[jira] [Updated] (DIRSERVER-1467) Missing documentation about ACLs

[Jira]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lécharny updated DIRSERVER-1467:
-
Issue Type: Task  (was: Bug)

> Missing documentation about ACLs
> 
>
> Key: DIRSERVER-1467
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1467
> Project: Directory ApacheDS
>  Issue Type: Task
>  Components: doc
>Affects Versions: 1.5.4, 1.5.5
>Reporter: Dorota NM
>Priority: Minor
> Fix For: 2.0.0
>
>
> In Advanced User's Guide documentation, in part about authorization 
> (http://directory.apache.org/apacheds/1.5/25-authorization.html) there is 
> important link to documentation about Subentries 
> (http://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=DIRxSRVx11=Subentries=true=55227).
>  
> It seems that there is no way to get permission to read this.
> Please help.
> It would be wonderfull if you will provide examples on managing ACLs using 
> Apache Directory Studio not only by programming in JAVA.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRSERVER-1467) Missing documentation about ACLs

[Jira]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lécharny updated DIRSERVER-1467:
-
Summary: Missing documentation about ACLs  (was: No permission to read all 
documentation about ACL)

> Missing documentation about ACLs
> 
>
> Key: DIRSERVER-1467
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1467
> Project: Directory ApacheDS
>  Issue Type: Bug
>  Components: doc
>Affects Versions: 1.5.4, 1.5.5
>Reporter: Dorota NM
>Priority: Minor
> Fix For: 2.0.0
>
>
> In Advanced User's Guide documentation, in part about authorization 
> (http://directory.apache.org/apacheds/1.5/25-authorization.html) there is 
> important link to documentation about Subentries 
> (http://cwiki.apache.org/confluence/pages/createpage.action?spaceKey=DIRxSRVx11=Subentries=true=55227).
>  
> It seems that there is no way to get permission to read this.
> Please help.
> It would be wonderfull if you will provide examples on managing ACLs using 
> Apache Directory Studio not only by programming in JAVA.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Closed] (DIR-343) Documentation wrong

[Yasuf (Jira)]

 [ 
https://issues.apache.org/jira/browse/DIR-343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Yasuf closed DIR-343.
-
Resolution: Won't Fix

> Documentation wrong
> ---
>
> Key: DIR-343
> URL: https://issues.apache.org/jira/browse/DIR-343
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
> Environment: Windows 10 Home v21H1
>Reporter: Yasuf
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> Following:
> [https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html]
> Gives me an error instead of result promised in the guide:
> {quote}Clinking in the ‘Check Authentication’ button should be succesfull.
> {quote}
> I'm using 
> {quote}Apache Directory Studio
> Version: 2.0.0.v20210717-M17
> {quote}
> And I'm getting following error:
> {code:java}
> !ENTRY org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
> 04:33:12.194
> !MESSAGE Error while opening connection
>  -  javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
> !SUBENTRY 1 org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
> 04:33:12.194
> !MESSAGE org.apache.directory.studio.connection.core.io.StudioLdapException:  
> javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
>   at 
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
>   at 
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
>   at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException: 
> javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2223)
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:2031)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:474)
>   ... 6 more
> Caused by: javax.security.auth.login.LoginException: Client not found in 
> Kerberos database (6) - Client not found in Kerberos database
>   at 
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:784)
>   at 
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
>   at 
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
>   at 
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
>   at 
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
>   at java.base/java.security.AccessController.doPrivileged(Native Method)
>   at 
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
>   at 
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2208)
>   ... 8 more
> Caused by: KrbException: Client not found in Kerberos database (6) - Client 
> not found in Kerberos database
>   at 
> java.security.jgss/sun.security.krb5.KrbAsRep.(KrbAsRep.java:82)
>   at 
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:345)
>   at 
> java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqB

[jira] [Commented] (DIR-343) Documentation wrong

[Yasuf (Jira)]

[ 
https://issues.apache.org/jira/browse/DIR-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17577850#comment-17577850
 ] 

Yasuf commented on DIR-343:
---

As per request closing this jira.
Opened https://issues.apache.org/jira/browse/DIRSTUDIO-1302
Not sure what you mean by "configuration of your server, I followed the 
documentation 1 to 1

