Re: Ldap API Custom Controls

2017-12-05 Thread Emmanuel Lécharny 


Le 04/12/2017 à 19:19, Chris Pike a écrit :
> Emmanuel,
> 
> We have created a pull request
> 
> https://github.com/apache/directory-ldap-api/pull/1
> 
> Let us know if anything needs changed.

Thanks !

I'll have a look today.


-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-12-04 Thread Chris Pike 
Emmanuel,

We have created a pull request

https://github.com/apache/directory-ldap-api/pull/1

Let us know if anything needs changed.

Thanks,

~Chris P.


- Original Message -
From: "Emmanuel Lécharny" <elecha...@gmail.com>
To: "Chris Pike" <clp...@psu.edu>, "api" <api@directory.apache.org>, 
"elecharny" <elecha...@apache.org>
Sent: Tuesday, November 28, 2017 5:54:39 PM
Subject: Re: Ldap API Custom Controls

Hi Chris,

do you need any more information to get the code pushed ?


Many thanks !



Le 05/10/2017 à 21:18, Chris Pike a écrit :
> Emmanuel,
>
> We got this working. Is there a git repo for the directory api, or do we have 
> to use subversion to provide the code back?
>
> Thanks,
>
> ~Chris Pike
>
>
>
>
> - Original Message -
> From: "Emmanuel Lecharny" <elecha...@apache.org>
> To: "api" <api@directory.apache.org>
> Sent: Monday, September 11, 2017 6:57:38 PM
> Subject: Re: Ldap API Custom Controls
>
> The control value (3003020101) is a PDU which has teh following meaning :
>
> 0x30 0x03 : SEQ length 3
>   0x02 0x01 0x01 : INTEGER length 1 value 1
>
> So you have sent a correct Control, but the OID has changed :
> 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
> Windows 2012) and the OID you are using is a new one
> (1.2.840.113556.1.4.2239).
>
> I can only bet that the OID is not understood by the Windows machine you
> are talking to.
>
>
> On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:
>
>> Thanks Shawn, I was going to ask that.  But I got wireshark working.
>> Below is the packet I'm assuming we want to see.  In concept it looks
>> correct, but i'm not sure what the controlValue is suppose to be on the
>> wire.
>>
>> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
>> interface 0
>> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
>> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
>> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>>
>> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
>> Ack: 46, Len: 229
>> Lightweight Directory Access Protocol
>> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local"
>> messageID: 7
>> protocolOp: modifyRequest (6)
>> modifyRequest
>> object: cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local
>> modification: 1 item
>> [Response In: 10]
>> controls: 1 item
>> Control
>> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
>> USA.113556.1.4.2239)
>> criticality: True
>> controlValue: 3003020101
>>
>> Thanks.
>> Craig Benner
>>
>> - Original Message -
>> From: "Shawn McKinney" <smckin...@apache.org>
>> To: "api" <api@directory.apache.org>
>> Sent: Friday, September 8, 2017 9:58:56 AM
>> Subject: Re: Ldap API Custom Controls
>>
>>> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:
>>>
>>> It will take some changes to get a wireshark capture, since Password's
>> can only be managed over a secure connection.  Hopefully tomorrow I can get
>> you the wireshark capture
>>
>> Wonder if it would be easier to just enable the API logger containing the
>> BER request/response traces?  That’s typically how I debug.  Saves the
>> trouble of setting up wireshark.
>>
>> > additivity="false">
>> 
>> 
>> 
>>
>
>

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-11-28 Thread Emmanuel Lécharny 
Hi Chris,

do you need any more information to get the code pushed ?


Many thanks !



