[jira] [Commented] (DIRSERVER-1970) Connection refused after stopping and restarting the server

[ https://issues.apache.org/jira/browse/DIRSERVER-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507060#comment-14507060 ] Kiran Ayyagari commented on DIRSERVER-1970: --- Could this be due to

[jira] [Resolved] (DIRSERVER-1943) Apache DS 2.0.0-M10 Replication Doesnt work

[ https://issues.apache.org/jira/browse/DIRSERVER-1943?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kiran Ayyagari resolved DIRSERVER-1943. --- Resolution: Incomplete Assignee: Kiran Ayyagari Please use the latest

RE: Kerby GSS tests?

Hi Colm, It looks strange to me. Would you debug and check the two keys are the same in that place and the other place in KDC side KdcRequest:400: EncryptedData encryptedData = EncryptionUtil.seal(encTicketPart, serverKey, KeyUsage.KDC_REP_TICKET); Thanks. I’m going to sleep now. See

Re: [ApacheDS] Authenticator selection

+1 to your suggestion. And please remove the AuthenticationInterceptorTest I added yesterday, probably it doesn't make too much sense. Kind Regards, Stefan On 04/22/2015 12:08 PM, Emmanuel Lécharny wrote: Hi, yesterday, we were hit by a bus, and it was expected for a very long time. The

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

[ https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507003#comment-14507003 ] Emmanuel Lecharny commented on DIRSERVER-2051: -- We are currently fixing a

Re: Apache Directory and SCIM

For what it is worth: I see something beautiful emerging. +1 Best regards, Pierre Smits *ORRTIZ.COM http://www.orrtiz.com* Services Solutions for Cloud- Based Manufacturing, Professional Services and Retail Trade http://www.orrtiz.com On Wed, Apr 22, 2015 at 2:30 PM, Emmanuel Lécharny

[jira] [Commented] (DIRSERVER-1970) Connection refused after stopping and restarting the server

[ https://issues.apache.org/jira/browse/DIRSERVER-1970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507079#comment-14507079 ] Emmanuel Lecharny commented on DIRSERVER-1970: -- Most certainly.

RE: Kerby GSS tests?

I just checked the codes in MIT Kerberos. It was clear we should use the value of TgsReq-pa-ApReq-ticket-encpart-cname. The cname field in KdcReq is only used in AsReq, not used in TgsReq. I will have a fix for this shortly. Regards, Kai From: Zheng, Kai [mailto:kai.zh...@intel.com] Sent:

[jira] [Commented] (DIRSERVER-1949) Cannot add Entry to CoreSession from custom Search Interceptor

[ https://issues.apache.org/jira/browse/DIRSERVER-1949?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507061#comment-14507061 ] Kiran Ayyagari commented on DIRSERVER-1949: --- Can we close this? Cannot add

[jira] [Resolved] (DIRSERVER-1944) ApacheDS 2.0.0-M15 Replication on secure port doesnt work

[ https://issues.apache.org/jira/browse/DIRSERVER-1944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kiran Ayyagari resolved DIRSERVER-1944. --- Resolution: Won't Fix Assignee: Kiran Ayyagari ApacheDS 2.0.0-M15

Re: Apache Directory and SCIM

Le 22/04/15 12:28, Steve Moyer a écrit : I think we've spent enough time rehashing the past ... Absolutely. let me just say that I think things would have gone a lot differently if there'd been an easy way to provide a repository branch for us to check code into. Sadly, this is not the way

Re: Kerby GSS tests?

Looks good thanks! The next problem is an NPE in EncryptionHandler. This is caused by a similar issue to before: --- a/kerby-kerb/kerb-server/src/main/java/org/apache/kerby/kerberos/kerb/server/request/TgsRequest.java +++

RE: Kerby GSS tests?

