Importing a Certificate
Hello, I emailed last week but haven't received a reply. Was hoping the message didn't slip through the cracks. I was wondering how to import a certificate into ApacheDS. All I have is a certificate file (.crt) and a private key file (.key). Are there instructions for importing this type of certificate into ApacheDS? Thanks, Kevin
Re: Generating new certificate
Are there detailed instructions for importing your own certificate somewhere? Thanks, Kevin On Mon, Mar 9, 2015 at 11:34 AM, Emmanuel Lécharny elecha...@gmail.com wrote: Le 09/03/15 15:24, Kevin Hamilton a écrit : Hello, When you configure ApacheDS to be ldaps enabled, it automatically generates a certificate that will work in the meantime. Is there a strategy for regenerating the certificate if it has expired? The idea was just to make it easy to setup, but the key here is that you set your own certificate instead. -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Re: Generating new certificate
Just to clarify, all I have is a certificate file (.crt) and a private key file (.key) I can't seem to figure out how to load them into ApacheDS. Thanks, Kevin On Thu, Mar 12, 2015 at 3:56 PM, Kevin Hamilton khamil...@umem.org wrote: Are there detailed instructions for importing your own certificate somewhere? Thanks, Kevin On Mon, Mar 9, 2015 at 11:34 AM, Emmanuel Lécharny elecha...@gmail.com wrote: Le 09/03/15 15:24, Kevin Hamilton a écrit : Hello, When you configure ApacheDS to be ldaps enabled, it automatically generates a certificate that will work in the meantime. Is there a strategy for regenerating the certificate if it has expired? The idea was just to make it easy to setup, but the key here is that you set your own certificate instead. -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Generating new certificate
Hello, When you configure ApacheDS to be ldaps enabled, it automatically generates a certificate that will work in the meantime. Is there a strategy for regenerating the certificate if it has expired? Thanks, Kevin
Re: how to lock account manuly in program with apacheds2.0 ?
Based on my experience, I have always been able to add a pwdAccountLockedTime to a user if I want to manually lock an account and similarly, remove that attribute to unlock the account. Perhaps I am misunderstanding your question, or maybe there is a better method for achieving this, but I have had success with this strategy. I'm also not quite sure what you mean by in program. Someone can correct me if my solution is incorrect. Thanks, Kevin On Wed, Oct 9, 2013 at 9:34 AM, wzyemail wzyem...@163.com wrote: I want to lock and unlock user account in program,does apacheds2.0 support this? -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Re: Index not working on M12
I am using the following as a base: ou=phoneAuth,ou=umemdev,ou=system,dc=umem,dc=org filter (uuid=-##-##--#) returning attributes are two other attributes I made. I made the uuid attribute to act as a foreign key of sorts to link a user to a certain other set of records we have. I just tried to update on my local machine to M14 and reload all data after making indexes and it works now. A problem with M12? Thanks, Kevin On Wed, Jul 17, 2013 at 5:36 PM, Emmanuel Lécharny elecha...@gmail.comwrote: Le 7/17/13 9:55 PM, Kevin Hamilton a écrit : Hello, I am working off of M12 and I have a few indexes for some attributes that I added. I have a home-made attribute called uuid which basically associates a record to a user's actual entryUUID. the uuid attribute is stored as the string representation of the user's entryUUID. Everything seems to be fine when the server starts, but when I try to query based on that uuid attribute, it returns nothing. What is the exact query you are using ? If I get rid of the index for the uuid attribute, it will return searches appropriately. J-Have you added the index before having added the data ? (the index must exist before the data are injected into the server) It's quite possible that I'm doing something stupid. Are my Equality Matching settings incorrect? It seems so. Now, why don't you use the entryUUID for what you want to do ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
Index not working on M12
Hello, I am working off of M12 and I have a few indexes for some attributes that I added. I have a home-made attribute called uuid which basically associates a record to a user's actual entryUUID. the uuid attribute is stored as the string representation of the user's entryUUID. Everything seems to be fine when the server starts, but when I try to query based on that uuid attribute, it returns nothing. If I get rid of the index for the uuid attribute, it will return searches appropriately. It's quite possible that I'm doing something stupid. Are my Equality Matching settings incorrect? Any ideas? Raw Attribute definition for uuid is below: ( 1.23.234.2431.55421.134 NAME 'uuid' DESC 'uuid for each entry' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications X-SCHEMA 'uuid-schema' ) Thanks, Kevin
Can't Open Configuration in Studio
Hey everyone, I am getting the following error when I click Open Configuration on a fresh install of M12 on Mac Mountain Lion: Unable to load the configuration. - ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException: ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! at org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:317) at org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:47) at org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager.lookupAttributeTypeRegistry(DefaultSchemaManager.java:1623) at org.apache.directory.api.ldap.model.entry.DefaultEntry.init(DefaultEntry.java:311) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:359) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:182) at org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:127) at org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83) at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) Caused by: org.apache.directory.api.ldap.model.exception.LdapException: ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! at org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry.lookup(DefaultSchemaObjectRegistry.java:176) at org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:313) ... 8 more ERR_04269 ATTRIBUTE_TYPE for OID ads-replpingersleep does not exist! Am I doing something stupid? Thanks, Kevin