> Documentation wrong
> ---
>
> Key: DIR-343
> URL: https://issues.apache.org/jira/browse/DIR-343
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
> Environment: Windows 10 Home v21H1
>Reporter: Yasuf
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> Following:
> [https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html]
> Gives me an error instead of result promised in the guide:
> {quote}Clinking in the ‘Check Authentication’ button should be succesfull.
> {quote}
> I'm using 
> {quote}Apache Directory Studio
> Version: 2.0.0.v20210717-M17
> {quote}
> And I'm getting following error:
> {code:java}
> !ENTRY org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
> 04:33:12.194
> !MESSAGE Error while opening connection
>  -  javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
> !SUBENTRY 1 org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
> 04:33:12.194
> !MESSAGE org.apache.directory.studio.connection.core.io.StudioLdapException:  
> javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
>   at 
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
>   at 
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
>   at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException: 
> javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2223)
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:2031)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:474)
>   ... 6 more
> Caused by: javax.security.auth.login.LoginException: Client not found in 
> Kerberos database (6) - Client not found in Kerberos database
>   at 
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:784)
>   at 
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
>   at 
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
>   at 
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
>   at 
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
>   at java.base/java.security.AccessController.doPrivileged(Native Method)
>   at 
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
>   at 
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2208)
>   ... 8 more
> Caused by: KrbException: Client not found in Kerberos database (6) - Client 
> not found in Kerberos database
>   at 
> java.security.jgss/sun.security.kr

[jira] [Created] (DIRSTUDIO-1302) Documentation wrong

[Yasuf (Jira)]

Yasuf created DIRSTUDIO-1302:


 Summary: Documentation wrong
 Key: DIRSTUDIO-1302
 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1302
 Project: Directory Studio
  Issue Type: Bug
 Environment: Windows 10 Home v21H1
Reporter: Yasuf


Following:

[https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html]

Gives me an error instead of result promised in the guide:
{quote}Clinking in the ‘Check Authentication’ button should be succesfull.
{quote}
I'm using 
{quote}Apache Directory Studio

Version: 2.0.0.v20210717-M17
{quote}
And I'm getting following error:
{code:java}
!ENTRY org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 04:33:12.194
!MESSAGE Error while opening connection
 -  javax.security.auth.login.LoginException: Client not found in Kerberos 
database (6) - Client not found in Kerberos database
!SUBENTRY 1 org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
04:33:12.194
!MESSAGE org.apache.directory.studio.connection.core.io.StudioLdapException:  
javax.security.auth.login.LoginException: Client not found in Kerberos database 
(6) - Client not found in Kerberos database
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
at 
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at 
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.apache.directory.api.ldap.model.exception.LdapException: 
javax.security.auth.login.LoginException: Client not found in Kerberos database 
(6) - Client not found in Kerberos database
at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2223)
at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:2031)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:474)
... 6 more
Caused by: javax.security.auth.login.LoginException: Client not found in 
Kerberos database (6) - Client not found in Kerberos database
at 
jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:784)
at 
jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at 
java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at 
java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at 
java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at 
java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at 
java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2208)
... 8 more
Caused by: KrbException: Client not found in Kerberos database (6) - Client not 
found in Kerberos database
at 
java.security.jgss/sun.security.krb5.KrbAsRep.(KrbAsRep.java:82)
at 
java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:345)
at 
java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:498)
at 
jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:746)
... 16 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at 
java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at 
java.security.jgss/sun.security.krb5.internal.ASRep.init(ASRep.java:64)
at 
java.security.jgss/sun.security.krb5.internal.ASRep.(ASRep.java:59)
at 
java.security.jgss/sun.security.krb5.KrbAsRep.(KrbAsRep.java:60)
... 19 more

!STACK 0

[jira] [Commented] (DIR-343) Documentation wrong

[Jira]

[ 
https://issues.apache.org/jira/browse/DIR-343?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17577751#comment-17577751
 ] 

Emmanuel Lécharny commented on DIR-343:
---

Hi,

may you move the JIRA to the DIRSTUDIO project?