Good to this point. I’m looking at it and will respond a little later. Thanks! Regards, Kai From: Colm O hEigeartaigh [mailto:cohei...@apache.org] Sent: Wednesday, April 22, 2015 10:01 PM To: Zheng, Kai Cc: Apache Directory Developers List Subject: Re: Kerby GSS tests? Looks good thanks! The

RE: Kerby GSS tests?

Colm, Would you check out the fix below and verify it? Thanks! commit 41df0299ef254d877b6f570c1b71eb35c75e9fc5 Author: Drankye dran...@gmail.com Date: Wed Apr 22 21:25:21 2015 +0800 Fixed the issue that cname field in KdcReqBody should not be used in TgsReq Regards, Kai From: Zheng, Kai

[jira] [Assigned] (DIRKRB-236) Ensure encryption types list is correctly sent by client and processed by kdc

[ https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh reassigned DIRKRB-236: -- Assignee: Colm O hEigeartaigh Ensure encryption types list is correctly sent

[jira] [Resolved] (DIRKRB-236) Ensure encryption types list is correctly sent by client and processed by kdc

[ https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh resolved DIRKRB-236. Resolution: Fixed Ensure encryption types list is correctly sent by client and

[jira] [Updated] (DIRKRB-236) Ensure encryption types list is correctly sent by client and processed by KDC

[ https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Kai Zheng updated DIRKRB-236: - Assignee: Jiajia Li (was: Colm O hEigeartaigh) Summary: Ensure encryption types list is correctly

RE: Kerby GSS tests?

Are we sure that the tgsKey above is the right key to decrpyt the request? Yes, the ticket there to decrypt is actually for TGS to interpret and validate, a tgs key should be used. I’m still thinking about how to get the encryption type right. It’s a certain one this time. Regards, Kai From:

Re: Apache Directory and SCIM

I'm not sure the igloo project's implementation is better or worse than escimo ... it's compliant to the SCIM specification a few versions back. The current version has design flaws but is working well for us. I'll try to describe the differences but since the eSCIMo code wasn't functional when

RE: Kerby GSS tests?

Hi Colm, The fix would be as follows. Would you verify and commit it if OK? Thanks. -EncryptionType encType = getKdcReq().getReqBody().getEtypes().listItera -EncryptionKey tgsKey = getTgsEntry().getKeys().get(encType); - Ticket ticket = apReq.getTicket(); +

Re: Kerby GSS tests?

Hi Kai, I get the same error (decryption error) with this patch. Colm. On Wed, Apr 22, 2015 at 3:57 PM, Zheng, Kai kai.zh...@intel.com wrote: Hi Colm, The fix would be as follows. Would you verify and commit it if OK? Thanks. -EncryptionType encType =

[jira] [Commented] (DIRSERVER-2060) Bind not working after server startup

[ https://issues.apache.org/jira/browse/DIRSERVER-2060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506519#comment-14506519 ] Stefan Seelmann commented on DIRSERVER-2060: Added a first fix here:

[jira] [Commented] (DIRKRB-215) Implement the PRF function for DES_CBC.

[ https://issues.apache.org/jira/browse/DIRKRB-215?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506498#comment-14506498 ] Lin Chen commented on DIRKRB-215: - And please remove the codes, thanks~ {code} /** *

Re: ads-enabledciphersuites

Le 22/04/15 19:38, Stefan Seelmann a écrit : Hi, when starting up the server I always get the following error in log: [19:18:43] ERROR [org.apache.directory.api.ldap.model.entry.DefaultEntry] - ERR_04269 ATTRIBUTE_TYPE for OID ads-enabledciphersuites does not exist! What does that mean?

[jira] [Created] (DIRSERVER-2061) Logging config bundled with installers is too strict

Stefan Seelmann created DIRSERVER-2061: -- Summary: Logging config bundled with installers is too strict Key: DIRSERVER-2061 URL: https://issues.apache.org/jira/browse/DIRSERVER-2061 Project:

Re: [ApacheDS] release Package tests needed !

