On Wed, Mar 3, 2010 at 4:33 PM, Ersin Er <[email protected]> wrote: > If the partition has not been appropriately initialized during startup, the > subentryCache may not have been filled up with existing subentries' > information. So trying to remove an non-existent entry from the cache can > result in NPE. > > However I am not sure as I do not know exactly which like is the 599th one. > > If I am correct you need to solve the problem of partition initialization > first. This may not be really directly related to Subentries or Access > Control Subsystem. >
if I create a partition programatically, does ApacheDS suppose to save the partition and make that available at the re start of the server? thanks, Amila. > > On Wed, Mar 3, 2010 at 12:03, Amila Suriarachchi < > [email protected]> wrote: > > > On Wed, Mar 3, 2010 at 3:12 PM, Emmanuel Lecharny <[email protected] > > >wrote: > > > > > Can you try to call the DirectoryService sync() method before closing > the > > > server ? Data are flushed on disk every 15 secondes by defaultn that > > could > > > explain why you don't get your data persisted (this is configured, and > if > > > you set the default value to 0, everything is flushed immediately, at > the > > > price of a slower server) > > > > > > I set the sync time to 0. but still have the problem. > > > > As I can see this entry is can be seen if I access it with > > > > ServerEntry adminACLEntry = > > this.directoryService.getAdminSession().lookup(adminACLEntrydn); > > > > but for some reason it seems to be not working. > > > > If I try to delete it, it gives a null pointer exception here. > > (SubEntryInterceptor.java 599) > > > > if ( objectClasses.contains( SchemaConstants.SUBENTRY_OC ) ) > > { > > SubtreeSpecification ss = subentryCache.removeSubentry( > > name.toNormName() ).getSubtreeSpecification(); > > next.delete( opContext ); > > > > at this point subentryCache is empty. > > > > thanks, > > Amila. > > > > > > > > > > > > On 3/3/10 10:31 AM, Amila Suriarachchi wrote: > > > > > >> hi all, > > >> > > >> In our code we programatically add partitions to embeded Apache DS > > server > > >> with the following code > > >> > > >> JdbmPartition partition = addNewPartition(tenant); > > >> > > >> try { > > >> this.directoryService.addPartition(partition); > > >> try { > > >> > > >> > this.directoryService.getAdminSession().lookup(partition.getSuffixDn()); > > >> } catch (Exception e) { > > >> LdapDN tenantdn = new > > >> LdapDN(getTenantSuffix(tenant.getDomain())); > > >> ServerEntry tenantEntry = > > >> this.directoryService.newEntry(tenantdn); > > >> tenantEntry.add("objectClass", "top", "organization", > > >> "extensibleObject"); > > >> tenantEntry.add("o", tenant.getDomain()); > > >> tenantEntry.add("manager", "uid=" + > > tenant.getAdminName() > > >> + > > >> "," + partition.getSuffix()); > > >> tenantEntry.add("administrativeRole", > > >> "accessControlSpecificArea"); > > >> > > >> > > this.directoryService.getAdminSession().add(tenantEntry); > > >> > > >> addAdminACLEntry(tenant, partition.getSuffix()); > > >> addAdmin(tenant, partition.getSuffix()); > > >> > > >> LdapDN usersdn = new LdapDN("ou=users," + > > >> partition.getSuffixDn()); > > >> ServerEntry usersEntry = > > >> this.directoryService.newEntry(usersdn); > > >> usersEntry.add("objectClass", "organizationalUnit", > > >> "top"); > > >> usersEntry.add("ou", "users"); > > >> > > >> > this.directoryService.getAdminSession().add(usersEntry); > > >> > > >> } > > >> } catch (Exception e) { > > >> throw new UserStoreException("Could not add the partition > ", > > >> e); > > >> } > > >> return tenant.getId(); > > >> > > >> addAdminACLEntry