Also please attach the configuration of you server, because it seems that you 
are trying to authenticate using Kerberos.

> Documentation wrong
> ---
>
> Key: DIR-343
> URL: https://issues.apache.org/jira/browse/DIR-343
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
> Environment: Windows 10 Home v21H1
>Reporter: Yasuf
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> Following:
> [https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html]
> Gives me an error instead of result promised in the guide:
> {quote}Clinking in the ‘Check Authentication’ button should be succesfull.
> {quote}
> I'm using 
> {quote}Apache Directory Studio
> Version: 2.0.0.v20210717-M17
> {quote}
> And I'm getting following error:
> {code:java}
> !ENTRY org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
> 04:33:12.194
> !MESSAGE Error while opening connection
>  -  javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
> !SUBENTRY 1 org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
> 04:33:12.194
> !MESSAGE org.apache.directory.studio.connection.core.io.StudioLdapException:  
> javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
>   at 
> org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
>   at 
> org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
>   at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
> Caused by: org.apache.directory.api.ldap.model.exception.LdapException: 
> javax.security.auth.login.LoginException: Client not found in Kerberos 
> database (6) - Client not found in Kerberos database
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2223)
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:2031)
>   at 
> org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:474)
>   ... 6 more
> Caused by: javax.security.auth.login.LoginException: Client not found in 
> Kerberos database (6) - Client not found in Kerberos database
>   at 
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:784)
>   at 
> jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
>   at 
> java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
>   at 
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
>   at 
> java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
>   at java.base/java.security.AccessController.doPrivileged(Native Method)
>   at 
> java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
>   at 
> java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
>   at 
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2208)
>   ... 8 more
> Caused by: KrbException: Client not found in Kerberos database (6) - Client 
> not found in Kerberos database
>   at 
> java.security.jgss/sun.security.krb5.Kr

[jira] [Created] (DIR-343) Documentation wrong

[Yasuf (Jira)]

Yasuf created DIR-343:
-

 Summary: Documentation wrong
 Key: DIR-343
 URL: https://issues.apache.org/jira/browse/DIR-343
 Project: Directory
  Issue Type: Bug
  Components: sitedocs
 Environment: Windows 10 Home v21H1
Reporter: Yasuf
Assignee: Emmanuel Lécharny


Following:

[https://directory.apache.org/apacheds/kerberos-ug/4.2-authenticate-studio.html]

Gives me an error instead of result promised in the guide:
{quote}Clinking in the ‘Check Authentication’ button should be succesfull.
{quote}
I'm using 
{quote}Apache Directory Studio

Version: 2.0.0.v20210717-M17
{quote}
And I'm getting following error:
{code:java}
!ENTRY org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 04:33:12.194
!MESSAGE Error while opening connection
 -  javax.security.auth.login.LoginException: Client not found in Kerberos 
database (6) - Client not found in Kerberos database
!SUBENTRY 1 org.apache.directory.studio.common.core.jobs 4 4 2022-08-10 
04:33:12.194
!MESSAGE org.apache.directory.studio.connection.core.io.StudioLdapException:  
javax.security.auth.login.LoginException: Client not found in Kerberos database 
(6) - Client not found in Kerberos database
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.toStudioLdapException(DirectoryApiConnectionWrapper.java:1350)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$2(DirectoryApiConnectionWrapper.java:1342)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:483)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1261)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:488)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:323)
at 
org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
at 
org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:63)
Caused by: org.apache.directory.api.ldap.model.exception.LdapException: 
javax.security.auth.login.LoginException: Client not found in Kerberos database 
(6) - Client not found in Kerberos database
at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2223)
at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:2031)
at 
org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:474)
... 6 more
Caused by: javax.security.auth.login.LoginException: Client not found in 
Kerberos database (6) - Client not found in Kerberos database
at 
jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:784)
at 
jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at 
java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at 
java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at 
java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at 
java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at 
java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:2208)
... 8 more
Caused by: KrbException: Client not found in Kerberos database (6) - Client not 
found in Kerberos database
at 
java.security.jgss/sun.security.krb5.KrbAsRep.(KrbAsRep.java:82)
at 
java.security.jgss/sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:345)
at 
java.security.jgss/sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:498)
at 
jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:746)
... 16 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at 
java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at 
java.security.jgss/sun.security.krb5.internal.ASRep.init(ASRep.java:64)
at 
java.security.jgss/sun.security.krb5.internal.ASRep.(ASRep.java:59)
at 
java.security.jgss/sun.security.krb5.KrbAsRep.(KrbAsRep.java:60

