[jira] [Commented] (DIRKRB-237) Implement the parseOptions function in AddPrincipalExecutor

2015-05-04 Thread Lin Chen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-237?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14528012#comment-14528012
 ] 

Lin Chen commented on DIRKRB-237:
-

Hi Wei,
Thanks for your patch. It looks great. While it seems not based on the latest 
codes in the master branch. Please update first, thanks.

> Implement the parseOptions function in AddPrincipalExecutor
> ---
>
> Key: DIRKRB-237
> URL: https://issues.apache.org/jira/browse/DIRKRB-237
> Project: Directory Kerberos
>  Issue Type: New Feature
>Reporter: Jiajia Li
>Assignee: Wei Zhou
> Attachments: DIRKRB-237-V1.patch
>
>
> Implement the function parseOptions in {{AddPrincipalExecutor}}
> {code}
>private void parseOptions(String[] commands) {
> //TODO
> }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (DIRKRB-226) Enhance kadmin to supoort rename principal

2015-05-04 Thread Lin Chen (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRKRB-226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Lin Chen resolved DIRKRB-226.
-
Resolution: Fixed

Reviewed and committed! Thanks Wei for contribution!

commit 3a267261c7422f009289f143b838be5e76c733ff
Author: Lin 
Date:   Tue May 5 14:17:17 2015 +0800

DIRKRB-226 Enhance kadmin to supoort rename principal. Contributed by Wei

> Enhance kadmin to supoort rename principal
> --
>
> Key: DIRKRB-226
> URL: https://issues.apache.org/jira/browse/DIRKRB-226
> Project: Directory Kerberos
>  Issue Type: New Feature
>Reporter: Jiajia Li
>Assignee: Wei Zhou
> Attachments: DIRKRB-226-V1.patch, DIRKRB-226-V2.patch, 
> DIRKRB-226-V3.patch, DIRKRB-226-V4.patch
>
>
> Enhance kadmin tool to supoort rename principal



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRKRB-226) Enhance kadmin to supoort rename principal

2015-05-04 Thread Wei Zhou (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRKRB-226?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Wei Zhou updated DIRKRB-226:

Attachment: DIRKRB-226-V4.patch

Codes updated. Thanks!

> Enhance kadmin to supoort rename principal
> --
>
> Key: DIRKRB-226
> URL: https://issues.apache.org/jira/browse/DIRKRB-226
> Project: Directory Kerberos
>  Issue Type: New Feature
>Reporter: Jiajia Li
>Assignee: Wei Zhou
> Attachments: DIRKRB-226-V1.patch, DIRKRB-226-V2.patch, 
> DIRKRB-226-V3.patch, DIRKRB-226-V4.patch
>
>
> Enhance kadmin tool to supoort rename principal



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527837#comment-14527837
 ] 

Emmanuel Lecharny commented on DIRSERVER-2051:
--

That's fine !

anything you create under {{dc=kewilltransport,dc=com}} context entry  will be 
in the {{dc=kewilltransport,dc=com}} partition now that you have renamed it 
from {{dc=example,dc=com}}. 

> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527580#comment-14527580
 ] 

David Paulsen commented on DIRSERVER-2051:
--

OK, this is what I did and it seems to have worked:
(1) I started with the plain old default instance that gets created in install.
(2) Replace "dc=example" with "dc=kewilltransport" in the following files:
C:\apacheds\instances\default\conf\config.ldif_migrated (2 replacements)

C:\apacheds\instances\default\conf\ou=config\ads-directoryserviceid=default\ou=partitions\ads-partitionid=example.ldif
 (1 replacement)

C:\apacheds\instances\default\conf\ou=config\ads-directoryserviceid=default\ou=servers\ads-serverid=kerberosserver.ldif
 (1 replacement)
(2) Start server
(3) Add a context entry for "dc=kewilltransport,dc=com" as follows:
(a) Right click Root DSE and select "New->New Context Entry"
(b) Select "Create from scratch"
(c) Add Domain object class
(d) Enter "dc=kewilltransport,dc=com"
(e) Click Next, then Finish

Just to be sure, anything I create under the "dc=kewilltransport,dc=com" 
context entry will be in the example partition, correct?




> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRKRB-246) Fail to run GSSInteropTest

2015-05-04 Thread Kai Zheng (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-246?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527521#comment-14527521
 ] 

Kai Zheng commented on DIRKRB-246:
--

Thanks Jiajia for reporting this.

For the FileNotFoundException issue, I thought we could read and write a temp 
file, like it does for krb5.conf file. 
It's not clear to me what's the cause for the NPE issue, but I thought we could 
get FileNotFoundException issue fixed first then check it again.


> Fail to run GSSInteropTest
> --
>
> Key: DIRKRB-246
> URL: https://issues.apache.org/jira/browse/DIRKRB-246
> Project: Directory Kerberos
>  Issue Type: Bug
>Reporter: Jiajia Li
>
> Try to run GSSInteropTest.
> 1. When run in console, error as following:
> {code}
> Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.073 sec <<< 
> FAILURE! - in org.apache.kerby.kerberos.kerb.server.GSSInteropTest
> testKdc(org.apache.kerby.kerberos.kerb.server.GSSInteropTest)  Time elapsed: 
> 1.068 sec  <<< ERROR!
> java.security.PrivilegedActionException: null
> at 
> sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
> at 
> sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127)
> at 
> sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
> at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
> at 
> sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62)
> at 
> sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154)
> at 
> org.apache.kerby.kerberos.kerb.server.GSSInteropTest$KerberosServiceExceptionAction.run(GSSInteropTest.java:246)
> at 
> org.apache.kerby.kerberos.kerb.server.GSSInteropTest$KerberosServiceExceptionAction.run(GSSInteropTest.java:225)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.security.auth.Subject.doAs(Subject.java:422)
> at 
> org.apache.kerby.kerberos.kerb.server.GSSInteropTest.validateServiceTicket(GSSInteropTest.java:157)
> at 
> org.apache.kerby.kerberos.kerb.server.GSSInteropTest.testKdc(GSSInteropTest.java:139)
> {code}
> 2. when run in IDE:
> {code}
> java.io.FileNotFoundException: 
> /home/jiajia/devel/plusplusjiajia/directory-kerby/src/test/resources/krb5.conf
>  (No such file or directory)
>   at java.io.FileInputStream.open0(Native Method)
>   at java.io.FileInputStream.open(FileInputStream.java:195)
>   at java.io.FileInputStream.(FileInputStream.java:138)
>   at 
> org.apache.kerby.kerberos.kerb.server.GSSInteropTest.setUp(GSSInteropTest.java:93)
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527465#comment-14527465
 ] 

Emmanuel Lecharny commented on DIRSERVER-2051:
--

It has disapeared most certainly because you didn't upate the rootDSE 
NamingContext which contains a reference to {{dc=example,dc=org}}. Also be sure 
that the context entry associated with the renamed partition is created.

> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: $NON-NLS-1$ usage...

2015-05-04 Thread Emmanuel Lécharny 
Le 04/05/15 21:29, Stefan Seelmann a écrit :
> On 05/04/2015 09:18 PM, Emmanuel Lécharny wrote:
>> Le 04/05/15 19:30, Stefan Seelmann a écrit :
>>> On 05/04/2015 02:37 PM, Emmanuel Lécharny wrote:
 Hi guys,

 in Studio, we have thousands of "// $NON-NLS-1$" comments in Studio's
 code. Those comments were used to shut down some warnings in eclipse.
 This is now totally superflouous, as we already have ignored such a
 warning in the formatter we are using.

 I woudl suggest we remove all those comments in the code.

 Thoughts ?

>>> They have another meaning: They are marker of the "Externalize Strings"
>>> tool/wizard. So if we want to continue to support NLS I think usage of
>>> the tool and the markers are essential.
>> Ah, good to know.
>>
>> What about the markers that are after Strings that are already read from
>> Properties, like in :
>> toolkit.createLabel( serverIdComposite, Messages.getString(
>> "OpenLDAPOverviewPage.ServerID" ) ); //$NON-NLS-1$
>> ?
> Yes, because this "ID" should not be externalized again.
>
>
>> Also should I add it when I use a String ?
> In general yes. Either you add them manually. Or you just code and at
> some point you select right-click on a single file or package or the src
> whole project and choos "Source -> Externalize Strings..." and follow
> the wizard. There you can also choose "Ignore" for Strings not to
> externalize, it adds the $NON-NLS-X$ for you. I'd recommend to commit
> before doing this because the wizard handling is a bit uncommon.

Ok, will do that.

Thanks Stefan !

Re: [Studio] OpenLDAP plugin status

2015-05-04 Thread Emmanuel Lécharny 
Le 04/05/15 19:39, Stefan Seelmann a écrit :
> On 05/04/2015 11:14 AM, Emmanuel Lécharny wrote:
>> Hi guys,
>>
>> I have made some substencial changes in the OpenLDAP config plugins
>> those 3 last weeks. Here is the current status for this plugin :
>>
>> - I have added an overiew pages which exposes only the very basic
>> informations of a OpenLDAP server : databases, loaded overlays, logLevel
>> and a few other infos
>> - I have added a widget for the LogLevel configuration, which is much
>> better that what we add before
>> - I also have added many fields configuration in the Options page
>>
>> There is a lot that has to be done before this plugin can be considered
>> as production ready :
>> - First of all, the configuration 'save' does not currently work.
>> Probably just a bump on the road, I have to check that. Enough said that
>> it was woking 2 weeks ago, so one of my changes have broke it.
>> - I want to split the databases and options page in parts, with new pages :
>>   o a Config page which will contain all the specific config Database
>> parameters
>>   o a FrontEnd pagewhich will contain all the specific Frontend Database
>> parameters
>> - I also want to split the options page in many pages or sections (not
>> yet decided what's the best solution), with those sections :
>>   o Security
>>   o Tuning
>>   o Schema
>>   o PasswordPolicy
>> It's mainly about re-shuffling what we currently have in a more
>> user-friendly way.
>> - Move the literal Strings to the messages.properties files
>> - There are many configuraiton parameters that are not yet handled (just
>> because they weren't existing when the first version of the editor has
>> been designed)
>> - The help is not existing atm. It has to be added.
>>
>>
>> We won't support slapd.conf file in this version. Also the OpenLDAP
>> version that will be supported has to be recent (ie, 2.4.31 or newer).
>> ALl in all, that means we will support every OpenLDAP version that has
>> been released in teh past 4 years.
>>
>> I will create JIRAs for the missing parts or each part I want to work on
>> expect a load of JIRAs to be created ;-)
>>
>> All in all, I expect to have a very first version running quite soon,
>> and probably something that could be tested as soon as the 'save' action
>> will be fixed.
>>
>> That's it for the status, expect lots of change sin the comming days and
>> weeks !
>>
>> Thanks !
>>
> Thanks Emmanuel for the update.
>
> Next week I'd like to start to test the release process for Studio.
> Should we then include the OpenLDAP config plugin at all for the first
> release? And same question for the Template/Combinded entry editor
> plugins? I'd suggest to exclude them for the first release.

+1.

The idea is first to be able to produce a release, and installers,
document the process, then we can think about adding the new OpenLDAP
plugins.

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527233#comment-14527233
 ] 

David Paulsen commented on DIRSERVER-2051:
--

I did that and then the {{dc=example,dc=com}} partition disappears completely 
in Directory Studio. 

Is there any way I can get the a version of Directory Studio that works with 
M20? 



> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527177#comment-14527177
 ] 

Emmanuel Lecharny commented on DIRSERVER-2051:
--

You can. But you coudl also use the {{dc=example,dc=org}} partition which is 
probably more suited. You just have to rename every instance of dc=example in 
the various LDIF files.

> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: PMD

2015-05-04 Thread Emmanuel Lécharny 
Le 04/05/15 19:36, Stefan Seelmann a écrit :
> On 05/04/2015 02:30 PM, Emmanuel Lécharny wrote:
>> Le 03/05/15 18:18, Shawn McKinney a écrit :
>>> Do we have an ‘official’ project position on the use of PMD?  
>> No, but we can.
>>
>>> Is it employed within the others?  
>> It has been disabled for ApacheDS.
>>
>>> I am considering adding these checks to the fortress builds.
>> I think it's valuable to have it. The key is tunning PMD correctly,
>> otherwise you'll have potentially thousands of warnings. For instance,
>> in the LDAP API, we have 150 critical, 1901 major, 340 minor and 106
>> infos. For ApacheDS, it's even worse, with 172 critical, 2731 major, 808
>> minor and 97 info. Studio is the worst, with 273 critical, 3700 major,
>> 10892 minor and 456 infos. I teave to you imagine how long it would take
>> to get those fixed...
>>
>> Btw, we can ask for the various projects to be added to
>> analysis.apache.org. Here are the result for some of our current projects :
>>
>> ApacheDS : https://analysis.apache.org/dashboard/index/114786
>> LDAP API : https://analysis.apache.org/dashboard/index/123841
>> Studio   : https://analysis.apache.org/dashboard/index/118180
>>
> I think it is great to add such metrics from the beginning to new
> projects like Kerby. And let the build fail fast to keep quality high.


FTR, I have asked to add the Mavibot, Kerby and Fortress projects to
analysis.apache.org :

https://issues.apache.org/jira/browse/INFRA-9587

>
> For old projects it is hard to establish, especially if developers like
> me are lazy ;)

Well, we can establish it, but if we have to catch up with all the
errors and warning, we will do only that for the next 6 months ;-)


OTOH, this is the kind of stuff I *love* to do when my brain is running
slow : I feel I'm actually doing something instead of watching files
flying...

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14527123#comment-14527123
 ] 

David Paulsen commented on DIRSERVER-2051:
--

Could I use the default system partition instead of making my own. Is there any 
drawbacks/issues with doing that?



> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: $NON-NLS-1$ usage...

2015-05-04 Thread Stefan Seelmann 
On 05/04/2015 09:18 PM, Emmanuel Lécharny wrote:
> Le 04/05/15 19:30, Stefan Seelmann a écrit :
>> On 05/04/2015 02:37 PM, Emmanuel Lécharny wrote:
>>> Hi guys,
>>>
>>> in Studio, we have thousands of "// $NON-NLS-1$" comments in Studio's
>>> code. Those comments were used to shut down some warnings in eclipse.
>>> This is now totally superflouous, as we already have ignored such a
>>> warning in the formatter we are using.
>>>
>>> I woudl suggest we remove all those comments in the code.
>>>
>>> Thoughts ?
>>>
>> They have another meaning: They are marker of the "Externalize Strings"
>> tool/wizard. So if we want to continue to support NLS I think usage of
>> the tool and the markers are essential.
> Ah, good to know.
> 
> What about the markers that are after Strings that are already read from
> Properties, like in :
> toolkit.createLabel( serverIdComposite, Messages.getString(
> "OpenLDAPOverviewPage.ServerID" ) ); //$NON-NLS-1$
> ?

Yes, because this "ID" should not be externalized again.


> Also should I add it when I use a String ?

In general yes. Either you add them manually. Or you just code and at
some point you select right-click on a single file or package or the src
whole project and choos "Source -> Externalize Strings..." and follow
the wizard. There you can also choose "Ignore" for Strings not to
externalize, it adds the $NON-NLS-X$ for you. I'd recommend to commit
before doing this because the wizard handling is a bit uncommon.

Kind Regards,
Stefan

Re: $NON-NLS-1$ usage...

2015-05-04 Thread Emmanuel Lécharny 
Le 04/05/15 19:30, Stefan Seelmann a écrit :
> On 05/04/2015 02:37 PM, Emmanuel Lécharny wrote:
>> Hi guys,
>>
>> in Studio, we have thousands of "// $NON-NLS-1$" comments in Studio's
>> code. Those comments were used to shut down some warnings in eclipse.
>> This is now totally superflouous, as we already have ignored such a
>> warning in the formatter we are using.
>>
>> I woudl suggest we remove all those comments in the code.
>>
>> Thoughts ?
>>
> They have another meaning: They are marker of the "Externalize Strings"
> tool/wizard. So if we want to continue to support NLS I think usage of
> the tool and the markers are essential.
Ah, good to know.

What about the markers that are after Strings that are already read from
Properties, like in :
toolkit.createLabel( serverIdComposite, Messages.getString(
"OpenLDAPOverviewPage.ServerID" ) ); //$NON-NLS-1$
?

Also should I add it when I use a String ?

Thanks !

Re: [Studio] OpenLDAP plugin status

2015-05-04 Thread Stefan Seelmann 
On 05/04/2015 11:14 AM, Emmanuel Lécharny wrote:
> Hi guys,
> 
> I have made some substencial changes in the OpenLDAP config plugins
> those 3 last weeks. Here is the current status for this plugin :
> 
> - I have added an overiew pages which exposes only the very basic
> informations of a OpenLDAP server : databases, loaded overlays, logLevel
> and a few other infos
> - I have added a widget for the LogLevel configuration, which is much
> better that what we add before
> - I also have added many fields configuration in the Options page
> 
> There is a lot that has to be done before this plugin can be considered
> as production ready :
> - First of all, the configuration 'save' does not currently work.
> Probably just a bump on the road, I have to check that. Enough said that
> it was woking 2 weeks ago, so one of my changes have broke it.
> - I want to split the databases and options page in parts, with new pages :
>   o a Config page which will contain all the specific config Database
> parameters
>   o a FrontEnd pagewhich will contain all the specific Frontend Database
> parameters
> - I also want to split the options page in many pages or sections (not
> yet decided what's the best solution), with those sections :
>   o Security
>   o Tuning
>   o Schema
>   o PasswordPolicy
> It's mainly about re-shuffling what we currently have in a more
> user-friendly way.
> - Move the literal Strings to the messages.properties files
> - There are many configuraiton parameters that are not yet handled (just
> because they weren't existing when the first version of the editor has
> been designed)
> - The help is not existing atm. It has to be added.
> 
> 
> We won't support slapd.conf file in this version. Also the OpenLDAP
> version that will be supported has to be recent (ie, 2.4.31 or newer).
> ALl in all, that means we will support every OpenLDAP version that has
> been released in teh past 4 years.
> 
> I will create JIRAs for the missing parts or each part I want to work on
> expect a load of JIRAs to be created ;-)
> 
> All in all, I expect to have a very first version running quite soon,
> and probably something that could be tested as soon as the 'save' action
> will be fixed.
> 
> That's it for the status, expect lots of change sin the comming days and
> weeks !
> 
> Thanks !
> 

Thanks Emmanuel for the update.