On 04/22/2015 01:58 AM, Emmanuel Lécharny wrote: I have created some new installers (http://people.apache.org/~elecharny/apacheds-2.0.0-M20-SNAPSHOT/) with a fix for the debian installer. I still get the error, but less often. I'd suggest you first change the Authentications as suggested in

ads-enabledciphersuites

Hi, when starting up the server I always get the following error in log: [19:18:43] ERROR [org.apache.directory.api.ldap.model.entry.DefaultEntry] - ERR_04269 ATTRIBUTE_TYPE for OID ads-enabledciphersuites does not exist! What does that mean? The attribute is used in LdapServerBean, but I

[jira] [Resolved] (DIRSERVER-2061) Logging config bundled with installers is too strict

[ https://issues.apache.org/jira/browse/DIRSERVER-2061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seelmann resolved DIRSERVER-2061. Resolution: Fixed Assignee: Stefan Seelmann Fixed here:

Re: [ApacheDS] Authenticator selection

Le 22/04/15 18:31, Stefan Seelmann a écrit : +1 to your suggestion. And please remove the AuthenticationInterceptorTest I added yesterday, probably it doesn't make too much sense. Will do. Thanks !

[jira] [Created] (DIRSTUDIO-1038) Dispose the various org.eclipse.swt.graphics.* objects we use

Emmanuel Lecharny created DIRSTUDIO-1038: Summary: Dispose the various org.eclipse.swt.graphics.* objects we use Key: DIRSTUDIO-1038 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1038

[jira] [Commented] (DIRSTUDIO-1038) Dispose the various org.eclipse.swt.graphics.* objects we use

[ https://issues.apache.org/jira/browse/DIRSTUDIO-1038?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507713#comment-14507713 ] Emmanuel Lecharny commented on DIRSTUDIO-1038: -- More specifically, the

[jira] [Comment Edited] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly

[ https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508335#comment-14508335 ] Shawn McKinney edited comment on FC-33 at 4/23/15 2:38 AM: --- Trace

[jira] [Commented] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly

[ https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508335#comment-14508335 ] Shawn McKinney commented on FC-33: -- Trace request/response for each test case: Successfull

[jira] [Commented] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly

[ https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508338#comment-14508338 ] Shawn McKinney commented on FC-33: -- 1. Successful compare pdu: : 0x30 0x81 0xB5 0x02 0x01

[jira] [Updated] (DIRKRB-237) Implement the parseOptions function in AddPrincipalExecutor

[ https://issues.apache.org/jira/browse/DIRKRB-237?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jiajia Li updated DIRKRB-237: - Issue Type: New Feature (was: Bug) Implement the parseOptions function in AddPrincipalExecutor

[jira] [Updated] (DIRKRB-238) Enhance kadmin to support remove entry(s) from a keytab

[ https://issues.apache.org/jira/browse/DIRKRB-238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jiajia Li updated DIRKRB-238: - Issue Type: New Feature (was: Bug) Enhance kadmin to support remove entry(s) from a keytab

[jira] [Created] (DIRKRB-238) Enhance kadmin to support remove entry(s) from a keytab

Jiajia Li created DIRKRB-238: Summary: Enhance kadmin to support remove entry(s) from a keytab Key: DIRKRB-238 URL: https://issues.apache.org/jira/browse/DIRKRB-238 Project: Directory Kerberos

[jira] [Commented] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly

[ https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508272#comment-14508272 ] Shawn McKinney commented on FC-33: -- Explanation for how the fortress authorization audit works

[jira] [Updated] (DIRKRB-229) Enhance kadmin to support list principals

[ https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xu Yaning updated DIRKRB-229: - Attachment: DIRKRB-229-v1.patch Enhance kadmin to support list principals

[jira] [Comment Edited] (FC-33) AuditMgr.getUserAuthZ cannot pull back faileOnly

[ https://issues.apache.org/jira/browse/FC-33?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14508335#comment-14508335 ] Shawn McKinney edited comment on FC-33 at 4/23/15 2:40 AM: --- Trace