[jira] [Commented] (DIR-339) Typo in ApacheDS Documentation

[Aleem Zaki (Jira)]

[ 
https://issues.apache.org/jira/browse/DIR-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17321907#comment-17321907
 ] 

Aleem Zaki commented on DIR-339:


Thanks!

> Typo in ApacheDS Documentation
> --
>
> Key: DIR-339
> URL: https://issues.apache.org/jira/browse/DIR-339
> Project: Directory
>  Issue Type: Improvement
>Reporter: Aleem Zaki
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> [https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]
>  
>  entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Resolved] (DIR-339) Typo in ApacheDS Documentation

[Stefan Seelmann (Jira)]

 [ 
https://issues.apache.org/jira/browse/DIR-339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIR-339.
-
Resolution: Fixed

> Typo in ApacheDS Documentation
> --
>
> Key: DIR-339
> URL: https://issues.apache.org/jira/browse/DIR-339
> Project: Directory
>  Issue Type: Improvement
>Reporter: Aleem Zaki
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> [https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]
>  
>  entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIR-339) Typo in ApacheDS Documentation

[Stefan Seelmann (Jira)]

[ 
https://issues.apache.org/jira/browse/DIR-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17321301#comment-17321301
 ] 

Stefan Seelmann commented on DIR-339:
-

Now I see it :)

Fixed: 
https://github.com/apache/directory-site/commit/0484e4629dab1531f9071e3f2ccb0bfd80d05702

Thank you!


> Typo in ApacheDS Documentation
> --
>
> Key: DIR-339
> URL: https://issues.apache.org/jira/browse/DIR-339
> Project: Directory
>  Issue Type: Improvement
>Reporter: Aleem Zaki
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> [https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]
>  
>  entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIR-339) Typo in ApacheDS Documentation

[Aleem Zaki (Jira)]

[ 
https://issues.apache.org/jira/browse/DIR-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17321250#comment-17321250
 ] 

Aleem Zaki commented on DIR-339:


# Go to the html link in the description
 # Search for "provide more of them"
 # in that sentence, you'll see "to to" but it should be "to the"

> Typo in ApacheDS Documentation
> --
>
> Key: DIR-339
> URL: https://issues.apache.org/jira/browse/DIR-339
> Project: Directory
>  Issue Type: Improvement
>Reporter: Aleem Zaki
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> [https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]
>  
>  entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIR-339) Typo in ApacheDS Documentation

[Stefan Seelmann (Jira)]

[ 
https://issues.apache.org/jira/browse/DIR-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17320683#comment-17320683
 ] 

Stefan Seelmann commented on DIR-339:
-

What is the typo exactly, I don't see any?

If you can please provide a pull request:
* Repo with readme: https://github.com/apache/directory-site/
* The particular page you pointing to: 
https://github.com/apache/directory-site/blob/master/source/apacheds/basic-ug/1.4.3-adding-partition.md


> Typo in ApacheDS Documentation
> --
>
> Key: DIR-339
> URL: https://issues.apache.org/jira/browse/DIR-339
> Project: Directory
>  Issue Type: Improvement
>Reporter: Aleem Zaki
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> [https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]
>  
>  entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIR-339) Typo in ApacheDS Documentation

[Aleem Zaki (Jira)]

[ 
https://issues.apache.org/jira/browse/DIR-339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17320571#comment-17320571
 ] 

Aleem Zaki commented on DIR-339:


Any updates?