Next week I'd like to start to test the release process for Studio.
Should we then include the OpenLDAP config plugin at all for the first
release? And same question for the Template/Combinded entry editor
plugins? I'd suggest to exclude them for the first release.

Kind Regards,
Stefan

Re: PMD

2015-05-04 Thread Stefan Seelmann 
On 05/04/2015 02:30 PM, Emmanuel Lécharny wrote:
> Le 03/05/15 18:18, Shawn McKinney a écrit :
>> Do we have an ‘official’ project position on the use of PMD?  
> 
> No, but we can.
> 
>> Is it employed within the others?  
> It has been disabled for ApacheDS.
> 
>> I am considering adding these checks to the fortress builds.
> 
> I think it's valuable to have it. The key is tunning PMD correctly,
> otherwise you'll have potentially thousands of warnings. For instance,
> in the LDAP API, we have 150 critical, 1901 major, 340 minor and 106
> infos. For ApacheDS, it's even worse, with 172 critical, 2731 major, 808
> minor and 97 info. Studio is the worst, with 273 critical, 3700 major,
> 10892 minor and 456 infos. I teave to you imagine how long it would take
> to get those fixed...
> 
> Btw, we can ask for the various projects to be added to
> analysis.apache.org. Here are the result for some of our current projects :
> 
> ApacheDS : https://analysis.apache.org/dashboard/index/114786
> LDAP API : https://analysis.apache.org/dashboard/index/123841
> Studio   : https://analysis.apache.org/dashboard/index/118180
> 

I think it is great to add such metrics from the beginning to new
projects like Kerby. And let the build fail fast to keep quality high.

For old projects it is hard to establish, especially if developers like
me are lazy ;)

Kind Regards,
Stefan

Re: $NON-NLS-1$ usage...

2015-05-04 Thread Stefan Seelmann 
On 05/04/2015 02:37 PM, Emmanuel Lécharny wrote:
> Hi guys,
> 
> in Studio, we have thousands of "// $NON-NLS-1$" comments in Studio's
> code. Those comments were used to shut down some warnings in eclipse.
> This is now totally superflouous, as we already have ignored such a
> warning in the formatter we are using.
> 
> I woudl suggest we remove all those comments in the code.
> 
> Thoughts ?
> 

They have another meaning: They are marker of the "Externalize Strings"
tool/wizard. So if we want to continue to support NLS I think usage of
the tool and the markers are essential.

Kind Regards,
Stefan

[jira] [Updated] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Paulsen updated DIRSERVER-2051:
-
Attachment: TMSInstance.zip

I've attached my M19 instance so you can translate it to M20. It's just the 
default instance with an empty partition called "Kewill Transport" added to it.



> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
> Attachments: TMSInstance.zip
>
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread Kiran Ayyagari (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526761#comment-14526761
 ] 

Kiran Ayyagari commented on DIRSERVER-2051:
---

bq. Is there any other lDAP tool or some command line tool to create partitions?
No, none exist at the moment.

> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526721#comment-14526721
 ] 

David Paulsen commented on DIRSERVER-2051:
--

Is there any other lDAP tool or some command line tool to create partitions?



> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRKRB-226) Enhance kadmin to supoort rename principal

2015-05-04 Thread Lin Chen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRKRB-226?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526630#comment-14526630
 ] 

Lin Chen commented on DIRKRB-226:
-

Hi Wei,
I am sorry for the misunderstanding for the questions 1. My meaning is to 
refine 
{code}
if (...) {

}
else {
...
}
{code}
to 
{code}
if (...) {

} else {
...
}
{code}
Yes your codes in v3 are more laconic while they can not pass the PMD checks. 
Would you please update it? Sorry for misunderstanding once again.

> Enhance kadmin to supoort rename principal
> --
>
> Key: DIRKRB-226
> URL: https://issues.apache.org/jira/browse/DIRKRB-226
> Project: Directory Kerberos
>  Issue Type: New Feature
>Reporter: Jiajia Li
>Assignee: Wei Zhou
> Attachments: DIRKRB-226-V1.patch, DIRKRB-226-V2.patch, 
> DIRKRB-226-V3.patch
>
>
> Enhance kadmin tool to supoort rename principal



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526625#comment-14526625
 ] 

Emmanuel Lecharny commented on DIRSERVER-2051:
--

(1) no schedule for the moment.
(2) The configuration is in LDIF format, so any editor would work, but that 
would be quite painful. I can check your current (M19) config and translate it 
to M20 if needed.

> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526618#comment-14526618
 ] 

David Paulsen commented on DIRSERVER-2051:
--

OK, a couple questions:
(1) Do you know when a the fixed version of Directory Studio will be released?
(2) What other tool could I use to create a partition with M20?



> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526604#comment-14526604
 ] 

Emmanuel Lecharny commented on DIRSERVER-2051:
--

Ah, sadly, the version of Studio you are using will not be compatible with the 
latest ApacheDS version. 

We have fixed that in Studio, but we have not yet produce any package...

> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials

2015-05-04 Thread David Paulsen (JIRA) 

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14526597#comment-14526597
 ] 

David Paulsen commented on DIRSERVER-2051:
--

Thanks!

