Re: Password policy
Le 29/01/16 02:26, akary...@yahoo.gr a écrit : > Hi, > I'd like to enforce some rules for password values (such as use of at least 2 > capitals, 1 number, 1 symbol, etc). Is it possible to do this with > configuration in the server? I've seen the password policy view in Apache > Directory Studio but it doesn't have anything like that. No, it's not a policy you can enforce atm. That would require some extension to the server. > If it's not configurable out of the box, is there maybe an API that one could > use to write a custom "plugin" class that would be invoked whenever an > attempt to change the userPassword attribute's value is made? You can replace the PasswordValidator hat is used by default. There is an interface (http://directory.apache.org/apacheds/gen-docs/2.0.0-M20/apidocs/org/apache/directory/server/core/api/authn/ppolicy/PasswordValidator.html) that can be implemented (here is the code for the default impl : http://directory.apache.org/apacheds/gen-docs/2.0.0-M20/xref/org/apache/directory/server/core/api/authn/ppolicy/DefaultPasswordValidator.html). Once you have created your own validator, you have to modify the server configuration to tell the server what class to use to run a custom validator : feed the ads-pwdValidator attribute with your password validator FQCN. The parameter is described on http://directory.apache.org/apacheds/advanced-ug/2.1-config-description.html#password-policies
Re: DHCP using Apache directory server
Le 28/01/16 15:46, Sherman Lilly a écrit : > How to do I do that? Assuming that you have a backup of your database content in a LDIF format, just delete the existing data from your disk (/instance//partitions/) Typically, on my linux box : /opt/apacheds-2.0.0-M22-SNAPSHOT/instances/default/partitions/example : [root@brie example]# ll total 620 -rw-r--r--. 1 root root 0 Jan 27 15:55 0.9.2342.19200300.100.1.1.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 0.9.2342.19200300.100.1.1.lg -rw-r--r--. 1 root root 222 Jan 27 15:55 0.9.2342.19200300.100.1.1-uid.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 0.9.2342.19200300.100.1.25.db -rw-r--r--. 1 root root 257 Jan 27 15:55 0.9.2342.19200300.100.1.25-dc.txt -rw-r--r--. 1 root root 41362 Jan 27 15:55 0.9.2342.19200300.100.1.25.lg -rw-r--r--. 1 root root 273 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3-apachePresence.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3.lg -rw-r--r--. 1 root root 264 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50-apacheRdn.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50.lg -rw-r--r--. 1 root root 211 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5-apacheOneAlias.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5.lg -rw-r--r--. 1 root root 208 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.6-apacheSubAlias.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.6.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.6.lg -rw-r--r--. 1 root root 204 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.7-apacheAlias.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.7.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.7.lg -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.4203.666.1.7.db -rw-r--r--. 1 root root 246 Jan 27 15:55 1.3.6.1.4.1.4203.666.1.7-entryCSN.txt -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.4203.666.1.7.lg -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.5322.10.1.1.db -rw-r--r--. 1 root root 215 Jan 27 15:55 1.3.6.1.4.1.5322.10.1.1-krb5PrincipalName.txt -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.5322.10.1.1.lg -rw-r--r--. 1 root root 148 Jan 27 15:55 2.5.18.5-administrativeRole.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 2.5.18.5.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 2.5.18.5.lg -rw-r--r--. 1 root root 0 Jan 27 15:55 2.5.4.0.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 2.5.4.0.lg -rw-r--r--. 1 root root 184 Jan 27 15:55 2.5.4.0-objectClass.txt -rw-r--r--. 1 root root 0 Jan 27 15:55 2.5.4.11.db -rw-r--r--. 1 root root 41362 Jan 27 15:55 2.5.4.11.lg -rw-r--r--. 1 root root 257 Jan 27 15:55 2.5.4.11-ou.txt -rw-r--r--. 1 root root 40960 Jan 27 15:55 master.db -rw-r--r--. 1 root root 8 Jan 27 15:55 master.lg Just get rid of all that. They will be recreated when you inject the LDIF that contains your data.
Re: DHCP using Apache directory server
Le 29/01/16 00:45, Sherman Lilly a écrit : > I haven't installed any relevant data that is important. So deleting the > database is not important but how do I start a new and make that > modification to the dhcp schema and the server startup properly. Since it > wasn't working I did load any data yet. This is just to see if I can get it > to work with DHCP lookup. As soon as you have blanked your data, restarted the server, then you should be able to modify your schema, stop and restart the server, and then reinject the data into your started server.
