On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <[email protected]>wrote:
> Can you try to call the DirectoryService sync() method before closing the
> server ? Data are flushed on disk every 15 secondes by defaultn that could
> explain why you don't get your data persisted (this is configured, and if
> you set the default value to 0, everything is flushed immediately, at the
> price of a slower server)
I set the sync time to 0. but still have the problem.
As I can see this entry is can be seen if I access it with
ServerEntry adminACLEntry =
this.directoryService.getAdminSession().lookup(adminACLEntrydn);
but for some reason it seems to be not working.
If I try to delete it, it gives a null pointer exception here.
(SubEntryInterceptor.java 599)
if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) )
{
SubtreeSpecification ss = subentryCache.removeSubentry(
name.toNormName() ).getSubtreeSpecification();
next.delete( opContext );
at this point subentryCache is empty.
thanks,
Amila.
>
> On 3/3/10 10:31 AM, Amila Suriarachchi wrote:
>
>> hi all,
>>
>> In our code we programatically add partitions to embeded Apache DS server
>> with the following code
>>
>> JdbmPartition partition = addNewPartition(tenant);
>>
>> try {
>> this.directoryService.addPartition(partition);
>> try {
>>
>> this.directoryService.getAdminSession().lookup(partition.getSuffixDn());
>> } catch (Exception e) {
>> LdapDN tenantdn = new
>> LdapDN(getTenantSuffix(tenant.getDomain()));
>> ServerEntry tenantEntry =
>> this.directoryService.newEntry(tenantdn);
>> tenantEntry.add("objectClass", "top", "organization",
>> "extensibleObject");
>> tenantEntry.add("o", tenant.getDomain());
>> tenantEntry.add("manager", "uid=" + tenant.getAdminName()
>> +
>> "," + partition.getSuffix());
>> tenantEntry.add("administrativeRole",
>> "accessControlSpecificArea");
>>
>> this.directoryService.getAdminSession().add(tenantEntry);
>>
>> addAdminACLEntry(tenant, partition.getSuffix());
>> addAdmin(tenant, partition.getSuffix());
>>
>> LdapDN usersdn = new LdapDN("ou=users," +
>> partition.getSuffixDn());
>> ServerEntry usersEntry =
>> this.directoryService.newEntry(usersdn);
>> usersEntry.add("objectClass", "organizationalUnit",
>> "top");
>> usersEntry.add("ou", "users");
>>
>> this.directoryService.getAdminSession().add(usersEntry);
>>
>> }
>> } catch (Exception e) {
>> throw new UserStoreException("Could not add the partition ",
>> e);
>> }
>> return tenant.getId();
>>
>> addAdminACLEntry method looks like this,
>>
>> private void addAdminACLEntry(Tenant tenant, String tenantSufix) throws
>> Exception {
>> //add the permission entry
>> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
>> tenantSufix);
>> ServerEntry adminACLEntry =
>> directoryService.newEntry(adminACLEntrydn);
>> adminACLEntry.add("objectClass", "accessControlSubentry",
>> "subentry", "top");
>> adminACLEntry.add("cn", "adminACLEntry");
>> adminACLEntry.add("prescriptiveACI", "{ identificationTag
>> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " +
>> "itemOrUserFirst userFirst: { userClasses { name { \"uid="
>> +
>> tenant.getAdminName() + "," + tenantSufix + "\" } }, " +
>> "userPermissions { { protectedItems { entry,
>> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse,
>> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename,
>> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove,
>> grantExport, grantDiscloseOnError } } } } }");
>> adminACLEntry.add("subtreeSpecification", "{ }");
>>
>> directoryService.getAdminSession().add(adminACLEntry);
>> }
>>
>> this adminACLEntry is used to give the access rights to admin user to
>> other
>> entries in the partition.
>>
>> Every thing works fine. i.e. when I log in as the partition admin user I
>> can
>> see the other entries of the partition.
>>
>> If I stop the Embeded server and start it then the newly added partition
>> is
>> not visible. This can be fixed by adding the partition again
>>
>> i.e.
>>
>> public void addPartitionToTenant(Tenant tenant) throws UserStoreException
>> {
>> try {
>> this.directoryService.addPartition(addNewPartition(tenant));
>> this.directoryService.sync();
>> } catch (Exception e) {
>> throw new UserStoreException("Can not add the new partition ",
>> e);
>> }
>> }
>>
>> but after this when I log in as the admin user I can't see the other
>> entries. However this entry is exists in the Adminsession.
>>
>> i.e
>> String tenantSufix = getTenantSuffix(tenant.getDomain());
>> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," +
>> tenantSufix);
>> ServerEntry adminACLEntry =
>> this.directoryService.getAdminSession().lookup(adminACLEntrydn);
>>
>> returns the correct an entry for adminACLEntry. however I can not delete
>> this entry and if I tried so it gives a null pointer exception.
>>
>> i.e.
>> at
>>
>> org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599)
>> at
>>
>> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>> at
>>
>> org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157)
>> at
>>
>> org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176)
>>
>> Does ApacheDS persists accessControlSubentries ?
>>
>> Do I have to set any other attribute in order to do so?
>>
>> thanks,
>> Amila.
>>
>>
>>
>>
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharny
> www.nextury.com
>
>
>
--
Amila Suriarachchi
WSO2 Inc.
blog: http://amilachinthaka.blogspot.com/
