Category Archives: apacheds

how to import schema to apache directory service docker image

I'm trying to setup Apache Directory Service as a docker image and pre-populate it with data from a ldif file.

Currently I was able to create the docker image and start the container. I was also able to copy the ldif file from my host onto the docker image. However I'm having trouble loading the data. Couple things I have tried:

  1. I tried to run the ldapmodify command:

    ldapmodify -h localhost -p 10389 -D <new distinguished name> -w secret -f /bootstrap/ads.ldif

But I'm getting the following error:

ldap_bind: Invalid credentials (49)
additional info: INVALID_CREDENTIALS: Bind failed: ERR_268 Cannot find a partition for ou=users,dc=corporate-idp,dc=com

This failed I think I need to configure the distinguished name into the system before I can import the ldif file. But I was not able to find any command which will do this.

  1. I also setup Apache Directory Service (http://directory.apache.org/studio/downloads.html) locally and imported the ldif file. But I'm not sure which directory contains the data for all the groups and users which I can use to mount into the docker image.

Any suggestions on how to set up Apache Directory Service and pre-populate with data from ldif file would be appreciated.

How do I get an LdapContext in an ApacheDS stored procedure?

I've successfully implemented a stored procedure for ApacheDS that allows me to access modifications to a given Entity. I've created an entryTriggerSpecification in the entity that successfully calls the stored procedure when the entry is changed. At this point, I want to be able to modify another entry from within the stored procedure. My expectation was that in the entryTriggerSpecification I should be able to use $ldapContext to get a LdapContext passed to my stored procedure. However, it's an instance of Entry rather than LdapContext that gets handed to the stored proc.

How do I actually interact with other entries in ApacheDS without trying to establish a new LdapConnection object?

Here's my entryTriggerSpecification:

AFTER Modify CALL "qualified.clazz.SPTest:someMethod" ( $modification, $ldapContext "ou=system" );

Here's my class:

package qualified.clazz;

import java.util.ArrayList;

import org.apache.directory.api.ldap.model.entry.Entry;
import org.apache.directory.api.ldap.model.entry.Modification;
import org.apache.directory.api.ldap.model.exception.LdapException;

public class SPTest{

    public static Integer someMethod(ArrayList<Modification> mods,
            Entry context)
 throws LdapException {
        System.out.println("entering qualified.clazz.SPTest.SomeMethod");
        System.out.println(context);
        System.out.println(context.getClass());

        return 0;
    }

}

If I change the context parameter from Entry to LdapContext, I get an error that the method can't be found.

Looking at the ApacheDS sources, AbstractStoredProcedureParameterInjector defines a MicroInjector called $ldapContextInjector that ultimately calls the lookup method on a Partition implementation, which returns an Entry. And following the code as best I can, there's not an obvious way that gets converted into anything usable as a context.

Eclipse Luna – Apache directory server – Creating partitions

I was trying to configure the apache directory server in my eclipse Luna.
I followed the tutorial https://mprabhat.me/2012/08/22/configuring-apache-directory-in-eclipse/ to create a new partition but I'm getting the following error:

INFO | jvm 1 | 2016/04/13 22:54:28 | [22:54:28] ERROR [org.apache.directory.server.core.schema.SchemaInterceptor] - ERR_55 Trying to remove an non-existant attribute: attributetype ( 1.3.6.1.4.1.18060.0.4.1.2.164 NAME 'ads-indexCacheSize' INFO | jvm 1 | 2016/04/13 22:54:28 | DESC 'The number of key we store in the cache for this index' INFO | jvm 1 | 2016/04/13 22:54:28 | EQUALITY integerMatch INFO | jvm 1 | 2016/04/13 22:54:28 | ORDERING integerOrderingMatch INFO | jvm 1 | 2016/04/13 22:54:28 | SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 INFO | jvm 1 | 2016/04/13 22:54:28 | SINGLE-VALUE INFO | jvm 1 | 2016/04/13 22:54:28 | USAGE userApplications )

Eclipse doesn't let me save the configuration and shows me a popup saying "Unable to save configuration - Changes could not be saved to the connection"

Someone can help me?