Import LDIF into Schema Editor
Hey guys, Is there any way to import an LDIF into Directory Studio in the Schema Editor to update previous attributes or object classes? Thanks, Kevin
Re: Import LDIF into Schema Editor
How would I go about grabbing all of the existing schemas? Thanks, Kevin On Wed, May 1, 2013 at 9:01 AM, Pierre-Arnaud Marcelot p...@marcelot.netwrote: Hi Kevin, Unfortunately not at the moment. But, you can connect to your running server and grab all the schemas via the LDAP connection when creating a new Online project. This should allow you to update the schema. Keep in mind that any existing data using these attribute types and object classes could be damaged depending on your update. Regards, Pierre-Arnaud On 1 mai 2013, at 14:46, Kevin Hamilton khamil...@umem.org wrote: Hey guys, Is there any way to import an LDIF into Directory Studio in the Schema Editor to update previous attributes or object classes? Thanks, Kevin -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Upgrading
Hello, I am currently using M2 of apacheds 2.0.0. I was hoping to upgrade to M11, but I am having trouble. Not quite sure what the process is for upgrading and preserving your data. Will I be able to simply copy/paste my partition folder to preserve all records/uuids in the newer version, or will I have to work with an LDIF to get my data switched over to the new version? Thanks so much, Kevin
Re: Import LDIF with operational attributes
Hey, I eventually got everyone imported correctly, but now I am noticing something weird. I imported over 1000 users, but now when I log in via Directory Studio, I can no longer see them. If I do an explicit search for something like uid=khamilton, I get the result that I exist and I can view myself, but if I just go to the place where I should be, there is nothing there. Any ideas as to why I can't see all of the records? I am binded as uid=admin,ou=system. Thanks, Kevin On Wed, Apr 10, 2013 at 3:15 PM, Kiran Ayyagari kayyag...@apache.orgwrote: On Thu, Apr 11, 2013 at 12:35 AM, Kevin Hamilton khamil...@umem.org wrote: I am using M11 for the import. I was just getting the data from the M2. I ahh, I missed the M11 part, ok so far so good think I figured out what was wrong. I actually received an error that said the following: version: 1 #!RESULT ERROR #!CONNECTION ldap://CONNECTION:10636 #!DATE 2013-04-10T14:41:32.336 #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST Message ID : 432 Modify Request Object : 'uid=BLAH,ou=users,ou=BLAH,ou=system' Modification[0] Operation : replace Modification objectclass: organizationalPerson objectclass: person objectclass: inetOrgPerson objectclass: top Modification[1] Operation : replace Modification cn: BLAH Modification[2] Operation : replace Modification sn: BLAH Modification[3] Operation : replace Modification mail: BLAH Modification[4] Operation : replace Modification uid: BLAH Modification[5] Operation : replace Modification userPassword: BLAH' Modification[6] Operation : replace Modification entryUUID: 99cadd12-1170-4dbb-a66c-2237a89d7b12 org.apache.directory.api.ldap.model.message.ModifyRequestImpl@ba1384fc: invalid reuse of password present in password history] ok, just disable the password policy till the import completes dn: uid=kfarrell,ou=users,ou=umem,ou=system objectclass: organizationalPerson objectclass: person objectclass: inetOrgPerson objectclass: top cn: BLAH sn: BLAH mail: BLAH uid: BLAH userPassword:: BLAH entryUUID:: OTljYWRkMTItMTE3MC00ZGJiLWE2NmMtMjIzN2E4OWQ3YjEy I just thought my password policies has to be updated in the config LDIF. I went in and updated it so that it looks like below (was planning on changing them after I got the import to work): dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config objectClass: top objectClass: ads-base objectClass: ads-passwordPolicy ads-pwdId: default ads-pwdSafeModify: FALSE ads-pwdMaxAge: 0 ads-pwdFailureCountInterval: 30 ads-pwdAttribute: userPassword ads-pwdMaxFailure: 10 ads-pwdLockout: TRUE ads-pwdMustChange: FALSE ads-pwdLockoutDuration: 0 ads-pwdMinLength: 5 ads-pwdInHistory: 5 ads-pwdExpireWarning: 600 ads-pwdMinAge: 0 ads-pwdAllowUserChange: TRUE ads-pwdGraceAuthNLimit: 5 ads-pwdCheckQuality: 0 ads-pwdMaxLength: 0 ads-pwdGraceExpire: 0 ads-pwdMinDelay: 0 ads-pwdMaxDelay: 0 ads-pwdMaxIdle: 0 ads-enabled: TRUE Now when try to start the service, it fails with the following message. Any idea why and if it was something I did when I edited the above values? no, it looks like the backend files were corrupted, did you kill the server in the middle of import? can you start with a clean base(remove the system folder under partitions directory) and try again wrapper | -- Wrapper Started as Console wrapper | Launching a JVM... jvm 1| Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1| Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1| jvm 1| [14:53:58] ERROR [org.apache.directory.server.wrapper.ApacheDsTanukiWrapper] - Failed to start the service. jvm 1| org.apache.directory.api.ldap.model.exception.LdapOtherException jvm 1| at org.apache.directory.server.core.api.partition.AbstractPartition.initialize(AbstractPartition.java:84) jvm 1| at org.apache.directory.server.core.DefaultDirectoryService.initialize(DefaultDirectoryService.java:1796) jvm 1| at org.apache.directory.server.core.DefaultDirectoryService.startup(DefaultDirectoryService.java:1227) jvm 1| at org.apache.directory.server.ApacheDsService.initDirectoryService(ApacheDsService.java:315) jvm 1| at org.apache.directory.server.ApacheDsService.start(ApacheDsService.java:179) jvm 1| at org.apache.directory.server.wrapper.ApacheDsTanukiWrapper.start(ApacheDsTanukiWrapper.java:72) jvm 1| at org.tanukisoftware.wrapper.WrapperManager$12.run(WrapperManager.java:2788