> Typo in ApacheDS Documentation
> --
>
> Key: DIR-339
> URL: https://issues.apache.org/jira/browse/DIR-339
> Project: Directory
>  Issue Type: Improvement
>Reporter: Aleem Zaki
>Assignee: Emmanuel Lécharny
>Priority: Major
>
> [https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]
>  
>  entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Resolved] (DIRAPI-363) Documentation States JDK 1.7 or Higher

[Stefan Seelmann (Jira)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-363?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIRAPI-363.

Resolution: Fixed

> Documentation States JDK 1.7 or Higher
> --
>
> Key: DIRAPI-363
> URL: https://issues.apache.org/jira/browse/DIRAPI-363
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 2.0.1
> Environment: Windows, Eclipse, Java 1.7
>Reporter: Paul Ackley
>Priority: Major
>  Labels: Java, Java7
>
> The docs state:
> The *Apache Directory LDAP API* requires *Java 7* or higher.
> However when I attempt to compile my project, using 2.0.1 of api-all (using 
> Maven) I get this error:
> Exception in thread "main" java.lang.UnsupportedClassVersionError: 
> org/apache/directory/ldap/client/api/LdapConnection : Unsupported major.minor 
> version 52.0
> I checked the manifest in the api-all-2.0.1.jar file and it shows that it was 
> compiled with JDK 1.8.0_191.
> Is this supposed to be compatible with JDK 1.7?
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-363) Documentation States JDK 1.7 or Higher

[Stefan Seelmann (Jira)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-363?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17314332#comment-17314332
 ] 

Stefan Seelmann commented on DIRAPI-363:


Java 8 is required.

I updated the doc: 
https://github.com/apache/directory-site/commit/91a455d069274d09b3e8e9fb8b7152d522bbf107

> Documentation States JDK 1.7 or Higher
> --
>
> Key: DIRAPI-363
> URL: https://issues.apache.org/jira/browse/DIRAPI-363
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 2.0.1
> Environment: Windows, Eclipse, Java 1.7
>Reporter: Paul Ackley
>Priority: Major
>  Labels: Java, Java7
>
> The docs state:
> The *Apache Directory LDAP API* requires *Java 7* or higher.
> However when I attempt to compile my project, using 2.0.1 of api-all (using 
> Maven) I get this error:
> Exception in thread "main" java.lang.UnsupportedClassVersionError: 
> org/apache/directory/ldap/client/api/LdapConnection : Unsupported major.minor 
> version 52.0
> I checked the manifest in the api-all-2.0.1.jar file and it shows that it was 
> compiled with JDK 1.8.0_191.
> Is this supposed to be compatible with JDK 1.7?
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Created] (DIR-339) Typo in ApacheDS Documentation

[Aleem Zaki (Jira)]

Aleem Zaki created DIR-339:
--

 Summary: Typo in ApacheDS Documentation
 Key: DIR-339
 URL: https://issues.apache.org/jira/browse/DIR-339
 Project: Directory
  Issue Type: Improvement
Reporter: Aleem Zaki
Assignee: Emmanuel Lécharny


[https://directory.apache.org/apacheds/basic-ug/1.4.3-adding-partition.html]

 

 entries, if you provide more of them) will be added to to partition.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[GitHub] [directory-site] seelmann merged pull request #2: Added redirect for Studio documentation

[GitBox]

seelmann merged pull request #2:
URL: https://github.com/apache/directory-site/pull/2


   



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[GitHub] [directory-site] rlenferink opened a new pull request #2: Added redirect for Studio documentation

[GitBox]

rlenferink opened a new pull request #2:
URL: https://github.com/apache/directory-site/pull/2


   Follow up on #1 for redirecting the user guide of Studio
   
   /cc @seelmann 



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Created] (DIRAPI-363) Documentation States JDK 1.7 or Higher

[Paul Ackley (Jira)]

Paul Ackley created DIRAPI-363:
--

 Summary: Documentation States JDK 1.7 or Higher
 Key: DIRAPI-363
 URL: https://issues.apache.org/jira/browse/DIRAPI-363
 Project: Directory Client API
  Issue Type: Bug
Affects Versions: 2.0.1
 Environment: Windows, Eclipse, Java 1.7
Reporter: Paul Ackley


The docs state:

The *Apache Directory LDAP API* requires *Java 7* or higher.