Thanks in advance!!

ApacheDS getting LdapOtherException:null after migrating from version 2.0.0-M20 to 2.0.0-M21

I just upgrade to ApacheDS-2.0.0-M21 due to security vulnerability issues. I've been trying to find any migration guide/considerations but not success so far. After migrating I started getting the folowing error:

******* Showing relevant part only ******  org.apache.directory.api.ldap.model.exception.LdapOtherException:null
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmTable#get|JdbmTable.java:371
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex#forwardLookup|JdbmIndex.java:360
org.apache.directory.server.core.partition.impl.btree.jdbm.JdbmIndex#forwardLookup|JdbmIndex.java:58
org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition#getEntryId|AbstractBTreePartition.java:2518
org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition#add|AbstractBTreePartition.java:684
org.apache.directory.server.core.DefaultDirectoryService#initializeSystemPartition|DefaultDirectoryService.java:1755
org.apache.directory.server.core.DefaultDirectoryService#initialize|DefaultDirectoryService.java:1815
org.apache.directory.server.core.DefaultDirectoryService#startup|DefaultDirectoryService.java:1250

ApacheDS Jira page doesn't show any known issue on this regard, but mention a pseudo migration tool "partition-plumber" that could be the solution.

Am I missing something?

Thanks in advance for your advice!

OpenLDAP client cannot connect to ApacheDS server using SSLv2?

I'm trying to connect to my Java application containing ApacheDS server with openLDAP client. Server is configured well, I've tested that using different clients (ldapbrowser, jxplorer). With openLDAP I'm able to connect to regular ldap port, but when I'm trying to connect to ldaps port or using TLS I have always the same message:

TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL3 alert read:fatal:unexpected_message
TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message.

And my application gives me an exception:

WARN [org.apache.directory.server.ldap.LdapProtocolHandler] - Unexpected exception forcing session to close: sending disconnect notice to client.

and after that:

 javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled

I was trying to force in java that sslv2 should be enabled but servers response is the same. I haven't seen in ApacheDS configuration option enabling SSLv2 (there is only SSLv3 and 3 TLS).

Is it possible that connect with tls OpenLDAP needs SSLv2 message? I can't find a way how to disable it. Or is it problem with Apache, that it doesn't recognize TLS handshake messages?

Do you have any idea, how to solve that?

Thanks!

OpenLdap – error in SSLv2/v3 read server hello A

I need to connect ApacheDS database using startTLS with OpenLDAP client. My ldaprc file contains:

URI ldap://127.0.0.1:7323 ldaps://127.0.0.1:7423
SSL start_tls
SASL_MECH plain
TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
TLS_REQCERT allow

Command that I've used is:

ldapsearch -H ldap://localhost:7323 -D "uid=admin,ou=system" -w secret -Z -d1

I've checked, my server is listening on these ports, I'm able to connect with other clients (e.g. ldapbrowser, jxplorer), but tests with OpenLdap fails:

...

ldap_connect_to_host: Trying 127.0.0.1:7323
ldap_pvt_connect: fd: 3 tm: -1 async: 0
ldap_open_defconn: successful
ldap_send_server_request
ber_scanf fmt ({it) ber:
ber_scanf fmt ({) ber:
ber_flush2: 31 bytes to sd 3
ldap_result ld 0x7f81d95282a0 msgid 1
wait4msg ld 0x7f81d95282a0 msgid 1 (infinite timeout)
wait4msg continue ld 0x7f81d95282a0 msgid 1 all 1
** ld 0x7f81d95282a0 Connections:
* host: 127.0.0.1 port: 7323 (default)
refcnt: 2 status: Connected
last used: Tue Dec 8 09:51:45 2015

