[jira] [Commented] (DIRSERVER-2156) ApacheDS issues TGT kerberos ticket with address on IBM java
[ https://issues.apache.org/jira/browse/DIRSERVER-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15354545#comment-15354545 ] Kai Zheng commented on DIRSERVER-2156: -- Hello [~friler], Thanks for your reporting and inputs. I thought it would be good to notify you that currently the very limited community resources on Kerberos direction is focused on the Kerby sub-project, and I'm not sure whether anybody else has the bandwidth for fixing this up. We probably would love to accept such fix patch if available, on the other hand. Hope this helps you some bit. Regards, Kai > ApacheDS issues TGT kerberos ticket with address on IBM java > > > Key: DIRSERVER-2156 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2156 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M20 >Reporter: Martin Choma > Attachments: IBMJavaIdentityPropagation.log, > IBMJavaIdentityPropagation.pcapng, OracleJavaIdentityPropagation.log, > OracleJavaIdentityPropagation.pcapng > > > ApacheDS issues TGT kerberos ticket with address on IBM java , even if > noaddresses = true is explicitelly set in krb5.conf. > Address in ticket causing problem, because ApacheDS check address in ticket > with address of connection. And that leads to error "error 38 Incorrect net > address" > I dont see this issue on IBM java and Active Directory, for instance, so I > think it is not problem of client code. > Also note that running ApacheDS with openJDK and oracle java I also don't > see this. > Only problematic combination is is ApacheDS vs. IBM java 8 > Tested use case is identity propagation / delegation. > In attachment you can find relevant log with > org.apache.directory.server.KERBEROS_LOG set to DEBUG for oracle and ibm > java. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (DIRSERVER-2156) ApacheDS issues TGT kerberos ticket with address on IBM java
[ https://issues.apache.org/jira/browse/DIRSERVER-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15354528#comment-15354528 ] Martin Choma commented on DIRSERVER-2156: - I attached wireshark traffic. Where can be seen (packet number 7) that request for tgt contains address and AFAICT there is no kdc options referring to "noaddresses" option transmitted to ApacheDS. There is some discussion regarding this issue on mailing list http://mail-archives.apache.org/mod_mbox/directory-users/201606.mbox/%3CCAHKv3BRSfUyfwzFBCOBe3taz3EL%2B%3Dhbv81FjfVG1OOhJj1c%2BhA%40mail.gmail.com%3E . >From now I would prefer communication on this JIRA. > ApacheDS issues TGT kerberos ticket with address on IBM java > > > Key: DIRSERVER-2156 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2156 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M20 >Reporter: Martin Choma > Attachments: IBMJavaIdentityPropagation.log, > IBMJavaIdentityPropagation.pcapng, OracleJavaIdentityPropagation.log, > OracleJavaIdentityPropagation.pcapng > > > ApacheDS issues TGT kerberos ticket with address on IBM java , even if > noaddresses = true is explicitelly set in krb5.conf. > Address in ticket causing problem, because ApacheDS check address in ticket > with address of connection. And that leads to error "error 38 Incorrect net > address" > I dont see this issue on IBM java and Active Directory, for instance, so I > think it is not problem of client code. > Also note that running ApacheDS with openJDK and oracle java I also don't > see this. > Only problematic combination is is ApacheDS vs. IBM java 8 > Tested use case is identity propagation / delegation. > In attachment you can find relevant log with > org.apache.directory.server.KERBEROS_LOG set to DEBUG for oracle and ibm > java. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (DIRSERVER-2156) ApacheDS issues TGT kerberos ticket with address on IBM java
