, that's the key. The schema is modified on the server, but the client is not informed of such an update. In the future, we will try to get it reloaded automatically (Maybe we should register persistent seach on the schema). -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: How to import an LDIF schema into appache direcory
Hi Kiran, Great!, that did it! I now see th objectClass. Thanks, Ike From: Kiran Ayyagari To: users@directory.apache.org, Date: 02/13/2013 01:27 PM Subject:Re: How to import an LDIF schema into appache direcory Sent by:ayyagariki...@gmail.com On Thu, Feb 14, 2013 at 12:51 AM, Ike Ikonne wrote: > Hi Emmanuel, > > I did try the steps that you specified and I could see the schema under > ou=schema,cn=myschema; > but when I try to reference this objectClass it is not being recognized. > Should I bounce the ApacheDS > in order for it to take effect? > > try reloading the schema in Studio (go to connection properties and select schema then click on reload button) > Thanks, > > Ike > > > > > > From: Emmanuel Lécharny > To: users@directory.apache.org, > Date: 02/12/2013 05:40 PM > Subject:Re: How to import an LDIF schema into appache direcory > > > > Le 2/12/13 7:13 PM, Ike Ikonne a écrit : > > Hi all, > > > > I have the following schema that I use for OpenLdap and Microsoft AD, > > I would like to import this schema into Apache Directory Server; what > are > > the steps > > that I must have to take in order to successfully achieve this? I have > had > > all > > kinds of problems trying to import it into Apache Directory. Any > pointers > > would > > be appreciated. By the way, I use Apache Directory studio to send > > configuration > > data to the Apache Directory Server. This schema is stored in a file. > > This is a two steps process : > - first, you have to import the schema using the Schema Editor > * create a new schema project > ( > > http://directory.apache.org/studio/users-guide/schema_editor/tasks_creating_new_project.html > ) > * import schema -> Format OpenLDAP > ( > > http://directory.apache.org/studio/users-guide/schema_editor/tasks_importing_schemas_from_openldap_files.html > ) > * export schema -> Format ApacheDS > ( > > http://directory.apache.org/studio/users-guide/schema_editor/tasks_exporting_schemas_for_apache_ds.html > ) > > that will create a LDIF formatted schema for apacheds > > > - second, you have to import the ldif file into Apacheds using the > LdapBrowser > ( > > http://directory.apache.org/studio/users-guide/ldap_browser/tools_ldifimport_wizard.html > ) > > Hope it helps > > -- > Regards, > Cordialement, > Emmanuel Lécharny > www.iktek.com > > > -- Kiran Ayyagari http://keydap.com
Re: How to import an LDIF schema into appache direcory
Hi Emmanuel, I did try the steps that you specified and I could see the schema under ou=schema,cn=myschema; but when I try to reference this objectClass it is not being recognized. Should I bounce the ApacheDS in order for it to take effect? Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 02/12/2013 05:40 PM Subject:Re: How to import an LDIF schema into appache direcory Le 2/12/13 7:13 PM, Ike Ikonne a écrit : > Hi all, > > I have the following schema that I use for OpenLdap and Microsoft AD, > I would like to import this schema into Apache Directory Server; what are > the steps > that I must have to take in order to successfully achieve this? I have had > all > kinds of problems trying to import it into Apache Directory. Any pointers > would > be appreciated. By the way, I use Apache Directory studio to send > configuration > data to the Apache Directory Server. This schema is stored in a file. This is a two steps process : - first, you have to import the schema using the Schema Editor * create a new schema project ( http://directory.apache.org/studio/users-guide/schema_editor/tasks_creating_new_project.html ) * import schema -> Format OpenLDAP ( http://directory.apache.org/studio/users-guide/schema_editor/tasks_importing_schemas_from_openldap_files.html ) * export schema -> Format ApacheDS ( http://directory.apache.org/studio/users-guide/schema_editor/tasks_exporting_schemas_for_apache_ds.html ) that will create a LDIF formatted schema for apacheds - second, you have to import the ldif file into Apacheds using the LdapBrowser ( http://directory.apache.org/studio/users-guide/ldap_browser/tools_ldifimport_wizard.html ) Hope it helps -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Re: How to import an LDIF schema into appache direcory