Re: Import LDIF with operational attributes
I tried refreshing everything. I tried reloading the schema. I tried disconnecting and reconnecting. No success. Not sure what the problem is. Thanks, Kevin On Thu, Apr 11, 2013 at 10:16 AM, Pierre-Arnaud Marcelot p...@marcelot.netwrote: Hi Kevin, Is it still the case when you refresh the root node of your partition, and/or disconnect and reconnect the connection to server? (I am trying to see if it's not a caching side-effect on Studio, here) Regards, Pierre-Arnaud On 11 avr. 2013, at 16:12, Kevin Hamilton khamil...@umem.org wrote: Hey, I eventually got everyone imported correctly, but now I am noticing something weird. I imported over 1000 users, but now when I log in via Directory Studio, I can no longer see them. If I do an explicit search for something like uid=khamilton, I get the result that I exist and I can view myself, but if I just go to the place where I should be, there is nothing there. Any ideas as to why I can't see all of the records? I am binded as uid=admin,ou=system. Thanks, Kevin On Wed, Apr 10, 2013 at 3:15 PM, Kiran Ayyagari kayyag...@apache.org wrote: On Thu, Apr 11, 2013 at 12:35 AM, Kevin Hamilton khamil...@umem.org wrote: I am using M11 for the import. I was just getting the data from the M2. I ahh, I missed the M11 part, ok so far so good think I figured out what was wrong. I actually received an error that said the following: version: 1 #!RESULT ERROR #!CONNECTION ldap://CONNECTION:10636 #!DATE 2013-04-10T14:41:32.336 #!ERROR [LDAP: error code 19 - CONSTRAINT_VIOLATION: failed for MessageType : MODIFY_REQUEST Message ID : 432 Modify Request Object : 'uid=BLAH,ou=users,ou=BLAH,ou=system' Modification[0] Operation : replace Modification objectclass: organizationalPerson objectclass: person objectclass: inetOrgPerson objectclass: top Modification[1] Operation : replace Modification cn: BLAH Modification[2] Operation : replace Modification sn: BLAH Modification[3] Operation : replace Modification mail: BLAH Modification[4] Operation : replace Modification uid: BLAH Modification[5] Operation : replace Modification userPassword: BLAH' Modification[6] Operation : replace Modification entryUUID: 99cadd12-1170-4dbb-a66c-2237a89d7b12 org.apache.directory.api.ldap.model.message.ModifyRequestImpl@ba1384fc : invalid reuse of password present in password history] ok, just disable the password policy till the import completes dn: uid=kfarrell,ou=users,ou=umem,ou=system objectclass: organizationalPerson objectclass: person objectclass: inetOrgPerson objectclass: top cn: BLAH sn: BLAH mail: BLAH uid: BLAH userPassword:: BLAH entryUUID:: OTljYWRkMTItMTE3MC00ZGJiLWE2NmMtMjIzN2E4OWQ3YjEy I just thought my password policies has to be updated in the config LDIF. I went in and updated it so that it looks like below (was planning on changing them after I got the import to work): dn: ads-pwdId=default,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config objectClass: top objectClass: ads-base objectClass: ads-passwordPolicy ads-pwdId: default ads-pwdSafeModify: FALSE ads-pwdMaxAge: 0 ads-pwdFailureCountInterval: 30 ads-pwdAttribute: userPassword ads-pwdMaxFailure: 10 ads-pwdLockout: TRUE ads-pwdMustChange: FALSE ads-pwdLockoutDuration: 0 ads-pwdMinLength: 5 ads-pwdInHistory: 5 ads-pwdExpireWarning: 600 ads-pwdMinAge: 0 ads-pwdAllowUserChange: TRUE ads-pwdGraceAuthNLimit: 5 ads-pwdCheckQuality: 0 ads-pwdMaxLength: 0 ads-pwdGraceExpire: 0 ads-pwdMinDelay: 0 ads-pwdMaxDelay: 0 ads-pwdMaxIdle: 0 ads-enabled: TRUE Now when try to start the service, it fails with the following message. Any idea why and if it was something I did when I edited the above values? no, it looks like the backend files were corrupted, did you kill the server in the middle of import? can you start with a clean base(remove the system folder under partitions directory) and try again wrapper | -- Wrapper Started as Console wrapper | Launching a JVM... jvm 1| Wrapper (Version 3.2.3) http://wrapper.tanukisoftware.org jvm 1| Copyright 1999-2006 Tanuki Software, Inc. All Rights Reserved. jvm 1| jvm 1| [14:53:58] ERROR [org.apache.directory.server.wrapper.ApacheDsTanukiWrapper] - Failed to start the service. jvm 1| org.apache.directory.api.ldap.model.exception.LdapOtherException jvm 1| at org.apache.directory.server.core.api.partition.AbstractPartition.initialize(AbstractPartition.java:84) jvm 1
Re: Import LDIF with operational attributes
I installed the [image: [ ]]apacheds-2.0.0-RC1-64bit.binhttp://people.apache.org/~elecharny/apacheds-2.0.0-RC1/apacheds-2.0.0-RC1-64bit.bin and I am still having the problem. It seems like it only happens after I directly delete something from Studio. Restarting server did not fix it. I still can only see 5 entries in my users group when there are 1000+ actually there. Thanks, Kevin On Thu, Apr 11, 2013 at 10:57 AM, Emmanuel Lécharny elecha...@gmail.comwrote: Le 4/11/13 4:34 PM, Pierre-Arnaud Marcelot a écrit : Ok thanks for trying out. It must be something wrong in the server then, I guess. Yes, it seems that with ApacheDS 2.0-M11, the entry cache is broken. If you restart the server, it should be ok. Can you try with the version I posted here : http://people.apache.org/~elecharny/ ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Import LDIF with operational attributes
Hello, We are attempting to migrate some data from our apacheds 2.0.0-M2 to a newer machine running a 2.0.0-M11 install. When I export my users, I would like to preserve the entryUUID from the initial user creation. Unfortunately, when I try to import an LDIF of users that contains the entryUUID with it, I receive the error below: org.apache.directory.api.ldap.model.message.ModifyRequestImpl@9ca71e1f: ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC UUID of the entry EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation Is there any way I can preserve the entryUUIDs for these entries? Thanks, Kevin