Le 05/10/2017 à 21:18, Chris Pike a écrit :
> Emmanuel,
>
> We got this working. Is there a git repo for the directory api, or do we have 
> to use subversion to provide the code back?
>
> Thanks,
>
> ~Chris Pike
>
>
>
>
> - Original Message -
> From: "Emmanuel Lecharny" <elecha...@apache.org>
> To: "api" <api@directory.apache.org>
> Sent: Monday, September 11, 2017 6:57:38 PM
> Subject: Re: Ldap API Custom Controls
>
> The control value (3003020101) is a PDU which has teh following meaning :
>
> 0x30 0x03 : SEQ length 3
>   0x02 0x01 0x01 : INTEGER length 1 value 1
>
> So you have sent a correct Control, but the OID has changed :
> 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
> Windows 2012) and the OID you are using is a new one
> (1.2.840.113556.1.4.2239).
>
> I can only bet that the OID is not understood by the Windows machine you
> are talking to.
>
>
> On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:
>
>> Thanks Shawn, I was going to ask that.  But I got wireshark working.
>> Below is the packet I'm assuming we want to see.  In concept it looks
>> correct, but i'm not sure what the controlValue is suppose to be on the
>> wire.
>>
>> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
>> interface 0
>> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
>> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
>> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>>
>> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
>> Ack: 46, Len: 229
>> Lightweight Directory Access Protocol
>> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local"
>> messageID: 7
>> protocolOp: modifyRequest (6)
>> modifyRequest
>> object: cn=model_ouadmin,ou=PSU-OU-
>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>> Administration,dc=develop,dc=local
>> modification: 1 item
>> [Response In: 10]
>> controls: 1 item
>> Control
>> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
>> USA.113556.1.4.2239)
>> criticality: True
>> controlValue: 3003020101
>>
>> Thanks.
>> Craig Benner
>>
>> - Original Message -
>> From: "Shawn McKinney" <smckin...@apache.org>
>> To: "api" <api@directory.apache.org>
>> Sent: Friday, September 8, 2017 9:58:56 AM
>> Subject: Re: Ldap API Custom Controls
>>
>>> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:
>>>
>>> It will take some changes to get a wireshark capture, since Password's
>> can only be managed over a secure connection.  Hopefully tomorrow I can get
>> you the wireshark capture
>>
>> Wonder if it would be easier to just enable the API logger containing the
>> BER request/response traces?  That’s typically how I debug.  Saves the
>> trouble of setting up wireshark.
>>
>> > additivity="false">
>> 
>> 
>> 
>>
>
>

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-10-05 Thread Stefan Seelmann 
On 10/05/2017 10:08 PM, Emmanuel Lécharny wrote:
> 
> 
> Le 05/10/2017 à 21:18, Chris Pike a écrit :
>> Emmanuel,
>>
>> We got this working. Is there a git repo for the directory api, or do we 
>> have to use subversion to provide the code back?
> 
> The API is in GIT now !
> 
> https://gitbox.apache.org/repos/asf?p=directory-ldap-api.git;a=summary
> 
> You can also use Github :
> 
> https://github.com/apache/directory-shared

Well, that's the old svn mirrored github repo.

I think the new gitbox mirrored one is
https://github.com/apache/directory-ldap-api

Once the other repos are migrated to git we need to request cleanup of
the github repos...

Re: Ldap API Custom Controls

2017-10-05 Thread Chris Pike 
Emmanuel,

We got this working. Is there a git repo for the directory api, or do we have 
to use subversion to provide the code back?

Thanks,

~Chris Pike




- Original Message -
From: "Emmanuel Lecharny" <elecha...@apache.org>
To: "api" <api@directory.apache.org>
Sent: Monday, September 11, 2017 6:57:38 PM
Subject: Re: Ldap API Custom Controls

The control value (3003020101) is a PDU which has teh following meaning :

0x30 0x03 : SEQ length 3
  0x02 0x01 0x01 : INTEGER length 1 value 1

So you have sent a correct Control, but the OID has changed :
1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
Windows 2012) and the OID you are using is a new one
(1.2.840.113556.1.4.2239).

I can only bet that the OID is not understood by the Windows machine you
are talking to.