** ld 0x7f81d95282a0 Outstanding Requests:
* msgid 1, origid 1, status InProgress
outstanding referrals 0, parent count 0
ld 0x7f81d95282a0 request count 1 (abandoned 0)
** ld 0x7f81d95282a0 Response Queue:
Empty
ld 0x7f81d95282a0 response count 0
ldap_chkResponseList ld 0x7f81d95282a0 msgid 1 all 1
ldap_chkResponseList returns ld 0x7f81d95282a0 NULL
ldap_int_select
read1msg: ld 0x7f81d95282a0 msgid 1 all 1
ber_get_next
ber_get_next: tag 0x30 len 38 contents:
read1msg: ld 0x7f81d95282a0 msgid 1 message type extended-result
ber_scanf fmt ({eAA) ber:
read1msg: ld 0x7f81d95282a0 0 new referrals
read1msg: mark request completed, ld 0x7f81d95282a0 msgid 1
request done: ld 0x7f81d95282a0 msgid 1
res_errno: 0, res_error: <>, res_matched: <>
ldap_free_request (origid 1, msgid 1)
ldap_parse_extended_result
ber_scanf fmt ({eAA) ber:
ber_scanf fmt (a) ber:
ber_scanf fmt (O) ber:
ldap_parse_result
ber_scanf fmt ({iAA) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (x) ber:
ber_scanf fmt (}) ber: ldap_msgfree
TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL3 alert read:fatal:unexpected_message TLS trace: SSL_connect:error in SSLv2/v3 read server hello A
TLS: can't connect: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message.
ldap_err2string
ldap_start_tls: Connect error (-11)
additional info: error:140773F2:SSLroutines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message

Any idea what I'm doing wrong or what I'm missing?

Apache DS Menu Contribution

I have inherited an Eclipse RCP application project recently. Unfortunately it has no documentation but basicly it is very similar to Apache Directory Studio (It uses Apache DS bundles and just provides some other functionalities about users defined in LDAP). So the question applies to Apache Directory Studio as well.

I need to contribute a menu item to existing LDAP menu, but I can't figure out its location URI. I have downloaded Apache DSv2.0.0 to inspect its source code and org.apache.directory.studio.ldapbrowser.ui/plugin.xml seems to have some menu actions defined with menu id org.apache.directory.studio.ldapbrowser.ldapMenu.

Then I defined the menu contribution like below but menu item did not show up.

<menuContribution
       locationURI="menu:org.apache.directory.studio.ldapbrowser.ldapMenu?after=additions">
        <command
              commandId="com.foo.FooHandler"
              id="com.foo.FooHandler"
              tooltip="dummy tooltip">
        </command>
</menuContribution>

I believe command definition is correct (handler class and command id) because same command is used in different menu contributions.

Is there any docs about how to add new menu items to LDAP menu? Or is there another way to find out menu ids?

How to add custom LDAP attribute type in Apache Directory Studio?

I create and user and set attributes of it. It works fine I can reach attributes from java code until here everything is great. Now I want to add some custom attributes to user that I created I tried to follow Apache DS Guide but in my DS 'New Attribute' button and all 'Schema Editor' things are disabled.

user that I created And when I try to add new attr Do you know any other way to create custom attributes ?

Thanks

Apached DS Password Policy Custom Validator configuration

I am trying to get Apache DS to use my Custom Validator.

I followed the answers from the following questions:

apacheds constraint violation password not part user name

Apacheds password pattern policy

But the only way I got Apache DS to use my custom validator was to unpack the apacheds-service-2.0.0-M19.jar and overwrite the DefaultPasswordValidator class with my own class. And then repackage the jar.

I have tried packaging the jar with my Custom Validator in both the org.apache.directory.server.core.api.authn.ppolicy package and my own custom package. But I could not get Apache DS to use my validator.

Can anyone provide any suggestions?

Thanks.