Re: DHCP using Apache directory server
There may be an easier way to get an LDIF dump but I have this method run nightly by a Spring task in an LDAP related web application. I haven't switched over to ApacheDS in production but I use this against 389-ds in production and ApacheDS in development. This dumps people, groups and organization units to a daily rolling log file (configured via logback). It helps me sleep easier with my current single directory server and it is what is making me comfortable enough to switch to ApacheDS, knowing that if there is a corruption I can recover from a recent backup. I don't recall why I used ldaptive instead of ApacheDS ldif functionality. This wouldn't handle a really large directory because it's reading the entire directory into memory and writing everything to a String before logging it. The directory I am using it on has less than 1500 entries, mostly people. import java.io.IOException; import java.io.StringWriter; import java.util.Collection; import java.util.Map; import java.util.TreeMap; import org.apache.commons.lang.StringUtils; import org.ldaptive.Connection; import org.ldaptive.DefaultConnectionFactory; import org.ldaptive.LdapEntry; import org.ldaptive.Response; import org.ldaptive.SearchFilter; import org.ldaptive.SearchRequest; import org.ldaptive.SearchResult; import org.ldaptive.control.util.PagedResultsClient; import org.ldaptive.io.LdifWriter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class LdifDumper { private static final Logger LDIF_BACKUP = LoggerFactory.getLogger("LDIF_BACKUP"); private static final Logger logger = LoggerFactory.getLogger(LdifDumper.class); public void dumpLdif(DefaultConnectionFactory connectionFactory, String baseDn) { String[] objectClasses = { "domain", "organizationalunit", "groupOfUniqueNames", "person" }; StringWriter writer = new StringWriter(); LdifWriter ldifWriter = new LdifWriter(writer); try (Connection conn = connectionFactory.getConnection()) { conn.open(); PagedResultsClient client = new PagedResultsClient(conn, 500); for (int i = 0; i < objectClasses.length; i++) { MapentryMap = new TreeMap (); SearchFilter filter = new SearchFilter("(objectclass=" + objectClasses[i] + ")"); SearchRequest request = new SearchRequest(baseDn, filter); request.setSearchScope(org.ldaptive.SearchScope.SUBTREE); Response response = client.executeToCompletion(request); SearchResult result = response.getResult(); Collection entries = result.getEntries(); for (LdapEntry ldapEntry : entries) { String key = ldapEntry.getDn(); // hack - count commas so higher level entities sort first // (e.g. for nested OUs - create ou=Groups before ou=Groups,ou=App1 ) int commaCount = StringUtils.countMatches(key, ","); key = commaCount + key; entryMap.put(key, ldapEntry); } // print out sorted entries for (Map.Entry mapEntry : entryMap.entrySet()) { ldifWriter.write(new SearchResult(mapEntry.getValue())); } } LDIF_BACKUP.info(writer.toString()); } catch (org.ldaptive.LdapException | IOException e) { logger.error("Error dumping users to ldif: " + e.getMessage(),e); } } } On Thu, Jan 28, 2016 at 12:00 PM, Emmanuel Lécharny wrote: > Le 28/01/16 15:46, Sherman Lilly a écrit : > > How to do I do that? > > Assuming that you have a backup of your database content in a LDIF > format, just delete the existing data from your disk ( root>/instance//partitions/) > > Typically, on my linux box : > > /opt/apacheds-2.0.0-M22-SNAPSHOT/instances/default/partitions/example : > [root@brie example]# ll > total 620 > -rw-r--r--. 1 root root 0 Jan 27 15:55 0.9.2342.19200300.100.1.1.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 0.9.2342.19200300.100.1.1.lg > -rw-r--r--. 1 root root 222 Jan 27 15:55 > 0.9.2342.19200300.100.1.1-uid.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 0.9.2342.19200300.100.1.25.db > -rw-r--r--. 1 root root 257 Jan 27 15:55 > 0.9.2342.19200300.100.1.25-dc.txt > -rw-r--r--. 1 root root 41362 Jan 27 15:55 0.9.2342.19200300.100.1.25.lg > -rw-r--r--. 1 root root 273 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.3-apachePresence.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3.lg > -rw-r--r--. 1 root root 264 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.50-apacheRdn.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50.lg > -rw-r--r--. 1 root root 211 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.5-apacheOneAlias.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5.lg > -rw-r--r--. 1 root root 208 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.6-apacheSubAlias.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.6.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55
Re: DHCP using Apache directory server