[jira] [Updated] (DIRKRB-228) Enhance kadmin to support get principal

[ https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xu Yaning updated DIRKRB-228: - Attachment: DIRKRB-228-v1.patch Enhance kadmin to support get principal

[jira] [Updated] (DIRKRB-225) Enhance kadmin to support modify principal

[ https://issues.apache.org/jira/browse/DIRKRB-225?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jiajia Li updated DIRKRB-225: - Attachment: DIRKRB-225-V1.patch Implement the modify principal in this patch. Enhance kadmin to support

[jira] [Created] (DIRKRB-237) Implement the parseOptions function in AddPrincipalExecutor

Jiajia Li created DIRKRB-237: Summary: Implement the parseOptions function in AddPrincipalExecutor Key: DIRKRB-237 URL: https://issues.apache.org/jira/browse/DIRKRB-237 Project: Directory Kerberos

[jira] [Created] (DIRKRB-239) Implement the interface RadomProvider

Xu Yaning created DIRKRB-239: Summary: Implement the interface RadomProvider Key: DIRKRB-239 URL: https://issues.apache.org/jira/browse/DIRKRB-239 Project: Directory Kerberos Issue Type:

[jira] [Updated] (DIRKRB-239) Implement the interface RadomProvider

[ https://issues.apache.org/jira/browse/DIRKRB-239?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xu Yaning updated DIRKRB-239: - Attachment: DIRKRB-239-v1.patch Implement the interface RadomProvider

[jira] [Commented] (DIRSERVER-1934) LdapCoreSessionConnection does not include controls in response

[ https://issues.apache.org/jira/browse/DIRSERVER-1934?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14507073#comment-14507073 ] Kiran Ayyagari commented on DIRSERVER-1934: --- [~lthei...@mitre.org] Is this

[jira] [Created] (DIRSERVER-2062) Systemd support

Stefan Seelmann created DIRSERVER-2062: -- Summary: Systemd support Key: DIRSERVER-2062 URL: https://issues.apache.org/jira/browse/DIRSERVER-2062 Project: Directory ApacheDS Issue Type:

RE: [jira] [Commented] (DIRKRB-215) Implement the PRF function for DES_CBC.

Okey, that's created by IDE, I'll remove it -Original Message- From: Lin Chen (JIRA) [mailto:j...@apache.org] Sent: Wednesday, April 22, 2015 2:15 PM To: dev@directory.apache.org Subject: [jira] [Commented] (DIRKRB-215) Implement the PRF function for DES_CBC. [

Re: [jira] [Commented] (DIRKRB-215) Implement the PRF function for DES_CBC.

On Wed, Apr 22, 2015 at 3:43 PM, Xu, Yaning yaning...@intel.com wrote: Okey, that's created by IDE, I'll remove it the best way is to import this[1] template into Eclipse, which will save a lot of time [1] http://svn.apache.org/repos/asf/directory/project/trunk/resources/codetemplates.xml

Re: [ApacheDS] Authenticator selection

On Wed, Apr 22, 2015 at 6:08 PM, Emmanuel Lécharny elecha...@gmail.com wrote: Hi, yesterday, we were hit by a bus, and it was expected for a very long time. The way we handle authenticators is far from ebing perfect. Here is the current code : public void bind( BindOperationContext

Re: Kerby GSS tests?