I ran in to a problem trying to create a partition using Directory Studio 
version  2.0.0.v20130628. Steps:
(1) Install M20(on a Windows 7 laptop) and start the service.
(2) Start Directory Studio and create a connection configuration.
(3) Right click on my new connection configuration and choose Open 
Configuration. I get this error:
org.apache.directory.api.ldap.model.exception.LdapNoSuchAttributeException: 
ERR_04269 ATTRIBUTE_TYPE for OID ads-basedn does not exist!
at 
org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:293)
at 
org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:47)
at 
org.apache.directory.api.ldap.schemamanager.impl.DefaultSchemaManager.lookupAttributeTypeRegistry(DefaultSchemaManager.java:1604)
at 
org.apache.directory.api.ldap.model.entry.DefaultEntry.(DefaultEntry.java:311)
at 
org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.readConfiguration(LoadConfigurationRunnable.java:359)
at 
org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.getConfiguration(LoadConfigurationRunnable.java:182)
at 
org.apache.directory.studio.apacheds.configuration.v2.jobs.LoadConfigurationRunnable.run(LoadConfigurationRunnable.java:127)
at 
org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:83)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54)
Caused by: org.apache.directory.api.ldap.model.exception.LdapException: 
ERR_04269 ATTRIBUTE_TYPE for OID ads-basedn does not exist!
at 
org.apache.directory.api.ldap.model.schema.registries.DefaultSchemaObjectRegistry.lookup(DefaultSchemaObjectRegistry.java:176)
at 
org.apache.directory.api.ldap.model.schema.registries.DefaultAttributeTypeRegistry.lookup(DefaultAttributeTypeRegistry.java:289)
... 8 more



> Getting Password Expired Instead of Invalid Credentials
> ---
>
> Key: DIRSERVER-2051
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
> Project: Directory ApacheDS
>  Issue Type: Bug
>Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

$NON-NLS-1$ usage...

2015-05-04 Thread Emmanuel Lécharny 
Hi guys,

in Studio, we have thousands of "// $NON-NLS-1$" comments in Studio's
code. Those comments were used to shut down some warnings in eclipse.
This is now totally superflouous, as we already have ignored such a
warning in the formatter we are using.

I woudl suggest we remove all those comments in the code.

Thoughts ?

Re: PMD

2015-05-04 Thread Emmanuel Lécharny 
Le 03/05/15 18:18, Shawn McKinney a écrit :
> Do we have an ‘official’ project position on the use of PMD?  

No, but we can.

> Is it employed within the others?  
It has been disabled for ApacheDS.

> I am considering adding these checks to the fortress builds.

I think it's valuable to have it. The key is tunning PMD correctly,
otherwise you'll have potentially thousands of warnings. For instance,
in the LDAP API, we have 150 critical, 1901 major, 340 minor and 106
infos. For ApacheDS, it's even worse, with 172 critical, 2731 major, 808
minor and 97 info. Studio is the worst, with 273 critical, 3700 major,
10892 minor and 456 infos. I teave to you imagine how long it would take
to get those fixed...

Btw, we can ask for the various projects to be added to
analysis.apache.org. Here are the result for some of our current projects :

ApacheDS : https://analysis.apache.org/dashboard/index/114786
LDAP API : https://analysis.apache.org/dashboard/index/123841
Studio   : https://analysis.apache.org/dashboard/index/118180

Re: [ANNOUNCE] Apache Directory LDAP API 1.0.0-M30 released

2015-05-04 Thread Shehzad Ahmed 
Unsubscribe me please. Thanks

On Mon, 4 May 2015 19:03 Emmanuel Lecharny  wrote:

> The Apache Directory Team is proud to announce the availability of the
> 1.0.0-M30 version of the Apache Directory LDAP API.
>
> The Apache Directory LDAP client API is an ongoing effort to provide
> an enhanced LDAP API, as a replacement for JNDI and the existing
> LDAPAPI (jLdap and Mozilla LDAP API).
>
> This is a schema aware API, with some convenient ways to access a LDAP
> server. This API is not only targeting the Apache Directory Server,
> but should work pristine with any LDAP server.
>
> It's also an extensible API : new Controls, schema elements and
> network layer could be added or used in the near future. It's also
> OSGi capable.
> Another bug fix release, with some critical fixes in the connection handling, 
> and some schema modifications.
>
> Here is the list of fixed issues :
>
>
>
> *Bugs :*
>
>- DIRAPI-236  -
>Unbind during search hangs
>- DIRAPI-234  -
>ClassLoading issues with two classes in different packages
>- DIRAPI-231  -
>Wrong namespace in generated response
>- DIRAPI-230  -
>Connection to invalid host blocks for 30 seconds
>- DIRAPI-229  - The
>LdifParser lowrcase attributeType
>- DIRAPI-196  -
>Always throw error ERR_04486_VALUE_ALREADY_EXISTS from
>org.apache.directory.api.ldap.model.entry.DefaultAttribute against AD's
>attribute dSCorePropagationData when do search operation.
>
> *Improvements :*
>
>- DIRAPI-233  -
>OSGi: Import package range for slf4j
>
> *Tasks :*
>
>- DIRAPI-235  -
>Wrong attributeType name
>
> Feel free to experiment, we highly appreciate your feedback !
>
>
> Website : http://directory.apache.org/api
> Download : http://directory.apache.org/api/downloads.html
> User's Guide : http://directory.apache.org/api/user-guide.html
>
> The Apache Directory Team
>
>
> --
> Regards,
> Cordialement,
> Emmanuel Lécharnywww.iktek.com
>
>

[Studio] OpenLDAP plugin status

2015-05-04 Thread Emmanuel Lécharny 
Hi guys,

I have made some substencial changes in the OpenLDAP config plugins
those 3 last weeks. Here is the current status for this plugin :

- I have added an overiew pages which exposes only the very basic
informations of a OpenLDAP server : databases, loaded overlays, logLevel
and a few other infos
- I have added a widget for the LogLevel configuration, which is much
better that what we add before
- I also have added many fields configuration in the Options page

There is a lot that has to be done before this plugin can be considered
as production ready :
- First of all, the configuration 'save' does not currently work.
Probably just a bump on the road, I have to check that. Enough said that
it was woking 2 weeks ago, so one of my changes have broke it.
- I want to split the databases and options page in parts, with new pages :
  o a Config page which will contain all the specific config Database
parameters
  o a FrontEnd pagewhich will contain all the specific Frontend Database
parameters
- I also want to split the options page in many pages or sections (not
yet decided what's the best solution), with those sections :
  o Security
  o Tuning
  o Schema
  o PasswordPolicy
It's mainly about re-shuffling what we currently have in a more
user-friendly way.
- Move the literal Strings to the messages.properties files
- There are many configuraiton parameters that are not yet handled (just
because they weren't existing when the first version of the editor has
been designed)
- The help is not existing atm. It has to be added.