[ https://issues.apache.org/jira/browse/DIRSERVER-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Martin Choma updated DIRSERVER-2156: Attachment: OracleJavaIdentityPropagation.pcapng IBMJavaIdentityPropagation.pcapng > ApacheDS issues TGT kerberos ticket with address on IBM java > > > Key: DIRSERVER-2156 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2156 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M20 >Reporter: Martin Choma > Attachments: IBMJavaIdentityPropagation.log, > IBMJavaIdentityPropagation.pcapng, OracleJavaIdentityPropagation.log, > OracleJavaIdentityPropagation.pcapng > > > ApacheDS issues TGT kerberos ticket with address on IBM java , even if > noaddresses = true is explicitelly set in krb5.conf. > Address in ticket causing problem, because ApacheDS check address in ticket > with address of connection. And that leads to error "error 38 Incorrect net > address" > I dont see this issue on IBM java and Active Directory, for instance, so I > think it is not problem of client code. > Also note that running ApacheDS with openJDK and oracle java I also don't > see this. > Only problematic combination is is ApacheDS vs. IBM java 8 > Tested use case is identity propagation / delegation. > In attachment you can find relevant log with > org.apache.directory.server.KERBEROS_LOG set to DEBUG for oracle and ibm > java. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[VOTE] Apache Directory Studio 2.0.0.v20160628-M11 release
Hi all, here is a vote on a new Studio release. This is mainly a bugfix release and solves the annoying "Unable to save configuration" issue. The underlying Eclipse versions was updated to Mars.2 and works with Java 9, the plugins also work in Eclipse Neon. The full release notes are here: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310590=12334388 SVN tag: https://svn.apache.org/repos/asf/directory/studio/tags/2.0.0.v20160628-M11/ Nexus staging repository: https://repository.apache.org/content/repositories/orgapachedirectory-1097/ Distribution packages: https://dist.apache.org/repos/dist/dev/directory/studio/2.0.0.v20160628-M11/2.0.0.v20160628-M11/ Please cast your vote: [ ] +1 : release Apache Directory Studio 2.0.0.v20160628-M11 [ ] ± 0 : I don't care [ ] -1 : No, don't release Apache Directory Studio 2.0.0.v20160628-M11, because... Kind Regards, Stefan
[jira] [Resolved] (DIRSTUDIO-1081) Unable to save any configuration with apacheDS 2.0 and apache studio 2.0 M10
[ https://issues.apache.org/jira/browse/DIRSTUDIO-1081?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seelmann resolved DIRSTUDIO-1081. Resolution: Fixed > Unable to save any configuration with apacheDS 2.0 and apache studio 2.0 M10 > > > Key: DIRSTUDIO-1081 > URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1081 > Project: Directory Studio > Issue Type: Bug > Components: studio-apacheds >Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10) > Environment: ApacheDS2.0-M21 with > ApacheDirectoryStudio-2.0.0.v20151221-M10-win32.win32.x86_64 >Reporter: Karan Aggarwal > Fix For: 2.0.0-M11 > > Attachments: SaveConfigurationProblem.PNG > > > ApacheDS is started. I am able to successfully create connection with > apacheds with default user admin and default password secret. However > whenever I tro to modify the configuration from Apache studio below error > message is thrown back > java.lang.Exception: Changes could not be saved to the connection. > at > org.apache.directory.studio.apacheds.configuration.editor.ServerConfigurationEditorUtils.saveConfiguration(ServerConfigurationEditorUtils.java:370) > at > org.apache.directory.studio.apacheds.configuration.jobs.SaveConfigurationRunnable.run(SaveConfigurationRunnable.java:109) > at > org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:85) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Resolved] (DIRSTUDIO-1083) Unable to save Configuration
[ https://issues.apache.org/jira/browse/DIRSTUDIO-1083?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Stefan Seelmann resolved DIRSTUDIO-1083. Resolution: Fixed > Unable to save Configuration > > > Key: DIRSTUDIO-1083 > URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1083 > Project: Directory Studio > Issue Type: Bug >Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10) > Environment: Windows >Reporter: Allan Selvan >Priority: Blocker > Labels: ApacheDS > Fix For: 2.0.0-M11 > > > I am unable to save the configuration when I try to make any config changes > I am using ApacheDS M21 (latest) and Directive Studio 2.0.0.v20151221-M10 > (latest) > Error: > Unable to save configuration. > - Changes could not be saved to the connection. > java.lang.Exception: Changes could not be saved to the connection. > at > org.apache.directory.studio.apacheds.configuration.editor.ServerConfigurationEditorUtils.saveConfiguration(ServerConfigurationEditorUtils.java:370) > at > org.apache.directory.studio.apacheds.configuration.jobs.SaveConfigurationRunnable.run(SaveConfigurationRunnable.java:109) > at > org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:85) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) > Changes could not be saved to the connection. > Studio Modification log: > #!RESULT ERROR > #!CONNECTION ldap://localhost:10389 > #!DATE 2016-01-15T05:47:23.141 > #!ERROR [LDAP: error code 16 - NO_SUCH_ATTRIBUTE: failed for MessageType : > MODIFY_REQUEST Message ID : 109 Modify Request Object : > 'ads-indexattributeid=apacheRdn,ou=indexes,ads-partitionid=example,ou=partitions,ads-directoryserviceid=default,ou=config' > Modification[0] Operation : delete >Modification ads-indexCacheSize: (null)Modification[1] > Operation : delete Modification ads-indexCacheSize: > (null)Modification[2] Operation : delete > Modification ads-indexCacheSize: (null)Modification[3] > Operation : delete Modification > ads-indexCacheSize: (null)Modification[4] > Operation : delete Modification ads-indexCacheSize: (null) > Modification[5] Operation : delete > Modification ads-indexCacheSize: (null)Modification[6] > Operation : delete Modification ads-indexCacheSize: > (null)Modification[7] Operation : delete > Modification ads-indexCacheSize: (null)Modification[8] > Operation : delete Modification > ads-indexCacheSize: (null)Modification[9] > Operation : delete Modification ads-indexCacheSize: (null) > Modification[10] Operation : delete > Modification ads-indexCacheSize: (null)Modification[11] > Operation : delete Modification ads-indexCacheSize: > (null)Modification[12] Operation : delete > Modification ads-indexCacheSize: (null)Modification[13] >Operation : delete Modification > ads-indexCacheSize: (null)Modification[14] > Operation : delete Modification ads-indexCacheSize: (null) > Modification[15] Operation : delete > Modification ads-indexCacheSize: (null)Modification[16] > Operation : delete Modification ads-indexCacheSize: > (null)Modification[17] Operation : delete > Modification ads-indexCacheSize: (null)Modification[18] >Operation : delete Modification > ads-indexCacheSize: (null)Modification[19] > Operation : delete Modification ads-indexCacheSize: (null) > Modification[20] Operation : delete > Modification ads-indexCacheSize: (null)Modification[21] > Operation : delete Modification ads-systemPort: 10389 > Modification[22] Operation : add > Modification ads-systemPort: 10388Modification[23] > Operation : delete Modification ads-pwdAllowUserChange: > (null)Modification[24] Operation : delete >
Re: New release process...
Hi Emmanuel, thanks very much for the detailed explaination! On 06/28/2016 10:53 AM, Emmanuel Lécharny wrote: > There is one common area where we can push packages for test, vote and > release : https://dist.apache.org/repos/ash/dist. This area has 3 > $ svn co https://dist.apache.org/repos/asf/dist/dev/directory > $ svn co https://dist.apache.org/repos/asf/dist/release/directory Just to clarify: it's without the "/asf/", just https://dist.apache.org/repos/dist/ > That may take a while, especially for Studio, which contains a log of > packages (and big ones). Yes, and I'm just committing additional 750 MB :D Kind Regards, Stefan
Re: Release of Studio, API, ApacheDS
On 06/12/2016 10:41 AM, Stefan Seelmann wrote: > Hi, > > I'd like to release a new version of Studio. There are only bugfixes but > important ones that were reported by lots of users and very annoying: > > * Error when saving configuration (DIRSTUDIO-1080 and many duplicates) > * Hanging connections when using SSL (DIRMINA-1023) > * Fix of race conditions and invalid thread access > > However this requires release of API and Server first. > > Thus my question, are there any blockers that must be fixed before > releasing API and Server? > > I assume changes in the "value" branch are target for API 2.0.0 and > related issues won't make it into 1.0.0, right? > > I can take care of all the releases this week. > > Kind Regards, > Stefan I'll start the Studio release.