Great! I will try the steps. Thanks, Ike From: Emmanuel Lécharny To: users@directory.apache.org, Date: 02/12/2013 05:40 PM Subject:Re: How to import an LDIF schema into appache direcory Le 2/12/13 7:13 PM, Ike Ikonne a écrit : > Hi all, > > I have the following schema that I use for OpenLdap and Microsoft AD, > I would like to import this schema into Apache Directory Server; what are > the steps > that I must have to take in order to successfully achieve this? I have had > all > kinds of problems trying to import it into Apache Directory. Any pointers > would > be appreciated. By the way, I use Apache Directory studio to send > configuration > data to the Apache Directory Server. This schema is stored in a file. This is a two steps process : - first, you have to import the schema using the Schema Editor * create a new schema project ( http://directory.apache.org/studio/users-guide/schema_editor/tasks_creating_new_project.html ) * import schema -> Format OpenLDAP ( http://directory.apache.org/studio/users-guide/schema_editor/tasks_importing_schemas_from_openldap_files.html ) * export schema -> Format ApacheDS ( http://directory.apache.org/studio/users-guide/schema_editor/tasks_exporting_schemas_for_apache_ds.html ) that will create a LDIF formatted schema for apacheds - second, you have to import the ldif file into Apacheds using the LdapBrowser ( http://directory.apache.org/studio/users-guide/ldap_browser/tools_ldifimport_wizard.html ) Hope it helps -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
How to import an LDIF schema into appache direcory
Hi all, I have the following schema that I use for OpenLdap and Microsoft AD, I would like to import this schema into Apache Directory Server; what are the steps that I must have to take in order to successfully achieve this? I have had all kinds of problems trying to import it into Apache Directory. Any pointers would be appreciated. By the way, I use Apache Directory studio to send configuration data to the Apache Directory Server. This schema is stored in a file. Thanks, Ike attributetype ( 1.3.6.1.4.1.1733.7.1.0 NAME 'loginTarget' DESC 'Name or ID of the application/service consuming the loginId and loginPwd in a loginInfo object' SUP name ) attributetype ( 1.3.6.1.4.1.1733.7.1.1 NAME 'loginId' DESC 'The user ID in a loginInfo object' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.1733.7.1.2 NAME 'loginPwd' DESC 'The password in a loginInfo object' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 1.3.6.1.4.1.1733.7.1.3 NAME 'loginPwdEncoding' DESC 'Password encoding' SUP name ) attributetype ( 1.3.6.1.4.1.1733.7.1.4 NAME 'keyName' DESC 'Label pointing to a key pair, stored elsewhere' SUP name ) objectclass ( 1.3.6.1.4.1.1733.7.2.0 NAME 'loginInfo' DESC 'Stores an ID and password to login to the specified target' SUP top STRUCTURAL MUST cn MAY ( loginId $ loginPwd $ loginPwdEncoding $ loginTarget $ description $ keyName ) )
Re: where is can I change the ApacheDS admin credential
Hi Kiran, Thanks so much, now, is there a documentation for this so that I may familiarize myself with the stuff in config.ldif. All the documentation that I still see is based on server.xml format. Basically, where can I get a document that explains the structure and stuff in config.ldif and also how I may go about editing/modifying the default entries in config.ldif. Thanks, Ike From: Kiran Ayyagari To: users@directory.apache.org, Date: 07/26/2012 11:54 AM Subject:Re: where is can I change the ApacheDS admin credential Sent by:ayyagariki...@gmail.com On Thu, Jul 26, 2012 at 9:23 PM, Ike Ikonne wrote: > Hi all, > > I recently upgraded my ApacheDS to version ApacheDS-2.0.0-M7, I am having > a hard time finding a place where to change the default admin credential > from > secret to something else. In the prior version of ApacheDS that I had, I > was able > to do this in the server.xml, but now we have the config.ldif. I have > searched the > ApacheDS site, but could not see any documentation regarding the > config.ldif. > Could someone point me to where I can get the documentation regarding the > config.ldif and also the current location where I could change the default > admin > credential? Also, where do a specify the keystore for ApacheDS to use. directly change the userPassword attribute of the entry uid=admin,ou=system this password is not stored in config.ldif and for the keystore goto the entry ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config and add the below attributes ads-keystoreFile ads-certificatePassword > Thanks, > > Ike -- Kiran Ayyagari http://keydap.com
where is can I change the ApacheDS admin credential
Hi all, I recently upgraded my ApacheDS to version ApacheDS-2.0.0-M7, I am having a hard time finding a place where to change the default admin credential from secret to something else. In the prior version of ApacheDS that I had, I was able to do this in the server.xml, but now we have the config.ldif. I have searched the ApacheDS site, but could not see any documentation regarding the config.ldif. Could someone point me to where I can get the documentation regarding the config.ldif and also the current location where I could change the default admin credential? Also, where do a specify the keystore for ApacheDS to use. Thanks, Ike