On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:

> Thanks Shawn, I was going to ask that.  But I got wireshark working.
> Below is the packet I'm assuming we want to see.  In concept it looks
> correct, but i'm not sure what the controlValue is suppose to be on the
> wire.
>
> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
> interface 0
> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>
> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
> Ack: 46, Len: 229
> Lightweight Directory Access Protocol
> LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
> Administration,dc=develop,dc=local"
> messageID: 7
> protocolOp: modifyRequest (6)
> modifyRequest
> object: cn=model_ouadmin,ou=PSU-OU-
> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
> Administration,dc=develop,dc=local
> modification: 1 item
> [Response In: 10]
> controls: 1 item
> Control
> controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
> USA.113556.1.4.2239)
> criticality: True
> controlValue: 3003020101
>
> Thanks.
> Craig Benner
>
> - Original Message -----
> From: "Shawn McKinney" <smckin...@apache.org>
> To: "api" <api@directory.apache.org>
> Sent: Friday, September 8, 2017 9:58:56 AM
> Subject: Re: Ldap API Custom Controls
>
> > On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:
> >
> > It will take some changes to get a wireshark capture, since Password's
> can only be managed over a secure connection.  Hopefully tomorrow I can get
> you the wireshark capture
>
> Wonder if it would be easier to just enable the API logger containing the
> BER request/response traces?  That’s typically how I debug.  Saves the
> trouble of setting up wireshark.
>
>  additivity="false">
> 
> 
> 
>



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Re: Ldap API Custom Controls

2017-09-11 Thread Radovan Semancik 

Hi,

According to my experience with AD this is very hard to diagnose. AD is 
using "unwilling to perform" as a generic error for almost anything. 
Sometimes there is a AD-specific error code in the error message and 
that is really worth checking out. Really. Try that. But apart from this 
there is no way how to diagnose that properly. There seems to be no 
reasonable logging facility on the AD server side. I'm looking for this 
for years and I have found nothing so far (Microsoft support is not able 
help much, I've tried many times). The documentation is not very clear.


The best method so far that I have found is to find a tool that can 
already use this control. Then use packet sniffer and compare the data 
from the tool that works with the data produced by your code. I mean 
real byte-by-byte comparison. The differences will usually point you to 
the things that are wrong.


--
Radovan Semancik
Software Architect
evolveum.com



On 09/08/2017 04:11 PM, CRAIG BENNER wrote:

Thanks Shawn, I was going to ask that.  But I got wireshark working.  Below is 
the packet I'm assuming we want to see.  In concept it looks correct, but i'm 
not sure what the controlValue is suppose to be on the wire.

Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on 
interface 0
Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst: PcsCompu_4b:a3:17 
(08:00:27:4b:a3:17)
Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11

Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45, Ack: 
46, Len: 229
Lightweight Directory Access Protocol
 LDAPMessage modifyRequest(7) 
"cn=model_ouadmin,ou=PSU-OU-Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-Administration,dc=develop,dc=local"
 messageID: 7
 protocolOp: modifyRequest (6)
 modifyRequest
 object: 
cn=model_ouadmin,ou=PSU-OU-Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-Administration,dc=develop,dc=local
 modification: 1 item
 [Response In: 10]
 controls: 1 item
 Control
 controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs, 
USA.113556.1.4.2239)
 criticality: True
 controlValue: 3003020101

Thanks.
Craig Benner

- Original Message -
From: "Shawn McKinney" <smckin...@apache.org>
To: "api" <api@directory.apache.org>
Sent: Friday, September 8, 2017 9:58:56 AM
Subject: Re: Ldap API Custom Controls


On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:

It will take some changes to get a wireshark capture, since Password's can only 
be managed over a secure connection.  Hopefully tomorrow I can get you the 
wireshark capture

Wonder if it would be easier to just enable the API logger containing the BER 
request/response traces?  That’s typically how I debug.  Saves the trouble of 
setting up wireshark.

Re: Ldap API Custom Controls

2017-09-08 Thread CRAIG BENNER 
Thanks Shawn, I was going to ask that.  But I got wireshark working.  Below is 
the packet I'm assuming we want to see.  In concept it looks correct, but i'm 
not sure what the controlValue is suppose to be on the wire.

Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on 
interface 0
Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst: PcsCompu_4b:a3:17 
(08:00:27:4b:a3:17)
Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11

Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45, Ack: 
46, Len: 229
Lightweight Directory Access Protocol
LDAPMessage modifyRequest(7) 
"cn=model_ouadmin,ou=PSU-OU-Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-Administration,dc=develop,dc=local"
messageID: 7
protocolOp: modifyRequest (6)
modifyRequest
object: 
cn=model_ouadmin,ou=PSU-OU-Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-Administration,dc=develop,dc=local
modification: 1 item
[Response In: 10]
controls: 1 item
Control
controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs, 
USA.113556.1.4.2239)
criticality: True
controlValue: 3003020101

Thanks. 
Craig Benner

- Original Message -
From: "Shawn McKinney" <smckin...@apache.org>
To: "api" <api@directory.apache.org>
Sent: Friday, September 8, 2017 9:58:56 AM
Subject: Re: Ldap API Custom Controls

> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.ben...@psu.edu> wrote:
> 
> It will take some changes to get a wireshark capture, since Password's can 
> only be managed over a secure connection.  Hopefully tomorrow I can get you 
> the wireshark capture

Wonder if it would be easier to just enable the API logger containing the BER 
request/response traces?  That’s typically how I debug.  Saves the trouble of 
setting up wireshark.

Re: Ldap API Custom Controls

2017-09-08 Thread Shawn McKinney 

> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER  wrote:
> 
> It will take some changes to get a wireshark capture, since Password's can 
> only be managed over a secure connection.  Hopefully tomorrow I can get you 
> the wireshark capture

Wonder if it would be easier to just enable the API logger containing the BER 
request/response traces?  That’s typically how I debug.  Saves the trouble of 
setting up wireshark.

Re: Ldap API Custom Controls

2017-09-07 Thread CRAIG BENNER 
I'm working with Chris.

We've tried both coding approaches for setting the control

//LdapServerPolicyHintsOid hints = new LdapServerPolicyHintsOidImpl();
//hints.setFlags(1);
//hints.setCritical(true);
//  modRequest.addControl(hints);

--or--
LdapServerPolicyHintsOidDecorator decCtrl = new 
LdapServerPolicyHintsOidDecorator(getReadableLdapConnection().getCodecService());
modRequest.addControl(decCtrl);

  ModifyResponse modResponse = 
getWriteableLdapConnection().modify(modRequest);


We are interacting with ActiveDirectory and we are using the ResetPassword 
logic (ModifyRequest Replace logic for uniCodePwd).  We are trying to add 
honoring of the Password History data by adding the control for policy hints 
documented on the first email Chris Sent.

It will take some changes to get a wireshark capture, since Password's can only 
be managed over a secure connection.  Hopefully tomorrow I can get you the 
wireshark capture


Thanks. 
Craig Benner

- Original Message -
From: "Emmanuel Lécharny" <elecha...@gmail.com>
To: api@directory.apache.org
Sent: Thursday, September 7, 2017 4:51:49 PM
Subject: Re: Ldap API Custom Controls

Le 07/09/2017 à 22:20, Chris Pike a écrit :
> So I added the controls, but they don't seem to be working. We are getting a 
> error code 53 (unwilling to preform) when we add the control to our request, 
> so assuming there is something wrong with the control, but don't know enough 
> about ldap or the library to know what. Any ideas on what to try or what 
> might be wrong?

We need more info to be able to understand what's wrong :
- a capture of the messages being exchanged (wireshark)
- the server you use
>
>
>
> - Original Message -
> From: "Chris Pike" <clp...@psu.edu>
> To: "api" <api@directory.apache.org>
> Sent: Monday, September 4, 2017 6:50:37 PM
> Subject: Re: Ldap API Custom Controls
>
> Thanks for the suggestions and code examples. I'll work on adding this new 
> control and let you know if I have any issues.
>
> ~Chris Pike
>
>
>
> - Original Message -
> From: "Emmanuel Lécharny" <elecha...@gmail.com>
> To: "api" <api@directory.apache.org>
> Sent: Monday, September 4, 2017 3:46:49 AM
> Subject: Re: Ldap API Custom Controls
>
> Le 04/09/2017 à 09:16, Radovan Semancik a écrit :
>> On 09/04/2017 09:02 AM, Emmanuel Lécharny wrote:
>>> Actually, the tricky part is the grammar, which is a state engine
>>> description.
>> Oh, that is usually not that difficult either. Most of those "custom"
>> controls are very simple. Just a couple of fields. Complex data
>> structures seem to be very rare. If you start with existing control
>> that is somehow similar it is not difficult to implement a new control.
> FTR, the code I provided yesterday night in one of my previous mail took
> me around 30 mins, all included. For a more complex control, like
> syncrepl, that would have takne a bit more time, mainly because you want
> to add unit tests to cover teh various cases.
>
> Now, I think that we should provide a bit of documentation about how to
> implement a control...
>