[jira] [Updated] (DIRSERVER-2156) ApacheDS issues TGT kerberos ticket with address on IBM java
[ https://issues.apache.org/jira/browse/DIRSERVER-2156?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Martin Choma updated DIRSERVER-2156: Attachment: OracleJavaIdentityPropagation.log IBMJavaIdentityPropagation.log > ApacheDS issues TGT kerberos ticket with address on IBM java > > > Key: DIRSERVER-2156 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2156 > Project: Directory ApacheDS > Issue Type: Bug >Affects Versions: 2.0.0-M20 >Reporter: Martin Choma > Attachments: IBMJavaIdentityPropagation.log, > OracleJavaIdentityPropagation.log > > > ApacheDS issues TGT kerberos ticket with address on IBM java , even if > noaddresses = true is explicitelly set in krb5.conf. > Address in ticket causing problem, because ApacheDS check address in ticket > with address of connection. And that leads to error "error 38 Incorrect net > address" > I dont see this issue on IBM java and Active Directory, for instance, so I > think it is not problem of client code. > Also note that running ApacheDS with openJDK and oracle java I also don't > see this. > Only problematic combination is is ApacheDS vs. IBM java 8 > Tested use case is identity propagation / delegation. > In attachment you can find relevant log with > org.apache.directory.server.KERBEROS_LOG set to DEBUG for oracle and ibm > java. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (DIRSERVER-2156) ApacheDS issues TGT kerberos ticket with address on IBM java
Martin Choma created DIRSERVER-2156: --- Summary: ApacheDS issues TGT kerberos ticket with address on IBM java Key: DIRSERVER-2156 URL: https://issues.apache.org/jira/browse/DIRSERVER-2156 Project: Directory ApacheDS Issue Type: Bug Affects Versions: 2.0.0-M20 Reporter: Martin Choma ApacheDS issues TGT kerberos ticket with address on IBM java , even if noaddresses = true is explicitelly set in krb5.conf. Address in ticket causing problem, because ApacheDS check address in ticket with address of connection. And that leads to error "error 38 Incorrect net address" I dont see this issue on IBM java and Active Directory, for instance, so I think it is not problem of client code. Also note that running ApacheDS with openJDK and oracle java I also don't see this. Only problematic combination is is ApacheDS vs. IBM java 8 Tested use case is identity propagation / delegation. In attachment you can find relevant log with org.apache.directory.server.KERBEROS_LOG set to DEBUG for oracle and ibm java. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
RE: Rethinking Mavibot...
My 10 cents... a pure Java solution is much better for many reasons: 1) easier to use, don't have to think about a different version per OS 2) easier to build (obviously) 3) easier to test, don't have to worry about inconsistency introduced by different builds of the native lib 4) ... That said, being able to plug in a different backend via configuration is always valuable, and already supported, so I certainly wouldn't complain if somebody wrote an adapter for the native storage engine. Lucas On Jun 28, 2016 8:57 AM, "Zheng, Kai"wrote: > Yeah. It sounds like a great choice to consider > https://github.com/deephacks/lmdbjni. It's still in updating. Would we > proceed on this? > > Anyway, will play around it this week and see if any concerns. > > Regards, > Kai > > -Original Message- > From: Shawn McKinney [mailto:smckin...@apache.org] > Sent: Monday, June 27, 2016 9:10 PM > To: Apache Directory Developers List > Subject: Re: Rethinking Mavibot... > > > > On Jun 27, 2016, at 7:29 AM, Emmanuel Lécharny > wrote: > > > > Here is what I would suggest : > > > > - LMDB is an obvious candidate if we want to use something that > > exists, and which is proven to work. > > - There are a coupld of existing bindings for LMDB : > > https://github.com/deephacks/lmdbjni, > > https://github.com/chirino/lmdbjni > > (which is 3 years old) > > - We need to ensure that we have a build for Linux, Windows an MacOSX. > > A project like https://github.com/deephacks/lmdb might help > > > > We also need someone wanting to play around the idea. > > This is a good discussion. > > I agree with Kai, having a good and stable backend / database is critical > to this project’s future. OTOH Emmanuel’s point that we’re open source > (volunteers) is an obvious inhibiting factor. > > So, do we have SWAG’s for the number of hours required for both > approaches, i.e. apacheds w/ LMDB or Mavibot? > > If we can have an apacheds & lmdb release in a few weeks, where mavibot > might take many months, it might be worth a shot. Otherwise we should stay > the course and not get sidetracked. > > (my two cents) > > Shawn >
RE: Rethinking Mavibot...