Ok with the current code I've made some progress - I can now successfully get a TGT from Kerby. However, I'm running into a puzzling issue when trying to get a service key. Essentially, the clientPrincipal in KdcRequest.checkClient() is an empty String (and has a null NameType). This means that it

Re: Apache Directory and SCIM

I think we've spent enough time rehashing the past ... let me just say that I think things would have gone a lot differently if there'd been an easy way to provide a repository branch for us to check code into. On the other hand, I can certainly understand why you don't want to change your

Re: Apache Directory and SCIM

I don't think that having two different implementations of the same thing at Apache Directory is a good thing. However, it's certainly not unheard of for a project to replace an older codebase with a new donated codebase for a new major release, if there is a compelling reason to do so. For

[ApacheDS] Authenticator selection

Hi, yesterday, we were hit by a bus, and it was expected for a very long time. The way we handle authenticators is far from ebing perfect. Here is the current code : public void bind( BindOperationContext bindContext ) throws LdapException { ... for ( Authenticator

[jira] [Updated] (DIRKRB-215) Implement the PRF function for DES_CBC.

[ https://issues.apache.org/jira/browse/DIRKRB-215?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xu Yaning updated DIRKRB-215: - Attachment: DIRKRB-215-v3.patch Implement the PRF function for DES_CBC.

[jira] [Commented] (DIRKRB-228) Enhance kadmin to support get principal

[ https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506837#comment-14506837 ] Xu Yaning commented on DIRKRB-228: -- Okay, I'll! Enhance kadmin to support get principal

[jira] [Commented] (DIRKRB-228) Enhance kadmin to support get principal

[ https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506838#comment-14506838 ] Xu Yaning commented on DIRKRB-228: -- Okay, I'll! Enhance kadmin to support get principal

[jira] [Issue Comment Deleted] (DIRKRB-228) Enhance kadmin to support get principal

[ https://issues.apache.org/jira/browse/DIRKRB-228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xu Yaning updated DIRKRB-228: - Comment: was deleted (was: Okay, I'll!) Enhance kadmin to support get principal

[jira] [Commented] (DIRKRB-229) Enhance kadmin to support list principals

[ https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506844#comment-14506844 ] Xu Yaning commented on DIRKRB-229: -- Okay,I'll! Enhance kadmin to support list

[jira] [Commented] (DIRKRB-229) Enhance kadmin to support list principals

[ https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=14506846#comment-14506846 ] Xu Yaning commented on DIRKRB-229: -- Okay,I'll! Enhance kadmin to support list

[jira] [Issue Comment Deleted] (DIRKRB-229) Enhance kadmin to support list principals

[ https://issues.apache.org/jira/browse/DIRKRB-229?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Xu Yaning updated DIRKRB-229: - Comment: was deleted (was: Okay,I'll!) Enhance kadmin to support list principals

RE: Kerby GSS tests?

Hi Colm, Thanks for your good progress and analysis. I’m not sure how KDC would handle in such case, but a possibility is to use the client principal name in the TGT ticket, would you inspect the fields of the passed TGT and use the client field in it, when it’s null in the KdcReq? I will

Re: Apache Directory and SCIM

Le 22/04/15 04:33, Steve Moyer a écrit : All, Given Emmanuel's disappointment conveyed in the original thread (on the Fortress mailing list), please consider the proposal withdrawn. Nah, forgive me for my initial mail, I most certainly overreacted, and I'm sorry for that. I would suggest that

[jira] [Updated] (DIRKRB-236) Ensure encryption types list is correctly sent by client and processed by kdc

[ https://issues.apache.org/jira/browse/DIRKRB-236?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jiajia Li updated DIRKRB-236: - Attachment: DIRKRB-236-V1.patch In this patch, sort the encryption types in {{KdcRequest}}. Ensure

Re: Apache Directory and SCIM

Le 22/04/15 03:55, Steve Moyer a écrit : Kiran, I certainly didn't want or expect you to be disappointed! Well, as human beings, we have feelings, which may be overstated at some point. DIsapointement might be a bit strong : it was more a surprise to me than a disagrement, as I really thought

Re: Apache Directory and SCIM

Le 22/04/15 12:42, Colm O hEigeartaigh a écrit : I don't think that having two different implementations of the same thing at Apache Directory is a good thing. However, it's certainly not unheard of for a project to replace an older codebase with a new donated codebase for a new major release,