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-07 Thread Emmanuel Lécharny 


Le 07/09/2017 à 22:20, Chris Pike a écrit :
> So I added the controls, but they don't seem to be working. We are getting a 
> error code 53 (unwilling to preform) when we add the control to our request, 
> so assuming there is something wrong with the control, but don't know enough 
> about ldap or the library to know what. Any ideas on what to try or what 
> might be wrong?

We need more info to be able to understand what's wrong :
- a capture of the messages being exchanged (wireshark)
- the server you use
>
>
>
> - Original Message -
> From: "Chris Pike" <clp...@psu.edu>
> To: "api" <api@directory.apache.org>
> Sent: Monday, September 4, 2017 6:50:37 PM
> Subject: Re: Ldap API Custom Controls
>
> Thanks for the suggestions and code examples. I'll work on adding this new 
> control and let you know if I have any issues.
>
> ~Chris Pike
>
>
>
> - Original Message -
> From: "Emmanuel Lécharny" <elecha...@gmail.com>
> To: "api" <api@directory.apache.org>
> Sent: Monday, September 4, 2017 3:46:49 AM
> Subject: Re: Ldap API Custom Controls
>
> Le 04/09/2017 à 09:16, Radovan Semancik a écrit :
>> On 09/04/2017 09:02 AM, Emmanuel Lécharny wrote:
>>> Actually, the tricky part is the grammar, which is a state engine
>>> description.
>> Oh, that is usually not that difficult either. Most of those "custom"
>> controls are very simple. Just a couple of fields. Complex data
>> structures seem to be very rare. If you start with existing control
>> that is somehow similar it is not difficult to implement a new control.
> FTR, the code I provided yesterday night in one of my previous mail took
> me around 30 mins, all included. For a more complex control, like
> syncrepl, that would have takne a bit more time, mainly because you want
> to add unit tests to cover teh various cases.
>
> Now, I think that we should provide a bit of documentation about how to
> implement a control...
>

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-07 Thread Chris Pike 
Just to be clear, we get this error even if password is not a duplicate.


- Original Message -
From: "Chris Pike" <clp...@psu.edu>
To: "api" <api@directory.apache.org>
Sent: Thursday, September 7, 2017 4:20:58 PM
Subject: Re: Ldap API Custom Controls

So I added the controls, but they don't seem to be working. We are getting a 
error code 53 (unwilling to preform) when we add the control to our request, so 
assuming there is something wrong with the control, but don't know enough about 
ldap or the library to know what. Any ideas on what to try or what might be 
wrong?



- Original Message -
From: "Chris Pike" <clp...@psu.edu>
To: "api" <api@directory.apache.org>
Sent: Monday, September 4, 2017 6:50:37 PM
Subject: Re: Ldap API Custom Controls

Thanks for the suggestions and code examples. I'll work on adding this new 
control and let you know if I have any issues.

~Chris Pike



- Original Message -
From: "Emmanuel Lécharny" <elecha...@gmail.com>
To: "api" <api@directory.apache.org>
Sent: Monday, September 4, 2017 3:46:49 AM
Subject: Re: Ldap API Custom Controls

Le 04/09/2017 à 09:16, Radovan Semancik a écrit :
> On 09/04/2017 09:02 AM, Emmanuel Lécharny wrote:
>> Actually, the tricky part is the grammar, which is a state engine
>> description.
>
> Oh, that is usually not that difficult either. Most of those "custom"
> controls are very simple. Just a couple of fields. Complex data
> structures seem to be very rare. If you start with existing control
> that is somehow similar it is not difficult to implement a new control.