method looks like this, > > >> > > >> private void addAdminACLEntry(Tenant tenant, String tenantSufix) > throws > > >> Exception { > > >> //add the permission entry > > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," + > > >> tenantSufix); > > >> ServerEntry adminACLEntry = > > >> directoryService.newEntry(adminACLEntrydn); > > >> adminACLEntry.add("objectClass", "accessControlSubentry", > > >> "subentry", "top"); > > >> adminACLEntry.add("cn", "adminACLEntry"); > > >> adminACLEntry.add("prescriptiveACI", "{ identificationTag > > >> \"adminACLEntryTag\", precedence 1, authenticationLevel simple, " + > > >> "itemOrUserFirst userFirst: { userClasses { name { > > \"uid=" > > >> + > > >> tenant.getAdminName() + "," + tenantSufix + "\" } }, " + > > >> "userPermissions { { protectedItems { entry, > > >> allUserAttributeTypesAndValues }, grantsAndDenials { grantBrowse, > > >> grantFilterMatch, grantModify, grantAdd, grantCompare, grantRename, > > >> grantRead, grantReturnDN, grantImport, grantInvoke, grantRemove, > > >> grantExport, grantDiscloseOnError } } } } }"); > > >> adminACLEntry.add("subtreeSpecification", "{ }"); > > >> > > >> directoryService.getAdminSession().add(adminACLEntry); > > >> } > > >> > > >> this adminACLEntry is used to give the access rights to admin user to > > >> other > > >> entries in the partition. > > >> > > >> Every thing works fine. i.e. when I log in as the partition admin user > I > > >> can > > >> see the other entries of the partition. > > >> > > >> If I stop the Embeded server and start it then the newly added > partition > > >> is > > >> not visible. This can be fixed by adding the partition again > > >> > > >> i.e. > > >> > > >> public void addPartitionToTenant(Tenant tenant) throws > > UserStoreException > > >> { > > >> try { > > >> > this.directoryService.addPartition(addNewPartition(tenant)); > > >> this.directoryService.sync(); > > >> } catch (Exception e) { > > >> throw new UserStoreException("Can not add the new > partition > > ", > > >> e); > > >> } > > >> } > > >> > > >> but after this when I log in as the admin user I can't see the other > > >> entries. However this entry is exists in the Adminsession. > > >> > > >> i.e > > >> String tenantSufix = getTenantSuffix(tenant.getDomain()); > > >> LdapDN adminACLEntrydn = new LdapDN("cn=adminACLEntry," + > > >> tenantSufix); > > >> ServerEntry adminACLEntry = > > >> this.directoryService.getAdminSession().lookup(adminACLEntrydn); > > >> > > >> returns the correct an entry for adminACLEntry. however I can not > delete > > >> this entry and if I tried so it gives a null pointer exception. > > >> > > >> i.e. > > >> at > > >> > > >> > > > org.apache.directory.server.core.subtree.SubentryInterceptor.delete(SubentryInterceptor.java:599) > > >> at > > >> > > >> > > > org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176) > > >> at > > >> > > >> > > > org.apache.directory.server.core.schema.SchemaInterceptor.delete(SchemaInterceptor.java:2157) > > >> at > > >> > > >> > > > org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.delete(InterceptorChain.java:1176) > > >> > > >> Does ApacheDS persists accessControlSubentries ? > > >> > > >> Do I have to set any other attribute in order to do so? > > >> > > >> thanks, > > >> Amila. > > >> > > >> > > >> > > >> > > > > > > > > > -- > > > Regards, > > > Cordialement, > > > Emmanuel Lécharny > > > www.nextury.com > > > > > > > > > > > > > > > -- > > Amila Suriarachchi > > WSO2 Inc. > > blog: http://amilachinthaka.blogspot.com/ > > > > > > -- > Ersin ER > http://www.ersiner.net > -- Amila Suriarachchi WSO2 Inc. blog: http://amilachinthaka.blogspot.com/