Re: Import LDIF with operational attributes
I am binded as uid=admin,ou=system and I receive the following error: version: 1 #!RESULT ERROR #!CONNECTION ldap://ADDRESS:10636 #!DATE 2013-04-10T14:39:40.824 #!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST Message ID : 430 Modify Request Object : 'ou=users,ou=umem,ou=system' Modification[0] Operation : replace Modification objectClass: organizationalUnit objectClass: top Modification[1] Operation : replace Modification ou: users Modification[2] Operation : replace Modification entryUUID: 6d8d6e5d-487d-4d75-abc8-27e8e847f22a org.apache.directory.api.ldap.model.message.ModifyRequestImpl@9cc6142c: ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC UUID of the entry EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ] dn: ou=users,ou=umem,ou=system objectClass: organizationalUnit objectClass: top ou: users entryUUID:: NmQ4ZDZlNWQtNDg3ZC00ZDc1LWFiYzgtMjdlOGU4NDdmMjJh On Wed, Apr 10, 2013 at 2:23 PM, Kiran Ayyagari kayyag...@apache.orgwrote: if you inject as uid=admin,ou=system user the UUID should be preserved while adding On Wed, Apr 10, 2013 at 11:34 PM, Kevin Hamilton khamil...@umem.org wrote: Hello, We are attempting to migrate some data from our apacheds 2.0.0-M2 to a newer machine running a 2.0.0-M11 install. When I export my users, I would like to preserve the entryUUID from the initial user creation. Unfortunately, when I try to import an LDIF of users that contains the entryUUID with it, I receive the error below: org.apache.directory.api.ldap.model.message.ModifyRequestImpl@9ca71e1f: ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC UUID of the entry EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation Is there any way I can preserve the entryUUIDs for these entries? Thanks, Kevin -- Kiran Ayyagari http://keydap.com -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Re: Import LDIF with operational attributes
| at org.apache.directory.server.core.api.partition.AbstractPartition.initialize(AbstractPartition.java:79) jvm 1| ... 9 more jvm 1| Caused by: java.lang.NullPointerException jvm 1| at org.apache.directory.api.ldap.model.entry.StringValue.readExternal(StringValue.java:540) jvm 1| at org.apache.directory.api.ldap.model.entry.StringValue.deserialize(StringValue.java:497) jvm 1| at org.apache.directory.api.ldap.model.name.Ava.readExternal(Ava.java:1117) jvm 1| at org.apache.directory.api.ldap.model.name.Rdn.readExternal(Rdn.java:1589) jvm 1| at org.apache.directory.server.core.partition.impl.btree.jdbm.EntrySerializer.deserialize(EntrySerializer.java:184) jvm 1| at jdbm.btree.BPage.deserialize(BPage.java:1188) jvm 1| at jdbm.btree.BPage.deserialize(BPage.java:81) jvm 1| at jdbm.recman.BaseRecordManager.fetch(BaseRecordManager.java:329) jvm 1| at jdbm.recman.CacheRecordManager.fetch(CacheRecordManager.java:264) jvm 1| at jdbm.btree.BPage.loadBPage(BPage.java:949) jvm 1| at jdbm.btree.BPage.find(BPage.java:280) jvm 1| at jdbm.btree.BTree.find(BTree.java:413) jvm 1| at org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmTable.get(JdbmTable.java:325) jvm 1| at org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition.fetch(AbstractBTreePartition.java:1119) jvm 1| ... 12 more wrapper | -- Wrapper Stopped Thanks so much for your help! - Kevin On Wed, Apr 10, 2013 at 2:49 PM, Kiran Ayyagari kayyag...@apache.orgwrote: just tested, it works with M11, would it be possible for you to move to M11? (ofcourse this is the best version than any other previous versions) On Thu, Apr 11, 2013 at 12:11 AM, Kevin Hamilton khamil...@umem.org wrote: I am binded as uid=admin,ou=system and I receive the following error: version: 1 #!RESULT ERROR #!CONNECTION ldap://ADDRESS:10636 #!DATE 2013-04-10T14:39:40.824 #!ERROR [LDAP: error code 50 - INSUFFICIENT_ACCESS_RIGHTS: failed for MessageType : MODIFY_REQUEST Message ID : 430 Modify Request Object : 'ou=users,ou=umem,ou=system' Modification[0] Operation : replace Modification objectClass: organizationalUnit objectClass: top Modification[1] Operation : replace Modification ou: users Modification[2] Operation : replace Modification entryUUID: 6d8d6e5d-487d-4d75-abc8-27e8e847f22a org.apache.directory.api.ldap.model.message.ModifyRequestImpl@9cc6142c: ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC UUID of the entry EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) ] dn: ou=users,ou=umem,ou=system objectClass: organizationalUnit objectClass: top ou: users entryUUID:: NmQ4ZDZlNWQtNDg3ZC00ZDc1LWFiYzgtMjdlOGU4NDdmMjJh On Wed, Apr 10, 2013 at 2:23 PM, Kiran Ayyagari kayyag...@apache.org wrote: if you inject as uid=admin,ou=system user the UUID should be preserved while adding On Wed, Apr 10, 2013 at 11:34 PM, Kevin Hamilton khamil...@umem.org wrote: Hello, We are attempting to migrate some data from our apacheds 2.0.0-M2 to a newer machine running a 2.0.0-M11 install. When I export my users, I would like to preserve the entryUUID from the initial user creation. Unfortunately, when I try to import an LDIF of users that contains the entryUUID with it, I receive the error below: org.apache.directory.api.ldap.model.message.ModifyRequestImpl@9ca71e1f : ERR_52 Cannot modify the attribute : ATTRIBUTE_TYPE ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC UUID of the entry EQUALITY uuidMatch ORDERING uuidOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation Is there any way I can preserve the entryUUIDs for these entries? Thanks, Kevin -- Kiran Ayyagari http://keydap.com -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine -- Kiran Ayyagari http://keydap.com -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Performance problems on live server vs local machine.