FTR, the code I provided yesterday night in one of my previous mail took
me around 30 mins, all included. For a more complex control, like
syncrepl, that would have takne a bit more time, mainly because you want
to add unit tests to cover teh various cases.

Now, I think that we should provide a bit of documentation about how to
implement a control...

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-07 Thread Chris Pike 
So I added the controls, but they don't seem to be working. We are getting a 
error code 53 (unwilling to preform) when we add the control to our request, so 
assuming there is something wrong with the control, but don't know enough about 
ldap or the library to know what. Any ideas on what to try or what might be 
wrong?



- Original Message -
From: "Chris Pike" <clp...@psu.edu>
To: "api" <api@directory.apache.org>
Sent: Monday, September 4, 2017 6:50:37 PM
Subject: Re: Ldap API Custom Controls

Thanks for the suggestions and code examples. I'll work on adding this new 
control and let you know if I have any issues.

~Chris Pike



- Original Message -
From: "Emmanuel Lécharny" <elecha...@gmail.com>
To: "api" <api@directory.apache.org>
Sent: Monday, September 4, 2017 3:46:49 AM
Subject: Re: Ldap API Custom Controls

Le 04/09/2017 à 09:16, Radovan Semancik a écrit :
> On 09/04/2017 09:02 AM, Emmanuel Lécharny wrote:
>> Actually, the tricky part is the grammar, which is a state engine
>> description.
>
> Oh, that is usually not that difficult either. Most of those "custom"
> controls are very simple. Just a couple of fields. Complex data
> structures seem to be very rare. If you start with existing control
> that is somehow similar it is not difficult to implement a new control.

FTR, the code I provided yesterday night in one of my previous mail took
me around 30 mins, all included. For a more complex control, like
syncrepl, that would have takne a bit more time, mainly because you want
to add unit tests to cover teh various cases.

Now, I think that we should provide a bit of documentation about how to
implement a control...

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-04 Thread Chris Pike 
Thanks for the suggestions and code examples. I'll work on adding this new 
control and let you know if I have any issues.

~Chris Pike



- Original Message -
From: "Emmanuel Lécharny" <elecha...@gmail.com>
To: "api" <api@directory.apache.org>
Sent: Monday, September 4, 2017 3:46:49 AM
Subject: Re: Ldap API Custom Controls

Le 04/09/2017 à 09:16, Radovan Semancik a écrit :
> On 09/04/2017 09:02 AM, Emmanuel Lécharny wrote:
>> Actually, the tricky part is the grammar, which is a state engine
>> description.
>
> Oh, that is usually not that difficult either. Most of those "custom"
> controls are very simple. Just a couple of fields. Complex data
> structures seem to be very rare. If you start with existing control
> that is somehow similar it is not difficult to implement a new control.

FTR, the code I provided yesterday night in one of my previous mail took
me around 30 mins, all included. For a more complex control, like
syncrepl, that would have takne a bit more time, mainly because you want
to add unit tests to cover teh various cases.

Now, I think that we should provide a bit of documentation about how to
implement a control...

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-04 Thread Radovan Semancik 

On 09/04/2017 09:02 AM, Emmanuel Lécharny wrote:

Actually, the tricky part is the grammar, which is a state engine
description.


Oh, that is usually not that difficult either. Most of those "custom" 
controls are very simple. Just a couple of fields. Complex data 
structures seem to be very rare. If you start with existing control that 
is somehow similar it is not difficult to implement a new control.


--
Radovan Semancik
Software Architect
evolveum.com

Re: Ldap API Custom Controls

2017-09-04 Thread Emmanuel Lécharny 


Le 04/09/2017 à 08:49, Radovan Semancik a écrit :
> Hi,
>
> I have implemented a couple of controls myself. Perhaps the best
> approach is to do it right in the Apache Directory API source code.
> And contribute it back, of course :-)
> Start from any existing control. E.g. you can have a look at my AD
> DirSync control
> (org.apache.directory.api.ldap.extras.controls.ad.AdDirSync). It is
> enough to have some basic idea how LDAP protocol works and how the API
> works. Most of the work is mostly copy There are 3-4 classes to
> create. It is not difficult to figure out.