Yeah. It sounds like a great choice to consider https://github.com/deephacks/lmdbjni. It's still in updating. Would we proceed on this? Anyway, will play around it this week and see if any concerns. Regards, Kai -Original Message- From: Shawn McKinney [mailto:smckin...@apache.org] Sent: Monday, June 27, 2016 9:10 PM To: Apache Directory Developers ListSubject: Re: Rethinking Mavibot... > On Jun 27, 2016, at 7:29 AM, Emmanuel Lécharny wrote: > > Here is what I would suggest : > > - LMDB is an obvious candidate if we want to use something that > exists, and which is proven to work. > - There are a coupld of existing bindings for LMDB : > https://github.com/deephacks/lmdbjni, > https://github.com/chirino/lmdbjni > (which is 3 years old) > - We need to ensure that we have a build for Linux, Windows an MacOSX. > A project like https://github.com/deephacks/lmdb might help > > We also need someone wanting to play around the idea. This is a good discussion. I agree with Kai, having a good and stable backend / database is critical to this project’s future. OTOH Emmanuel’s point that we’re open source (volunteers) is an obvious inhibiting factor. So, do we have SWAG’s for the number of hours required for both approaches, i.e. apacheds w/ LMDB or Mavibot? If we can have an apacheds & lmdb release in a few weeks, where mavibot might take many months, it might be worth a shot. Otherwise we should stay the course and not get sidetracked. (my two cents) Shawn
[jira] [Commented] (DIRSTUDIO-1080) Unable to save Server-Configuration: ERR_55 Trying to remove an non-existant attribute: attributetype
[ https://issues.apache.org/jira/browse/DIRSTUDIO-1080?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15352442#comment-15352442 ] Haochen Xie commented on DIRSTUDIO-1080: That sounds like a lot of works.. And thank you for maintaining this software: I'm quite happy with Apache Directory Studio so far and only got annoyed by this bug. I'm myself a Java programmer and intend to embrace the directory database technology in the future. So if you point me how to start, I may be able to help (though my time is very limited). > Unable to save Server-Configuration: ERR_55 Trying to remove an non-existant > attribute: attributetype > - > > Key: DIRSTUDIO-1080 > URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1080 > Project: Directory Studio > Issue Type: Bug > Components: studio-apacheds-configuration >Affects Versions: 2.0.0-M10 (2.0.0.v20151221-M10) > Environment: ApacheDS-Studio-Version: 2.0.0.v20151221-M10 > ApacheDS Version: 2.0.0-M21 > Win7, JDK8 (ApacheDS), JRE7 (DS-Studio) >Reporter: Stefan Humbold >Assignee: Stefan Seelmann > Fix For: 2.0.0-M11 > > > Using the new installed Studio and the new installed ApacheDS Server i can't > save the Server-Configuration with DS-Studio. > I changed nothing in the configuration. > When i try to save the config i can see the following exceptions: > Exception shown in DS-Log: > INFO | jvm 1| 2016/01/04 12:59:47 | [12:59:47] ERROR > [org.apache.directory.server.core.schema.SchemaInterceptor] > - ERR_55 Trying to remove an non-existant attribute: attributetype ( > 1.3.6.1.4.1.18060.0.4.1.2.164 > NAME 'ads-indexCacheSize' > INFO | jvm 1| 2016/01/04 12:59:47 | DESC 'The number of key we > store in > the cache for this index' > INFO | jvm 1| 2016/01/04 12:59:47 | EQUALITY integerMatch > INFO | jvm 1| 2016/01/04 12:59:47 | ORDERING integerOrderingMatch > INFO | jvm 1| 2016/01/04 12:59:47 | SYNTAX > 1.3.6.1.4.1.1466.115.121.1.27 > INFO | jvm 1| 2016/01/04 12:59:47 | SINGLE-VALUE > INFO | jvm 1| 2016/01/04 12:59:47 | USAGE userApplications ) > Exception shown in DS-Studio Dialog-Error-Message: > java.lang.Exception: > at > org.apache.directory.studio.apacheds.configuration.editor.ServerConfigurationEditorUtils.saveConfiguration(ServerConfigurationEditorUtils.java:370) > at > org.apache.directory.studio.apacheds.configuration.jobs.SaveConfigurationRunnable.run(SaveConfigurationRunnable.java:109) > at > org.apache.directory.studio.common.core.jobs.StudioJob.run(StudioJob.java:85) > at org.eclipse.core.internal.jobs.Worker.run(Worker.java:54) -- This message was sent by Atlassian JIRA (v6.3.4#6332)