We won't support slapd.conf file in this version. Also the OpenLDAP
version that will be supported has to be recent (ie, 2.4.31 or newer).
ALl in all, that means we will support every OpenLDAP version that has
been released in teh past 4 years.

I will create JIRAs for the missing parts or each part I want to work on
expect a load of JIRAs to be created ;-)

All in all, I expect to have a very first version running quite soon,
and probably something that could be tested as soon as the 'save' action
will be fixed.

That's it for the status, expect lots of change sin the comming days and
weeks !

Thanks !

RE: Kerby GSS tests?

2015-05-04 Thread Li, Jiajia 
Hi, Colm,
I Fail to run GSSInteropTest, the detail in
https://issues.apache.org/jira/browse/DIRKRB-246
Do you have any idea to fix it?

Thanks
Jiajia

-Original Message-
From: Zheng, Kai [mailto:kai.zh...@intel.com] 
Sent: Wednesday, April 29, 2015 9:30 PM
To: ke...@directory.apache.org; cohei...@apache.org
Cc: Apache Directory Developers List
Subject: RE: Kerby GSS tests?

>> Will we also be supporting it for the Default case as opposed to the Netty 
>> case?
Sure, we will. 

>> there is no validation of the service ticket. I will add this in
That's great. And also, based on this work, it would be possible to have 
another one in the SASL framework.

Regards,
Kai

-Original Message-
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Wednesday, April 29, 2015 8:50 PM
To: Zheng, Kai
Cc: ke...@directory.apache.org; Apache Directory Developers List
Subject: Re: Kerby GSS tests?

Cool, I'll try out the UDP support. Will we also be supporting it for the 
Default case as opposed to the Netty case?

I'm not really sure if my test-case qualifies as an end-to-end test...there is 
no validation of the service ticket. I will add this in...

Colm.

On Wed, Apr 29, 2015 at 1:45 PM, Zheng, Kai  wrote:

> Thanks Colm for the great work!
>
> Shall we resolve https://issues.apache.org/jira/browse/DIRKRB-232 now?
>
> By the way, Yaning made the UDP support happen for the NettyKdcNetwork 
> today,
> https://issues.apache.org/jira/browse/DIRKRB-231
>
> Regards,
> Kai
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Wednesday, April 29, 2015 6:38 PM
> To: ke...@directory.apache.org
> Cc: Apache Directory Developers List
> Subject: Re: Kerby GSS tests?
>
> Ok done!
>
> Repository: directory-kerby
> Updated Branches:
>   refs/heads/master e452f1854 -> eb2e4c1ae
>
>
> Adding a GSS unit test
>
>
> Project: http://git-wip-us.apache.org/repos/asf/directory-kerby/repo
> Commit:
> http://git-wip-us.apache.org/repos/asf/directory-kerby/commit/eb2e4c1a
> Tree: 
> http://git-wip-us.apache.org/repos/asf/directory-kerby/tree/eb2e4c1a
> Diff: 
> http://git-wip-us.apache.org/repos/asf/directory-kerby/diff/eb2e4c1a
>
> Colm.
>
> On Mon, Apr 27, 2015 at 1:45 PM, Zheng, Kai  wrote:
>
> > Colm,
> >
> > Yes it’s a known issue due to incomplete implementation. When the 
> > following one is resolved, I thought we could get back to this 
> > verifying the function. I will hopefully work on it recently.
> > https://issues.apache.org/jira/browse/DIRKRB-235
> >
> > By the way, is it doable to port your end to end tests into Kerby, 
> > without introducing the many deps? Thanks.
> >
> > Regards,
> > Kai
> >
> > From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> > Sent: Monday, April 27, 2015 6:46 PM
> > To: Zheng, Kai
> > Cc: Apache Directory Developers List
> > Subject: Re: Kerby GSS tests?
> >
> >
> > Thanks, everything is working now :-) The remaining issue is that 
> > the tests are failing when pre-auth is enabled. Do you want me to 
> > start looking into this, or are there known issues here?
> > Colm.
> >
> > On Sat, Apr 25, 2015 at 12:39 AM, Zheng, Kai   > kai.zh...@intel.com>> wrote:
> > Colm,
> >
> > It’s done now. The root cause is due to the incorrect TGS principal 
> > construction. Please check out latest codes and also apply the 
> > following change to your test project.
> >
> > Regards,
> > Kai
> >
> > ---
> > a/apache/cxf/cxf-kerberos-kerby/src/test/java/org/apache/coheigea/cx
> > f/ kerberos/authentication/AuthenticationTest.java
> > +++
> > b/apache/cxf/cxf-kerberos-kerby/src/test/java/org/apache/coheigea/cx
> > f/ kerberos/authentication/AuthenticationTest.java
> > @@ -98,9 +98,7 @@ public class AuthenticationTest extends 
> > org.junit.Assert {
> >
> >  // Need to disable PRE_AUTH (not sure why, maybe a bug in
> > Kerby)
> >
> >
> > kerbyServer.getSetting().getKdcConfig().setBoolean(KdcConfigKey.PREA
> > UT
> > H_REQUIRED,
> > false);
> > -
> >
> kerbyServer.getSetting().getKdcConfig().setString(KdcConfigKey.TGS_PRI
> NCIPAL,
> > -  "krbtgt/
> > service.ws.apache@service.ws.apache.org > service.ws.apache@service.ws.apache.org>");
> > -
> > +
> >  // Create principals
> >  String alice = "al...@service.ws.apache.org > al...@service.ws.apache.org>";
> >  String bob =
> > "bob/service.ws.apache@service.ws.apache.org
> > ";
> > @@ -136,7 +134,7 @@ public class AuthenticationTest extends 
> > org.junit.Assert {
> >  }
> >
> >  @org.junit.Test
> > -@org.junit.Ignore
> > +//@org.junit.Ignore
> >  public void unitTest() throws Exception {
> > KrbClient client = new KrbClient();
> >
> > diff --git
> > a/apache/cxf/cxf-kerberos-kerby/src/test/java/org/apache/coheigea/cx
> > f/ kerberos/jaxrs/JAXRSAuthenticationTest.java
> > b/apache/cxf/cxf-k
> > index 3806a7