Actually, the tricky part is the grammar, which is a state engine
description.

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-04 Thread Radovan Semancik 

Hi,

I have implemented a couple of controls myself. Perhaps the best 
approach is to do it right in the Apache Directory API source code. And 
contribute it back, of course :-)
Start from any existing control. E.g. you can have a look at my AD 
DirSync control 
(org.apache.directory.api.ldap.extras.controls.ad.AdDirSync). It is 
enough to have some basic idea how LDAP protocol works and how the API 
works. Most of the work is mostly copy There are 3-4 classes to 
create. It is not difficult to figure out.


--
Radovan Semancik
Software Architect
evolveum.com



On 09/03/2017 08:57 PM, Chris Pike wrote:

Trying to get Active Directory to honor password history when changing a 
password.

https://blogs.technet.microsoft.com/fieldcoding/2013/01/09/resetting-passwords-honoring-password-history-or-whats-happening-under-the-hood-when-changing-resetting-passwords/


- Original Message -
From: Emmanuel Lecharny <elecha...@apache.org>
To: api@directory.apache.org
Sent: Sun, 03 Sep 2017 14:38:26 -0400 (EDT)
Subject: Re: Ldap API Custom Controls

It's a bit tricky...

What control do you want to implement? Do you have a description ?

Le dim. 3 sept. 2017 à 15:58, Chris Pike <clp...@psu.edu> a écrit :


Hi,

I am trying to add a custom control. I started by creating a class that
implements "org.apache.directory.api.ldap.model.message.Control" and
passing an instance into my request. This didn't seem to work, I'm guessing
because the value for the control is not passed.

When looking at some of the other controls, I found a bunch of Decorator
and Factory classes in another package. Do I need to implement those types
of classes as well? If so, how do I register them? Is there a full example
of creating a custom control somewhere?

Thanks for any help you can provide.

~Chris Pike

Re: Ldap API Custom Controls

2017-09-03 Thread Emmanuel Lécharny 
    private static Grammar instance = new
LdapServerPolicyHintsOidGrammar();


    @SuppressWarnings("unchecked")
    private LdapServerPolicyHintsOidGrammar()
    {
    setName( LdapServerPolicyHintsOidGrammar.class.getName() );

    super.transitions = new
GrammarTransition[LdapServerPolicyHintsOidStates.END_STATE.ordinal()][256];

   
super.transitions[LdapServerPolicyHintsOidStates.START_STATE.ordinal()][UniversalTag.SEQUENCE.getValue()]
=
    new GrammarTransition(
    LdapServerPolicyHintsOidStates.START_STATE,
    LdapServerPolicyHintsOidStates.LSPHO_SEQUENCE_STATE,
    UniversalTag.SEQUENCE.getValue(),
    null );

   
super.transitions[LdapServerPolicyHintsOidStates.LSPHO_SEQUENCE_STATE.ordinal()][UniversalTag.INTEGER.getValue()]
=
    new GrammarTransition(
    LdapServerPolicyHintsOidStates.LSPHO_SEQUENCE_STATE,
    LdapServerPolicyHintsOidStates.LSPHO_FLAGS_STATE,
    UniversalTag.INTEGER.getValue(),
    new StoreFlags() );
    }


    /**
 * @return the singleton instance of the LdapServerPolicyHintsOidGrammar
 */
    public static Grammar getInstance()
    {
    return instance;
    }
}


- And the action used in the grammar to feed the Flags :


import org.apache.directory.api.asn1.actions.AbstractReadInteger;


/**
 * The action used to store the Flags value
 *
 */
public class StoreFlags extends
AbstractReadInteger
{

    /**
 * Instantiates a new Flags action.
 */
    public StoreFlags()
    {
    super( "LdapServerPolicyHintsOid Flags" );
    }


    /**
 * {@inheritDoc}
 */
    @Override
    protected void setIntegerValue( int value,
LdapServerPolicyHintsOidContainer lsphoContainer )
    {
    lsphoContainer.getDecorator().setFlags( value );
    }
}


That's all for the code, but you also eed to declare the new control in
the bundle or in the standalone API :


- in ExtrasBundleActivator :

    private void registerExtrasControls( LdapApiService codec )
    {
    ...