However when I attempt to compile my project, using 2.0.1 of api-all (using 
Maven) I get this error:

Exception in thread "main" java.lang.UnsupportedClassVersionError: 
org/apache/directory/ldap/client/api/LdapConnection : Unsupported major.minor 
version 52.0

I checked the manifest in the api-all-2.0.1.jar file and it shows that it was 
compiled with JDK 1.8.0_191.

Is this supposed to be compatible with JDK 1.7?

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Resolved] (DIRSTUDIO-1210) mixed up documentation bug, in replication section of studio docs

[Stefan Seelmann (Jira)]

 [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIRSTUDIO-1210.

  Assignee: Stefan Seelmann
Resolution: Fixed

Fixed in next version: 
https://github.com/apache/directory-studio/commit/def1db716b43f4590b27dcfc96fd5903cbbf9c8a

> mixed up documentation bug, in replication section of studio docs
> -
>
> Key: DIRSTUDIO-1210
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1210
> Project: Directory Studio
>  Issue Type: Bug
>Affects Versions: 2.0.0-M14
>Reporter: Philip Brown
>Assignee: Stefan Seelmann
>Priority: Major
> Fix For: 2.0.0-M15
>
>
> A link on
> [https://directory.apache.org/studio/users-guide/2.0.0.v20180908-M14/apacheds/gettingstarted_configuration_editor.html]
>  
> for "the Replication page"
> leads to
> [https://directory.apache.org/studio/users-guide/2.0.0.v20180908-M14/apacheds/gettingstarted_configuration_editor_repl.html]
>  
> which does NOT walk the user through replication setup but instead describes
> "The *Extended Operations Page"*
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Resolved] (DIRSTUDIO-1165) Table Entry Editor - missing options following documentation

[Stefan Seelmann (Jira)]

 [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIRSTUDIO-1165.

  Assignee: Stefan Seelmann
Resolution: Fixed

Fixed in commit bddc7e2e25f90048059d099030423c00db579c6f

> Table Entry Editor - missing options following documentation
> 
>
> Key: DIRSTUDIO-1165
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1165
> Project: Directory Studio
>  Issue Type: Question
>  Components: studio-ldapbrowser
>Affects Versions: 2.0.0-M13
> Environment: Windows, Java 8 Update 151
>Reporter: Jens
>Assignee: Stefan Seelmann
>Priority: Minor
> Fix For: 2.0.0-M15
>
>
> Hi,
> following the documentation 
> [https://directory.apache.org/studio/users-guide/ldap_browser/preferences_table_entry_editor.html]
>  I wanted to change the visible attributes settings. But I'm missing them 
> completely. They are not shown at all.
> Now the question is whether documentation is wrong and it's now longer 
> possible to select "Show objectClass attribute", "Show must attributes", 
> "Show may attributes", "Show operational attributes"?
> I know show operational attributes has been moved. But for editing some data 
> it's very helpful to also have "show may attributes".
>  
> Thanks.
> Jens
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRSTUDIO-1210) mixed up documentation bug, in replication section of studio docs

[Stefan Seelmann (Jira)]

 [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1210?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann updated DIRSTUDIO-1210:
---
Fix Version/s: 2.0.0-M15

> mixed up documentation bug, in replication section of studio docs
> -
>
> Key: DIRSTUDIO-1210
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1210
> Project: Directory Studio
>  Issue Type: Bug
>Affects Versions: 2.0.0-M14
>Reporter: Philip Brown
>Priority: Major
> Fix For: 2.0.0-M15
>
>
> A link on
> [https://directory.apache.org/studio/users-guide/2.0.0.v20180908-M14/apacheds/gettingstarted_configuration_editor.html]
>  
> for "the Replication page"
> leads to
> [https://directory.apache.org/studio/users-guide/2.0.0.v20180908-M14/apacheds/gettingstarted_configuration_editor_repl.html]
>  
> which does NOT walk the user through replication setup but instead describes
> "The *Extended Operations Page"*
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Emmanuel Lecharny (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883596#comment-16883596
 ] 

Emmanuel Lecharny commented on DIRAPI-350:
--

Charles, many thanks for the doco, much appreciated !