Hello, I have noticed performance differences in working on my local environment (OS X) and on my live server (Linux). I use ApacheDS to authenticate on my website and to check for second factor authentication afterwards. In my local environment, everything is fast and quick (extremely efficient). On the live server (which is a much beefier machine than my local machine), it is sluggish and takes a long time for a page to load when there are calls to the ApacheDS involved. Does this sound familiar to anyone and does anyone have any ideas as to what might be the problem? Thanks, Kevin
Re: Performance problems on live server vs local machine.
I'm not entirely sure what you mean by sending direct requests. I have tried running queries on both servers in Apache Directory Studio and they are similar amounts of time for each. I thought it might have something to do with indexes that I didn't have for all of my attributes, but the indexes don't exist on my local machine either so they should be the same issues. Still scratching my head on this one. Thanks, Kevin On Fri, Jun 8, 2012 at 1:42 PM, Emmanuel Lécharny elecha...@gmail.comwrote: Le 6/8/12 7:19 PM, Kevin Hamilton a écrit : Hello, I have noticed performance differences in working on my local environment (OS X) and on my live server (Linux). I use ApacheDS to authenticate on my website and to check for second factor authentication afterwards. In my local environment, everything is fast and quick (extremely efficient). On the live server (which is a much beefier machine than my local machine), it is sluggish and takes a long time for a page to load when there are calls to the ApacheDS involved. Does this sound familiar to anyone and does anyone have any ideas as to what might be the problem? There is no reason for ApacheDS to be slower on Linux than on a mac. Have you checked if the server responds fast when you send direct requests to it ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Re: Performance problems on live server vs local machine.
If I were to try to add indexes to some of these, how would I go about that? I found the page http://directory.apache.org/apacheds/1.5/91-performance-tuning.html and saw the part about Indices must be configured before loading data into the server. Indices configured after loading entries into the server will NOT work properly unless they are built using the index builder command supplied with the ApacheDS tools command line program. More information on this in the Building Indices section below. I am not sure how to index attributes in ApacheDS v 2.0.0. I found the ou=indexes in the list and I added my desired indexes. I am curious as to whether my data will work more efficiently or if I need to somehow reload all of my current entries. Please get back to me as soon as possible. Thanks so much, Kevin On Fri, Jun 8, 2012 at 2:35 PM, Kevin Hamilton khamil...@umem.org wrote: I'm not entirely sure what you mean by sending direct requests. I have tried running queries on both servers in Apache Directory Studio and they are similar amounts of time for each. I thought it might have something to do with indexes that I didn't have for all of my attributes, but the indexes don't exist on my local machine either so they should be the same issues. Still scratching my head on this one. Thanks, Kevin On Fri, Jun 8, 2012 at 1:42 PM, Emmanuel Lécharny elecha...@gmail.comwrote: Le 6/8/12 7:19 PM, Kevin Hamilton a écrit : Hello, I have noticed performance differences in working on my local environment (OS X) and on my live server (Linux). I use ApacheDS to authenticate on my website and to check for second factor authentication afterwards. In my local environment, everything is fast and quick (extremely efficient). On the live server (which is a much beefier machine than my local machine), it is sluggish and takes a long time for a page to load when there are calls to the ApacheDS involved. Does this sound familiar to anyone and does anyone have any ideas as to what might be the problem? There is no reason for ApacheDS to be slower on Linux than on a mac. Have you checked if the server responds fast when you send direct requests to it ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine -- Kevin Hamilton (khamil...@umem.org) Application Developer Department of Emergency Medicine University of Maryland School of Medicine
Re: [ApacheDS] Re: Access Restriction
Hey Oliver,
Thanks so much for your response. I followed your instructions and
still had trouble.
I checked the source of the prescriptive ACI in my new entry. The
source is below.
{
identificationTag admin2Tag,
precedence 0,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { uid=admin2,ou=system }
}
,
userPermissions
{
{
protectedItems { allUserAttributeTypesAndValues, entry },
grantsAndDenials
{
grantBrowse,
grantCompare,
grantRename,
grantExport,
grantRead,
grantModify,
grantDiscloseOnError,
grantFilterMatch,
grantImport,
grantAdd,
grantInvoke,
grantRemove,
grantReturnDN
}
}
}
}
}
When I try to add this, I get a constraint violation that says ERR_277
Attribute userPassword not declared in objectClasses of entry
cn=admin2Test,uid=admin2,ou=system
So the main admin2 user is of objectclasses inetOrgPerson,
organizationalPerson, person, and top. He has attributes cn, sn, mail,
uid, userPassword. The DN is uid=admin2,ou=system.
I use the PasswordHashingInterceptor and I use a SSHA512. I am not
sure how to go about fixing it.
Any help would be greatly appreciated.
Thanks so much in advance,
Kevin
On Fri, Nov 4, 2011 at 7:37 AM, Oliver Schmidt
oliver.schmidt@arcor.de wrote:
Hi Kevin,
you'll have to do the following steps now:
1) Go to the entry for which you want to enable access control. Add the
attribute administrativeRole with the value accessControlSpecificArea.
AD-Studio will mention that this attribute does not belong to the schema
you use. You can ignore this.
2) Add a new entry below the entry where you have added the
administrativeRole attribute. Use the object classes
accessControlSubentry, subentry and top. As RDN attribute name, use
cn and choose a name of your preference.
2a) You will be asked to specify the subentry. Leave it empty.
2b) You will be asked to specify the ACI element:
* Identificator: your choice
* Priority: 0
* Authentication level: simple=non-SASL / strong=SASL (I would choose
simple first)
* User or element first: User
* User classes: Choose name and specify your admin2
* User permissions:
* Protected elements: entry, all user attribute types and values
* Grants and denials: Here, you can grant everything
Once you have set this up, you can play around with your ACI a little bit
more and maybe grant users to see their own entries and so on. There
should be some learning trails about access control in the user guides
which might also help you.