[jira] [Created] (DIRKRB-246) Fail to run GSSInteropTest

2015-05-04 Thread Jiajia Li (JIRA) 
Jiajia Li created DIRKRB-246:


 Summary: Fail to run GSSInteropTest
 Key: DIRKRB-246
 URL: https://issues.apache.org/jira/browse/DIRKRB-246
 Project: Directory Kerberos
  Issue Type: Bug
Reporter: Jiajia Li


Try to run GSSInteropTest.
1. When run in console, error as following:
{code}
Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 1.073 sec <<< 
FAILURE! - in org.apache.kerby.kerberos.kerb.server.GSSInteropTest
testKdc(org.apache.kerby.kerberos.kerb.server.GSSInteropTest)  Time elapsed: 
1.068 sec  <<< ERROR!
java.security.PrivilegedActionException: null
at 
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
at 
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:127)
at 
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
at sun.security.jgss.GSSCredentialImpl.(GSSCredentialImpl.java:62)
at 
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:154)
at 
org.apache.kerby.kerberos.kerb.server.GSSInteropTest$KerberosServiceExceptionAction.run(GSSInteropTest.java:246)
at 
org.apache.kerby.kerberos.kerb.server.GSSInteropTest$KerberosServiceExceptionAction.run(GSSInteropTest.java:225)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at 
org.apache.kerby.kerberos.kerb.server.GSSInteropTest.validateServiceTicket(GSSInteropTest.java:157)
at 
org.apache.kerby.kerberos.kerb.server.GSSInteropTest.testKdc(GSSInteropTest.java:139)
{code}

2. when run in IDE:
{code}
java.io.FileNotFoundException: 
/home/jiajia/devel/plusplusjiajia/directory-kerby/src/test/resources/krb5.conf 
(No such file or directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.(FileInputStream.java:138)
at 
org.apache.kerby.kerberos.kerb.server.GSSInteropTest.setUp(GSSInteropTest.java:93)
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-222) Make the LdifReader accept changes *and* entries in the same file

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRAPI-222?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-222:
-
Fix Version/s: (was: 1.0.0-M30)
   1.0.0-M31

> Make the LdifReader accept changes *and* entries in the same file
> -
>
> Key: DIRAPI-222
> URL: https://issues.apache.org/jira/browse/DIRAPI-222
> Project: Directory Client API
>  Issue Type: Improvement
>Affects Versions: 1.0.0-M28
>Reporter: Emmanuel Lecharny
> Fix For: 1.0.0-M31
>
>
> Currently, the LDIF RFC only accepts either content (ie full entries) or 
> changes, but not a mix of it : {{ldif-file = ldif-content / ldif-changes}}.
> It would be very convenient to allow a mix of those things. That would not 
> break anything, and would be quite convenient.
> We can add a flag to enforce a strict respect of the RFC too.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-179) Referral Hop Count

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRAPI-179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-179:
-
Fix Version/s: (was: 1.0.0-M30)
   1.0.0-M31

> Referral Hop Count
> --
>
> Key: DIRAPI-179
> URL: https://issues.apache.org/jira/browse/DIRAPI-179
> Project: Directory Client API
>  Issue Type: Improvement
>Affects Versions: 1.0.0-M20
>Reporter: Robert Hou
> Fix For: 1.0.0-M31
>
>
> As we found, there is already one related issue DIRAPI-61 for Referral Chase. 
> Then we want API to support Hop Count when chase referral.That means API can 
> let user control the hop count when API chase referral. Netscape LDAP SDK 
> already has this featue, we can refer to.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-149) LdapNetworkConnection should not create user-Threads

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRAPI-149?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-149:
-
Fix Version/s: (was: 1.0.0-M30)
   1.0.0-M31

> LdapNetworkConnection should not create user-Threads
> 
>
> Key: DIRAPI-149
> URL: https://issues.apache.org/jira/browse/DIRAPI-149
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-M18
>Reporter: Christian Cwienk
> Fix For: 1.0.0-M31
>
>
> When creating a LdapNetworkConnection, a 'NioThread' is created as a 
> 'User-Thread' that handles network IO. This thread lives for as long as the 
> connection is not closed.
> If the connection is not closed this will prevent the JavaVM from 
> terminating, which may be somewhat unexpected, since this behaviour is not 
> explicitly documented.
> My suggestion would be to change the io-Thread's type to be a 'daemon' 
> thread. That way, not closing an LdapConnection would not prevent the JavaVM 
> from terminating.
> example code snippet:
> {code}
>   public static void main(String[] args) throws Exception
>   {
> LdapConnectionConfig cfg = new LdapConnectionConfig();
> cfg.setLdapHost("myHost");
> cfg.setLdapPort(389);
> cfg.setName("myUser@myHost");
> cfg.setCredentials("myPassword");
> 
>LdapConnection conn = new LdapNetworkConnection(cfg);
>conn.bind();
>//the JavaVM will never terminate, because the connection was not closed!
>   }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-216) Improvements in OSGi tests

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRAPI-216?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-216:
-
Fix Version/s: (was: 1.0.0-M30)
   1.0.0-M31

> Improvements in OSGi tests
> --
>
> Key: DIRAPI-216
> URL: https://issues.apache.org/jira/browse/DIRAPI-216
> Project: Directory Client API
>  Issue Type: Task
>Reporter: Stefan Seelmann
>Priority: Minor
> Fix For: 1.0.0-M31
>
> Attachments: osgi.dif
>
>
> Follow up for DIRAPI-215 and DIRSERVER-2041.
> api/integ-osgi and server/osgi-integ duplicate some code (pom.xml 
> declarations and ApiOsgiTestBase/ServerOsgiTestBase. It would be nice to 
> extract this code and make it reusable.
> Further possible improvements:
> * Try to move tests to their modules, to allow faster feedback
> * Currently only some classes are used and instantiated to ensure that 
> classes can be loaded. But the coverage is only minimal. it would be nice to 
> run all the tests as pax-exam test.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-154) Implement "online" OpenLDAP schema parsing in DefaultSchemaLoader

