Hi, Chris:
I understand that JXplorer is a generic LDAP browser and aims at working
with all kind of LDAP servers. But ADD+DELETE is not equal to MOVE.
Operational attributes are going to be regenerated.
What I suggest is, to use ctx.rename() to modify dn as the default
method and try to catch the possible UNABLE_TO_PERFORM error from the
server. Then, LDAP systems like ours which support renaming of internal
nodes can get the correct behavior; for those systems which don't
support renaming, I think JXplorer should also prevent renaming from
happening and alert user by saying 'server does not allow this move
operation'. In any case, ADD+DELETE is giving the user an illusion that
the MOVE has been achieved, but actually the moved entry is not
identical to the original one anymore(operational attributes get
regenerated). Anyway, LDAP protocol defines this move operation and a
lot of more systems are supporting this anyway.
Please let me know if you find any missing points here.
Regards,
Li
Chris Betts wrote:
Hi Li,
so what is the fix you are suggesting?
- Chris
On 18/08/2005, at 12:10 PM, Li Yang wrote:
Hi, Chris:
Yes, these are necessary. But anyway, ADD followed by DELETE
approach will have problem with operational attributes which is
quite common across many directory servers and the added entry would
have these operational attributes regenerated. Either a fix inside
the JXplorer core is desirable, or, a pluggin framework is enabled
for the configurable implementaion of different behavior.
Thanks,
Li
Chris Betts wrote:
Hi Li,
Almost all 'move' operations in JXplorer that are implemented
as ADD followed by DELETE. The only 'move' operation that is done
as a RENAME is for a single leaf node that does not change its
parent. The reason is that many directories do not allow renaming
of internal nodes, while others don't allow renaming of parents.
We also need to be able to handle recursively copying sub trees,
and the code is simpler if the logic is the same for subtrees as
for leaf nodes, especially as we don't always know which we have...
If you want to look at the method, see
com.ca.commons.jndi.AdvancedOps, method recMoveTree(Name from,
Name to), which does the recursive move operation.
I don't really know enough about your system to advice on a
fix, but it sounds like you have attribute level access controls
which are causing a problem? Are these necessary?
cheers,
- Chris
P.S. In theory this behaviour could be made configurable, but it
would require a fairly in depth rewrite of some of the core code :-/.
On 18/08/2005, at 8:42 AM, Li Yang wrote:
Hi, Chris:
I'm not sure if this is a known issue with JXExplorer. We 'Drag
and Drop' a user from one group to another, but an LDAP error
happens saying "LDAP: error code 53 - You cannot add entries
containing authpasswords.". By checking the source code, when
achieving this 'Drag and Drop' moddn operation, the
implementation in JXExplorer involves ADD and then DELETE of the
entry.
Besides the error we had, this ADD+DELETE approach is going to be
tricky since all the user entry has operational attributes to
some degree.
I would appreciate if you can share with us the original design
concern around this approach and let me know any existing fix for
the problem we have now.
Thanks,
Li
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Jxplorer-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jxplorer-devel