--
Kind regards
Oliver
Am 03.11.2011, 19:13 Uhr, schrieb Kevin Hamilton khamil...@umem.org:
Hello Oliver and Company,
I had successfully enabled the accessControl. My issue now is that I
am using another superuser I created (I called it admin2) to modify my
users. Now, I am no longer to modify my users because he does not have
access.
I read about Prescriptive ACIs, but the lack of examples left me kind
of stumped. How can I grant all access to admin2 only, or something
with the dn=uid=admin,ou=system?
Thanks,
Kevin
On Wed, Nov 2, 2011 at 2:04 PM, Oliver Schmidt
oliver.schmidt@arcor.de wrote:
On Wed, 02 Nov 2011 13:59:25 +0100, Kevin Hamilton khamil...@umem.org
wrote:
Hello everyone,
My name is Kevin and I am writing to ask a question about access to
ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the
apacheds is used to authenticate the users on my website. My question
is about accessing the apacheds. On my Apache Directory Studio, I can
login as admin and see everything. The problem is that I can also log
in as any other user in the database and I can see other user's
information. Not sure if I am being clear.
If someone has their own username and password and also the port and
address of my server, they can login (using Apache Directory Studio or
any other client) and see all of the records. Obviously the passwords
are hashed, but it is still a liability for the users to be able to
see e-mails/etc of other users.
Is there any way to limit the information that certain users can see
(ie, they could login, but not see any records)?
Please let me know soon.
Thanks,
Kevin
Hi Kevin,
I'm moving this topic to the users list...
There's a chapter about this topic in the doco. Please see the User
Guides
on the topic authorization.
Depending on what you intend to allow/disallow your users to see in your
directory, you might also need to write some ACIs. If you want, I can
assist
you setting this up.
Please note that ehe
Re: [ApacheDS] Re: Access Restriction
version: 1
dn: uid=admin2,ou=systemobjectclass: organizationalPersonobjectclass:
personobjectclass: inetOrgPersonobjectclass: topcn: admin2sn:
admin2mail: admin@umem.orguid: admin2userPassword:: REMOVED for
e-mailadministrativeRole: accessControlSpecificAreacreateTimestamp:
2004121155ZcreatorsName:
0.9.2342.19200300.100.1.1=admin,2.5.4.11=systementryCSN:
2004121347.312000Z#00#000#00entryParentId: 1entryUUID::
REMOVED for e-mailmodifiersName:
0.9.2342.19200300.100.1.1=admin,2.5.4.11=systemmodifyTimestamp:
2004121347ZpwdHistory:: REMOVED for e-mail
On Fri, Nov 4, 2011 at 9:01 AM, Emmanuel Lecharny elecha...@gmail.com wrote:
On 11/4/11 1:23 PM, Kevin Hamilton wrote:
Hey Oliver,
Thanks so much for your response. I followed your instructions and
still had trouble.
I checked the source of the prescriptive ACI in my new entry. The
source is below.
{
identificationTag admin2Tag,
precedence 0,
authenticationLevel simple,
itemOrUserFirst userFirst:
{
userClasses
{
name { uid=admin2,ou=system }
}
,
userPermissions
{
{
protectedItems { allUserAttributeTypesAndValues, entry },
grantsAndDenials
{
grantBrowse,
grantCompare,
grantRename,
grantExport,
grantRead,
grantModify,
grantDiscloseOnError,
grantFilterMatch,
grantImport,
grantAdd,
grantInvoke,
grantRemove,
grantReturnDN
}
}
}
}
}
When I try to add this, I get a constraint violation that says ERR_277
Attribute userPassword not declared in objectClasses of entry
cn=admin2Test,uid=admin2,ou=system
Can you provide the LDIF for this entry ?
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
--
Thanks,
Kevin
Re: [ApacheDS] Re: Access Restriction
The cn=admin2Test,uid=admin2,ou=system was never created because the error occurred while I was trying to create it. I was following Oliver's instructions by doing the following: 2) Add a new entry below the entry where you have added the administrativeRole attribute. Use the object classes accessControlSubentry, subentry and top. As RDN attribute name, use cn and choose a name of your preference. 2a) You will be asked to specify the subentry. Leave it empty. 2b) You will be asked to specify the ACI element: * Identificator: your choice * Priority: 0 * Authentication level: simple=non-SASL / strong=SASL (I would choose simple first) * User or element first: User * User classes: Choose name and specify your admin2 * User permissions: * Protected elements: entry, all user attribute types and values * Grants and denials: Here, you can grant everything When he says add a new entry below the entry where I added administrativeRole, he means I should right click on the uid=admin,ou=system and add an entry to that, right? That is what I have been doing. Is this incorrect? Thanks, Kevin On Fri, Nov 4, 2011 at 9:18 AM, Emmanuel Lécharny elecha...@apache.org wrote: On 11/4/11 2:13 PM, Kevin Hamilton wrote: version: 1 dn: uid=admin2,ou=systemobjectclass: organizationalPersonobjectclass: personobjectclass: inetOrgPersonobjectclass: topcn: admin2sn: admin2mail:admin@umem.orguid: admin2userPassword:: REMOVED for e-mailadministrativeRole: accessControlSpecificAreacreateTimestamp: 2004121155ZcreatorsName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=systementryCSN: 2004121347.312000Z#00#000#00entryParentId: 1entryUUID:: REMOVED for e-mailmodifiersName: 0.9.2342.19200300.100.1.1=admin,2.5.4.11=systemmodifyTimestamp: 2004121347ZpwdHistory:: REMOVED for e-mail Thanks, but the error messag was not for this entry, but for cn=admin2Test,uid=admin2,ou=system Do you have the LDIF for this entry ? -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com -- Thanks, Kevin
Re: [ApacheDS] Re: Access Restriction
