Re: Can help me some demo code about Delegation Control in AD in ldap api
And finally, the project doc page on pw policies: https://directory.apache.org/apacheds/advanced-ug/4.3-password-policy.html > On Sep 12, 2019, at 8:45 AM, Shawn McKinney wrote: > > >> On Sep 12, 2019, at 8:44 AM, Shawn McKinney wrote: >> >> Also you asked about pw policies: >> >> https://iamfortress.net/2015/06/11/what-are-password-policies/ >> >> NOt so difficult of a topic as delegation. Should be easier to find some >> samples. >> >> Here’s how fortress does it. Keep in mind the test class uses the fortress >> APIs, which then call the Apache LDAP Apis, meaning you’ll have to connect >> the dots to understand how the pwpolicy is interpreted. > > And the link to fortress pwpolicy tests: > > https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/impl/PswdPolicyMgrImplTest.java > - > To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org > For additional commands, e-mail: dev-h...@directory.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: Can help me some demo code about Delegation Control in AD in ldap api
> On Sep 12, 2019, at 8:44 AM, Shawn McKinney wrote: > > Also you asked about pw policies: > > https://iamfortress.net/2015/06/11/what-are-password-policies/ > > NOt so difficult of a topic as delegation. Should be easier to find some > samples. > > Here’s how fortress does it. Keep in mind the test class uses the fortress > APIs, which then call the Apache LDAP Apis, meaning you’ll have to connect > the dots to understand how the pwpolicy is interpreted. And the link to fortress pwpolicy tests: https://github.com/apache/directory-fortress-core/blob/master/src/test/java/org/apache/directory/fortress/core/impl/PswdPolicyMgrImplTest.java - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: Can help me some demo code about Delegation Control in AD in ldap api
> On Sep 12, 2019, at 7:49 AM, Shawn McKinney wrote: > > Fortress provides administrative delegation using the ARBAC02 model. I’m > sure you could do some searching to learn more if you have interest. Here’s a primer on the topic. Wish I had something to share with you that was more succinct and to the point. One day perhaps… https://iamfortress.net/2015/06/11/what-is-delegated-administration/ https://symas.com/recent-improvements-in-apache-fortress-rest-delegated-administration/ Also you asked about pw policies: https://iamfortress.net/2015/06/11/what-are-password-policies/ NOt so difficult of a topic as delegation. Should be easier to find some samples. Here’s how fortress does it. Keep in mind the test class uses the fortress APIs, which then call the Apache LDAP Apis, meaning you’ll have to connect the dots to understand how the pwpolicy is interpreted. — Shawn - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
Re: Can help me some demo code about Delegation Control in AD in ldap api
Hello, > On Sep 12, 2019, at 1:41 AM, Chung Tran wrote: > > - i found about open source project like this : > https://www.programcreek.com/java-api-examples/?code=apache%2Fdirectory-fortress-enmasse%2Fdirectory-fortress-enmasse-master%2Fsrc%2Fmain%2Fjava%2Forg%2Fapache%2Fdirectory%2Ffortress%2Frest%2FReviewMgrImpl.java# > > - but it hard to understand. That is Apache Fortress Rest, a.k.a. Enmasse. It is a Web service interface for the Apache Fortress Core APIs. Fortress is built on top of the Apache LDAP API, providing an RBAC centric schema and functionality over an LDAPv3 backend. > > On Sep 12, 2019, at 1:41 AM, Chung Tran wrote: > > - i can connect to Active Directory Users and Computers(ADUC), via > administrator, write some CRUD user, by using Apache Ldap API in java code. Yes, that is what the LDAP API is for, connecting to disparate LDAP server back ends to perform ad-hoc functionality. > > On Sep 12, 2019, at 1:41 AM, Chung Tran wrote: > > - i want Admin can make permission for user in [Users], use Delegation of > Control to do this, some delegate: create, delete & manage user acc; or Reset > password, etc.(att pic1) > > - Documentation LDAP API dont have content for this. > > Q1: can u help write some demo code to slove Delegation of Control to > permission for user ? > Q2: ldap API access [Reset Password..] (att pic2) in ADUC to reset user pw, > can u have me some demo for slove this? > What do you mean by delegation of control to permission user? Delegation is an advanced topic. What’s more there is not a discernible standard on how its to be done making it difficult to provide examples that have broad applicability. Fortress provides administrative delegation using the ARBAC02 model. I’m sure you could do some searching to learn more if you have interest. What’s more, it has basic CRUD for user’s and groups. I doubt you would find it useful for entries stored in AD, as it has a custom schema that extends inetorgperson. There are also samples and tests in the fortress core repo that show howto do some of these types of things. —Shawn - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