    ControlFactory
ldapServerPolicyHintsOidFactory = new LdapServerPolicyHintsOidFactory(
    codec );
    codec.registerControl( ldapServerPolicyHintsOidFactory );

    }


and to deregister it :

    private void unregisterExtrasControls( LdapApiService codec )
    {

            ...

   codec.unregisterControl( LdapServerPolicyHintsOid.OID );

    }


- in CodecFactoryUtil :


    public static void loadStockControls( Map<String, ControlFactory>
controlFactories, LdapApiService apiService )
    {
    ...

   
    ControlFactory
ldapServerPolicyHintsOidFactory = new LdapServerPolicyHintsOidFactory(
    apiService );
    controlFactories.put( ldapServerPolicyHintsOidFactory.getOid(),
ldapServerPolicyHintsOidFactory );
    LOG.info( "Registered pre-bundled control factory: {}",
ldapServerPolicyHintsOidFactory.getOid() );
    }


Ideally speaking, some unit test would be good to have, but I leave you
that as an exercise :-)


All this code is taken from the VLV request control, modifed to fit your
control. I think it should work pretty much pristine, typoes put aside.


Just let me know if it's fine for you, then we can push it in the API.



>
> - Original Message -
> From: Emmanuel Lecharny <elecha...@apache.org>
> To: api@directory.apache.org
> Sent: Sun, 03 Sep 2017 14:38:26 -0400 (EDT)
> Subject: Re: Ldap API Custom Controls
>
> It's a bit tricky...
>
> What control do you want to implement? Do you have a description ?
>
> Le dim. 3 sept. 2017 à 15:58, Chris Pike <clp...@psu.edu> a écrit :
>
>> Hi,
>>
>> I am trying to add a custom control. I started by creating a class that
>> implements "org.apache.directory.api.ldap.model.message.Control" and
>> passing an instance into my request. This didn't seem to work, I'm guessing
>> because the value for the control is not passed.
>>
>> When looking at some of the other controls, I found a bunch of Decorator
>> and Factory classes in another package. Do I need to implement those types
>> of classes as well? If so, how do I register them? Is there a full example
>> of creating a custom control somewhere?
>>
>> Thanks for any help you can provide.
>>
>> ~Chris Pike
>>

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Re: Ldap API Custom Controls

2017-09-03 Thread Emmanuel Lecharny 
It's a bit tricky...

What control do you want to implement? Do you have a description ?

Le dim. 3 sept. 2017 à 15:58, Chris Pike  a écrit :

> Hi,
>
> I am trying to add a custom control. I started by creating a class that
> implements "org.apache.directory.api.ldap.model.message.Control" and
> passing an instance into my request. This didn't seem to work, I'm guessing
> because the value for the control is not passed.
>
> When looking at some of the other controls, I found a bunch of Decorator
> and Factory classes in another package. Do I need to implement those types
> of classes as well? If so, how do I register them? Is there a full example
> of creating a custom control somewhere?
>
> Thanks for any help you can provide.
>
> ~Chris Pike
>
-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Ldap API Custom Controls

2017-09-03 Thread Chris Pike 
Hi,

I am trying to add a custom control. I started by creating a class that 
implements "org.apache.directory.api.ldap.model.message.Control" and passing an 
instance into my request. This didn't seem to work, I'm guessing because the 
value for the control is not passed.

When looking at some of the other controls, I found a bunch of Decorator and 
Factory classes in another package. Do I need to implement those types of 
classes as well? If so, how do I register them? Is there a full example of 
creating a custom control somewhere?

Thanks for any help you can provide.

~Chris Pike