Hello Oliver and Company, I had successfully enabled the accessControl. My issue now is that I am using another superuser I created (I called it admin2) to modify my users. Now, I am no longer to modify my users because he does not have access. I read about Prescriptive ACIs, but the lack of examples left me kind of stumped. How can I grant all access to admin2 only, or something with the dn=uid=admin,ou=system? Thanks, Kevin On Wed, Nov 2, 2011 at 2:04 PM, Oliver Schmidt oliver.schmidt@arcor.de wrote: On Wed, 02 Nov 2011 13:59:25 +0100, Kevin Hamilton khamil...@umem.org wrote: Hello everyone, My name is Kevin and I am writing to ask a question about access to ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the apacheds is used to authenticate the users on my website. My question is about accessing the apacheds. On my Apache Directory Studio, I can login as admin and see everything. The problem is that I can also log in as any other user in the database and I can see other user's information. Not sure if I am being clear. If someone has their own username and password and also the port and address of my server, they can login (using Apache Directory Studio or any other client) and see all of the records. Obviously the passwords are hashed, but it is still a liability for the users to be able to see e-mails/etc of other users. Is there any way to limit the information that certain users can see (ie, they could login, but not see any records)? Please let me know soon. Thanks, Kevin Hi Kevin, I'm moving this topic to the users list... There's a chapter about this topic in the doco. Please see the User Guides on the topic authorization. Depending on what you intend to allow/disallow your users to see in your directory, you might also need to write some ACIs. If you want, I can assist you setting this up. Please note that ehe documentation still mentions the server.xml file. This file is however obsolete in version 2.0. Instead, config is done directly in the server. You can alter the configuration using ehe Directory Studio. Just look under the ou=config node. Kind regards Oliver -- Thanks, Kevin
Problem with Certificate Loading
Hello, My name is Kevin Hamilton and I am currently attempting to set up ApacheDS 2.0.0-M2 on a linux server. When I try to set up SSL encryption, it claims that my certificate is not valid, and prompts me to accept it or not. When I hit yes, it allows me to log on to the LDAP. However, when I try to connect via ldaps:// using PHP, it does not connect to the server and gives an error that the certificate is not valid. I have a valid certificate from my website that seemingly would work if I changed it. I narrowed down the certificate location to the uid=admin,ou=system entry. I click on certificate and load in my site's valid certificate. But when I close out of Apache Directory Studio and come back in, it has reverted back to the original certificate. Also, in the rare cases where it hasn't reverted, the publickey/privatekey entries have not updated, so it still fails. How can I add my certificate to the server so it works well with php and ssl? Thanks in advance, Kevin
Adding universal attributes
Hello everyone, I am somewhat new to ApacheDS, but I was wondering if anyone could help me with creating attributes that can be used by everything. I would like to have every record contain a uuid attribute. How would I go about creating a UUID attribute and making it useable by all objectclasses? Any help is greatly appreciated. Thanks! - Kevin
Re: Adding universal attributes
I am still having trouble even creating attributes. I go into schema editor, and I create a new schema called uuid-schema. I add an attribute called uuid with my desired properties. I then create an auxiliary objectclass called uuid-class. The attributes are optional uuid. I think export this as apacheds file. Then I go back to my LDAP browser and import LDIF and get the file. It successfully adds the schema to the ou=schema section in LDAP but I cannot view either the object class nor the attribute in the schema browser. Am I doing something wrong? How can I start using this new attribute when I can't find it anywhere? Thanks in advance, Kevin On Wed, Aug 10, 2011 at 10:31 AM, Pierre-Arnaud Marcelot p...@marcelot.net wrote: Hi Kevin, How about defining an auxiliary object class which contains this UUID attribute (either as a mandatory or optional attribute type)? This would allow you to add the UUID attribute to any entry (after adding the new object class to the 'objectClass' attribute of the entry of course). This way you don't have to modify any existing class hierarchy. Hope this helps, Pierre-Arnaud On 10 août 2011, at 16:23, Kevin Hamilton wrote: Hello everyone, I am somewhat new to ApacheDS, but I was wondering if anyone could help me with creating attributes that can be used by everything. I would like to have every record contain a uuid attribute. How would I go about creating a UUID attribute and making it useable by all objectclasses? Any help is greatly appreciated. Thanks! - Kevin
Re: Adding universal attributes
I decided to use the entryUUID. Thanks for all of your help. I am still, however, having trouble creating new objectClasses. I get the following error. To me it seems like my entry has an OID, so why is it saying it doesn't? !ERROR [LDAP: error code 53 - UNWILLING_TO_PERFORM: failed for MessageType : ADD_REQUEST Message ID : 149 Add Request : Entry dn[n]: m-oid=1.23.41.1231234.25324.23342.1234, ou=attributeTypes, cn=cookie, ou=schema objectclass: metaAttributeType objectclass: metaTop objectclass: top m-oid: 1.23.41.1231234.25324.23342.1234 m-description: Timestamp of when cookie will expire m-name: cookie-expire : ERR_345 Cannot add the AttributeType m-oid=1.23.41.1231234.25324.23342.1234, ou=attributeTypes, cn=cookie, ou=schema into the registries, the resulting registries would be inconsistent : org.apache.directory.shared.ldap.model.exception.LdapSchemaException: ERR_04307 The AttributeType cookie-expire must have a syntax OID or a superior, it does not have any.] Thanks so much, Kevin On Wed, Aug 10, 2011 at 11:52 AM, Pierre-Arnaud Marcelot p...