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRAPI-154?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-154:
-
Fix Version/s: (was: 1.0.0-M30)
   1.0.0-M31

> Implement "online" OpenLDAP schema parsing in DefaultSchemaLoader
> -
>
> Key: DIRAPI-154
> URL: https://issues.apache.org/jira/browse/DIRAPI-154
> Project: Directory Client API
>  Issue Type: Improvement
>Affects Versions: 1.0.0-M20
>Reporter: Gerald Turner
>Assignee: Emmanuel Lecharny
> Fix For: 1.0.0-M31
>
> Attachments: loadSchema.log, openldap-schema.ldif
>
>
> The constructor in DefaultSchemaLoader has the following comment:
> {code}
>   // TODO Handle schema loading on other LDAP servers
> {code}
> For OpenLDAP this would require searching subtree under cn=schema,cn=config 
> and handling attributes like:
> {code}
>   olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last 
> (family) name(s) for which the entity is known by' SUP name )
>   olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP 
> top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ 
> seeAlso $ description ) )
> {code}
> Note that there is also an 'olcObjectIdentifier' attribute type that seems to 
> be used to create macros for interpolation in OID's used in other attributes:
> {code}
>   olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2
>   olcObjectIdentifier: OLcfgAt OLcfg:3
>   olcObjectIdentifier: OLcfgOvAt OLcfgAt:3
>   olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1
>   olcObjectIdentifier: OMsBoolean OMsyn:7
>   olcAttributeTypes: ( OLcfgOvAt:10.4 NAME 'olcUniqueStrict' DESC 'Enforce 
> uniqueness of null values' EQUALITY booleanMatch SYNTAX OMsBoolean 
> SINGLE-VALUE )
> {code}
> However this additional complexity seems to only be used for the 
> internal/vendor-specific schema itself (not 'core', 'nis', etc.).
> Attached is LDIF output of from searching {{cn=schema,cn=config}}.
> Mailing List reference: 
> https://mail-archives.apache.org/mod_mbox/directory-api/201308.mbox/%3CCABzFU-eOfmwiFpR1w0Fd-JhNFBVLO0NkHKa5w61ReFBEq%3DWkaw%40mail.gmail.com%3E



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-115) LdifEntry should expose methods to manipulate attributes.

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRAPI-115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-115:
-
Fix Version/s: (was: 1.0.0-M30)
   1.0.0-M31

> LdifEntry should expose methods to manipulate attributes.
> -
>
> Key: DIRAPI-115
> URL: https://issues.apache.org/jira/browse/DIRAPI-115
> Project: Directory Client API
>  Issue Type: Bug
>Reporter: Alex Karasulu
> Fix For: 1.0.0-M31
>
>
> Right now LdifEntry.getEntry must be used to get a data structure that allows 
> manipulation of LDIF attributes.  Would be nice to be able to do this without 
> having to rebuild yet another LdifEntry object after altering the Entry 
> object obtained from the original LdifEntry.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRSERVER-2063) Automat testing of installers

2015-05-04 Thread Emmanuel Lecharny (JIRA) 

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-2063?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-2063:
-
Fix Version/s: (was: 2.0.0-M20)
   2.0.0-M21

> Automat testing of installers
> -
>
> Key: DIRSERVER-2063
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2063
> Project: Directory ApacheDS
>  Issue Type: Task
>  Components: installer-plugin
>Reporter: Stefan Seelmann
>Assignee: Stefan Seelmann
> Fix For: 2.0.0-M21
>
>
> For every release we create installers that need to be tested, we should 
> automate the tests.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (DIRSTUDIO-1044) The ServerID field must be a widget

2015-05-04 Thread Emmanuel Lecharny (JIRA) 
Emmanuel Lecharny created DIRSTUDIO-1044:


 Summary: The ServerID field must be a widget
 Key: DIRSTUDIO-1044
 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1044
 Project: Directory Studio
  Issue Type: Improvement
  Components: OpenLDAP Config
Affects Versions: 2.0.0-M8 (2.0.0.v20130628)
Reporter: Emmanuel Lecharny
 Fix For: 2.0.0-M9


The {{ServerID}} field can contain more than one value, so we need a widget to 
update it, and the content must be shown in a {{TableViewer}}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[ANNOUNCE] Apache Directory LDAP API 1.0.0-M30 released

2015-05-04 Thread Emmanuel Lecharny 
The Apache Directory Team is proud to announce the availability of the
1.0.0-M30 version of the Apache Directory LDAP API.

The Apache Directory LDAP client API is an ongoing effort to provide
an enhanced LDAP API, as a replacement for JNDI and the existing
LDAPAPI (jLdap and Mozilla LDAP API).

This is a schema aware API, with some convenient ways to access a LDAP
server. This API is not only targeting the Apache Directory Server,
but should work pristine with any LDAP server.

It's also an extensible API : new Controls, schema elements and
network layer could be added or used in the near future. It's also
OSGi capable.
Another bug fix release, with some critical fixes in the connection
handling, and some schema modifications.

Here is the list of fixed issues :



*Bugs :*

   - DIRAPI-236  - Unbind
   during search hangs
   - DIRAPI-234  -
   ClassLoading issues with two classes in different packages
   - DIRAPI-231  - Wrong
   namespace in generated response
   - DIRAPI-230  -
   Connection to invalid host blocks for 30 seconds
   - DIRAPI-229  - The
   LdifParser lowrcase attributeType
   - DIRAPI-196  - Always
   throw error ERR_04486_VALUE_ALREADY_EXISTS from
   org.apache.directory.api.ldap.model.entry.DefaultAttribute against AD's
   attribute dSCorePropagationData when do search operation.

*Improvements :*

   - DIRAPI-233  - OSGi:
   Import package range for slf4j

*Tasks :*

   - DIRAPI-235  - Wrong
   attributeType name

Feel free to experiment, we highly appreciate your feedback !


Website : http://directory.apache.org/api
Download : http://directory.apache.org/api/downloads.html
User's Guide : http://directory.apache.org/api/user-guide.html

The Apache Directory Team

-- 
Regards,
Cordialement,
Emmanuel Lécharnywww.iktek.com