I haven't installed any relevant data that is important. So deleting the database is not important but how do I start a new and make that modification to the dhcp schema and the server startup properly. Since it wasn't working I did load any data yet. This is just to see if I can get it to work with DHCP lookup. On Jan 28, 2016 12:00 PM, "Emmanuel Lécharny"wrote: > Le 28/01/16 15:46, Sherman Lilly a écrit : > > How to do I do that? > > Assuming that you have a backup of your database content in a LDIF > format, just delete the existing data from your disk ( root>/instance//partitions/) > > Typically, on my linux box : > > /opt/apacheds-2.0.0-M22-SNAPSHOT/instances/default/partitions/example : > [root@brie example]# ll > total 620 > -rw-r--r--. 1 root root 0 Jan 27 15:55 0.9.2342.19200300.100.1.1.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 0.9.2342.19200300.100.1.1.lg > -rw-r--r--. 1 root root 222 Jan 27 15:55 > 0.9.2342.19200300.100.1.1-uid.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 0.9.2342.19200300.100.1.25.db > -rw-r--r--. 1 root root 257 Jan 27 15:55 > 0.9.2342.19200300.100.1.25-dc.txt > -rw-r--r--. 1 root root 41362 Jan 27 15:55 0.9.2342.19200300.100.1.25.lg > -rw-r--r--. 1 root root 273 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.3-apachePresence.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.3.lg > -rw-r--r--. 1 root root 264 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.50-apacheRdn.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.50.lg > -rw-r--r--. 1 root root 211 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.5-apacheOneAlias.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.5.lg > -rw-r--r--. 1 root root 208 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.6-apacheSubAlias.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.6.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.6.lg > -rw-r--r--. 1 root root 204 Jan 27 15:55 > 1.3.6.1.4.1.18060.0.4.1.2.7-apacheAlias.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.7.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.18060.0.4.1.2.7.lg > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.4203.666.1.7.db > -rw-r--r--. 1 root root 246 Jan 27 15:55 > 1.3.6.1.4.1.4203.666.1.7-entryCSN.txt > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.4203.666.1.7.lg > -rw-r--r--. 1 root root 0 Jan 27 15:55 1.3.6.1.4.1.5322.10.1.1.db > -rw-r--r--. 1 root root 215 Jan 27 15:55 > 1.3.6.1.4.1.5322.10.1.1-krb5PrincipalName.txt > -rw-r--r--. 1 root root 41362 Jan 27 15:55 1.3.6.1.4.1.5322.10.1.1.lg > -rw-r--r--. 1 root root 148 Jan 27 15:55 2.5.18.5-administrativeRole.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 2.5.18.5.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 2.5.18.5.lg > -rw-r--r--. 1 root root 0 Jan 27 15:55 2.5.4.0.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 2.5.4.0.lg > -rw-r--r--. 1 root root 184 Jan 27 15:55 2.5.4.0-objectClass.txt > -rw-r--r--. 1 root root 0 Jan 27 15:55 2.5.4.11.db > -rw-r--r--. 1 root root 41362 Jan 27 15:55 2.5.4.11.lg > -rw-r--r--. 1 root root 257 Jan 27 15:55 2.5.4.11-ou.txt > -rw-r--r--. 1 root root 40960 Jan 27 15:55 master.db > -rw-r--r--. 1 root root 8 Jan 27 15:55 master.lg > > > Just get rid of all that. They will be recreated when you inject the > LDIF that contains your data. > > >
Password policy
Hi, I'd like to enforce some rules for password values (such as use of at least 2 capitals, 1 number, 1 symbol, etc). Is it possible to do this with configuration in the server? I've seen the password policy view in Apache Directory Studio but it doesn't have anything like that. If it's not configurable out of the box, is there maybe an API that one could use to write a custom "plugin" class that would be invoked whenever an attempt to change the userPassword attribute's value is made? Thank you!
Re: DHCP using Apache directory server
Le 28/01/16 14:50, Sherman Lilly a écrit : > Adding the above ldif resulted in the server not able to start. Running > server in console mode shows this error. > > ERR_134 Cannot deserialize the entry : ERR_04269 ATTRIBUTE_TYPE for OID > 2.16.840.1.113719.1.203.4.19 does not exist! Yes, you need to celanup the server and reinject the full entries, because the schema has changed and it impacts the existing entries.
Re: DHCP using Apache directory server
How to do I do that? On Thu, Jan 28, 2016 at 9:33 AM, Emmanuel Lécharnywrote: > Le 28/01/16 14:50, Sherman Lilly a écrit : > > Adding the above ldif resulted in the server not able to start. Running > > server in console mode shows this error. > > > > ERR_134 Cannot deserialize the entry : ERR_04269 ATTRIBUTE_TYPE for OID > > 2.16.840.1.113719.1.203.4.19 does not exist! > > Yes, you need to celanup the server and reinject the full entries, > because the schema has changed and it impacts the existing entries. > >
Re: DHCP using Apache directory server
Adding the above ldif resulted in the server not able to start. Running server in console mode shows this error. ERR_134 Cannot deserialize the entry : ERR_04269 ATTRIBUTE_TYPE for OID 2.16.840.1.113719.1.203.4.19 does not exist! On Tue, Jan 26, 2016 at 5:38 PM, Stefan Seelmannwrote: > On 01/26/2016 07:56 PM, Sherman Lilly wrote: > > Can I fix the schema in my current version 2.0.0? If so how do I do this? > > Yes, you can change the syntax of dhcpOption attribute, e.g. you can > apply the following LDIF: > > dn: m-oid=2.16.840.1.113719.1.203.4.7, > ou=attributeTypes,cn=dhcp,ou=schema > changetype: modify > replace: m-syntax > m-syntax: 1.3.6.1.4.1.1466.115.121.1.26 > - > > Afterwards you need to restart the server. > > HTH, > Stefan > >