@marcelot.net wrote: On 10 août 2011, at 17:36, Kevin Hamilton wrote: Editing an entry and adding my object class and the uuid attribute worked. But that still doesn't explain why it is not showing up in schema browser?? Probably a bug with the schema cache on the Studio side or a bug in the way ApacheDS provides its schema via the subSchemaSubentry. You can also try to reload the schema using the connection property page: http://directory.apache.org/studio/static/users_guide/ldap_browser/tools_connection_properties.html#tools_connection_properties_schema Maybe it will work better... Also, I was wondering if there was a way to make the default entry view display the entryUUID attribute? Nope, we only display attributes containing at least one value. Regards, Pierre-Arnaud PS: Sent a second time to include the list... On 10 août 2011, at 17:08, Kevin Hamilton wrote: I am still having trouble even creating attributes. I go into schema editor, and I create a new schema called uuid-schema. I add an attribute called uuid with my desired properties. I then create an auxiliary objectclass called uuid-class. The attributes are optional uuid. I think export this as apacheds file. Then I go back to my LDAP browser and import LDIF and get the file. It successfully adds the schema to the ou=schema section in LDAP but I cannot view either the object class nor the attribute in the schema browser. Am I doing something wrong? How can I start using this new attribute when I can't find it anywhere? Thanks in advance, Kevin On Wed, Aug 10, 2011 at 10:31 AM, Pierre-Arnaud Marcelot p...@marcelot.net wrote: Hi Kevin, How about defining an auxiliary object class which contains this UUID attribute (either as a mandatory or optional attribute type)? This would allow you to add the UUID attribute to any entry (after adding the new object class to the 'objectClass' attribute of the entry of course). This way you don't have to modify any existing class hierarchy. Hope this helps, Pierre-Arnaud On 10 août 2011, at 16:23, Kevin Hamilton wrote: Hello everyone, I am somewhat new to ApacheDS, but I was wondering if anyone could help me with creating attributes that can be used by everything. I would like to have every record contain a uuid attribute. How would I go about creating a UUID attribute and making it useable by all objectclasses? Any help is greatly appreciated. Thanks! - Kevin
Re: ApacheDS Interceptor
Thanks for all of your help thus far. I have a few questions still though. I read online that I could use a jar uf command line function to replace .class files in .jar files. This has not worked for me. I was hoping someone could tell me if I was doing something wrong. Thanks in advance. - Kevin On Fri, Jul 15, 2011 at 8:10 PM, Kiran Ayyagari kayyag...@apache.org wrote: Yup On 16-Jul-2011 12:20 AM, Kevin Hamilton khamil...@umem.org wrote: Thanks so much to all of you for helping. I got it installed and have it hashing SSHA-512 and it seems to be working well (binding as well). I will try next week to make a custom hashing algorithm. I assume to accomplish this, I would need only to make a CustomPasswordHashingInterceptor.java and add it in the config.ldif file. Then add stuff to PasswordUtil.java and edit SimpleAuthenticator.java. Does this sound like the right track? Thanks again, Kevin On Fri, Jul 15, 2011 at 1:22 PM, Emmanuel Lecharny elecha...@gmail.com wrote: On 7/15/11 7:19 P...
Re: ApacheDS Interceptor
Hi Kiran,
I downloaded ApacheDS v1.5.7 and am using Apache Directory Studio as
my client for now. I am not sure what you mean by version ,2.0-M1. If
that is an updated version, could you direct to a place a could get
it? Thanks so much for your response.
Thanks,
Kevin
On Fri, Jul 15, 2011 at 1:08 PM, Kiran Ayyagari kayyag...@apache.org wrote:
Hi Kevin,
If you are using the version ,2.0-M1 then there exists a password
hashing interceptor enabled by defaut and there exists support for many
hashing algorithms, you just need to set the relevant implementation's FQCN.
Let us know if you still have issues with bind() after this change
On 15-Jul-2011 9:23 PM, Stefan Zoerner ste...@labeo.de wrote:
Hi Kevin,
currently I am quite busy and others at the users mailing list know the
server much better than me.
I therefore forward it to the list. Hopefully, you are subscribed to it.
Greetings from Hamburg,
StefanZ
Am 15.07.2011 14:26, schrieb Kevin Hamilton:
Sorry to bother you, but I just came across your interceptor tutorial
for ApacheDS. Thank you for it! It has greatly helped me. I was able
to successfully configure it. The problem I am facing is that I
implemented my own custom hash into the interceptor rather than use
the MD5. It works well and hashes the passwords whenever someone
modifies or adds a new one.
The problem I am having is that with my custom hash, the server does
not know to hash the passwords on a bind attempt. I attempted to write
a function that intercepted bind, but it did not work. I was wondering
if you could give me some direction in this problem. I tried the code
below to intercept the bind, but it did not work.
public void bind(NextInterceptor next, BindOperationContext opContext)
throws Exception {
byte[] password = opContext.getCredentials();
if (password != null) {
password = applyHashAlgorithm(**hashAlgorithm,
password);
}
opContext.setCredentials(**password);
super.bind(next, opContext);
}
If you have time, please give me some advice.
Thanks,
Kevin
Re: ApacheDS Interceptor
Thanks so much to all of you for helping. I got it installed and have it hashing SSHA-512 and it seems to be working well (binding as well). I will try next week to make a custom hashing algorithm. I assume to accomplish this, I would need only to make a CustomPasswordHashingInterceptor.java and add it in the config.ldif file. Then add stuff to PasswordUtil.java and edit SimpleAuthenticator.java. Does this sound like the right track? Thanks again, Kevin On Fri, Jul 15, 2011 at 1:22 PM, Emmanuel Lecharny elecha...@gmail.com wrote: On 7/15/11 7:19 PM, Kevin Hamilton wrote: Hi Kiran, I downloaded ApacheDS v1.5.7 and am using Apache Directory Studio as my client for now. I am not sure what you mean by version ,2.0-M1. If that is an updated version, could you direct to a place a could get it? Thanks so much for your response. http://directory.apache.org/apacheds/2.0/downloads.html -- Regards, Cordialement, Emmanuel Lécharny www.iktek.com