I have committed it, you can check the result at 
http://directory.staging.apache.org/api/user-guide/2.2-binding-unbinding.html#gssapi

As soon as you feel it's correct, I will push it to the world (this is in a 
staging state atm).

I just slightly reformatted parts of the text, the web site uses markdown (btw, 
it's fully available at http://svn.apache.org/repos/asf/directory/site/trunk/, 
and the modified page is in 
http://svn.apache.org/repos/asf/directory/site/trunk/content/api/user-guide/2.2-binding-unbinding.mdtext)

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883190#comment-16883190
 ] 

Charles Hedrick commented on DIRAPI-350:


I say in the documentation that credentials must be in a file. KEYRING and KCM 
don't work. It appears that if you use the native libraries they may work. 
However if you do that, either extra code is required, or 
javax.security.auth.useSubjectCredsOnly must be false. Kirby explicitly sets it 
true. I don't know whether it's right to set it true or not, since the 
consequences may depend upon the Java implementation.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: gssapi.rtf

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: (was: gssapi.rtf)

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: gssapi.rtf

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: (was: gssapi.rtf)

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Comment Edited] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883088#comment-16883088
 ] 

Charles Hedrick edited comment on DIRAPI-350 at 7/11/19 3:54 PM:
-

Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.


was (Author: clhedrick):
Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

There are some limitations to the Sun implementation of Kerberos that you may 
or may not want to document: 

There are potential thread-safety issues with krb5ConfFIlePath. This is set in 
a system property. If you use setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, this will affect the entire application. Even if you don't, the system 
variable is cleared. This could also affect the entire application. Basically, 
if your program is threaded, you need to use a consistent setting for the 
krb5ConfFIlePath, not just in Kirby but in any code the depends upon Kerberos. 
Even without multiple threads you could have an issue if other code sets a 
value and expects it to remain unchanged.

The same issue could occur with the system property  
javax.security.auth.useSubjectCredsOnly. This code sets it false. If code other 
than Kirby is using Kerberos, and relies on a different setting, there could be 
interference.

As noted in my sample code, this implementation can only read credential caches 
that are in files. Many operating systems today use KEYRING or KCM. If your 
application needs to use existsing user credential caches without prompting for 
a password, you may need to set  default_cc_name in /etc/krb5.conf to a file in 
/tmp.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING 

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: (was: gssapi.rtf)

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: gssapi.rtf

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Comment Edited] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883088#comment-16883088
 ] 

Charles Hedrick edited comment on DIRAPI-350 at 7/11/19 3:42 PM:
-

Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

There are some limitations to the Sun implementation of Kerberos that you may 
or may not want to document: 

There are potential thread-safety issues with krb5ConfFIlePath. This is set in 
a system property. If you use setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, this will affect the entire application. Even if you don't, the system 
variable is cleared. This could also affect the entire application. Basically, 
if your program is threaded, you need to use a consistent setting for the 
krb5ConfFIlePath, not just in Kirby but in any code the depends upon Kerberos. 
Even without multiple threads you could have an issue if other code sets a 
value and expects it to remain unchanged.

The same issue could occur with the system property  
javax.security.auth.useSubjectCredsOnly. This code sets it false. If code other 
than Kirby is using Kerberos, and relies on a different setting, there could be 
interference.

As noted in my sample code, this implementation can only read credential caches 
that are in files. Many operating systems today use KEYRING or KCM. If your 
application needs to use existsing user credential caches without prompting for 
a password, you may need to set  default_cc_name in /etc/krb5.conf to a file in 
/tmp.

 


was (Author: clhedrick):
Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

There are some limitations to the Sun implementation of Kerberos that you may 
or may not want to document: 

There are potential thread-safety issues with krb5ConfFIlePath. This is set in 
a system property. If you use setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, this will affect the entire application. Even if you don't, the system 
variable is cleared. This could also affect the entire application. Basically, 
if your program is threaded, you need to use a consistent setting for the 
krb5ConfFIlePath, not just in Kirby but in any code the depends upon Kerberos.

The same issue could occur with the system property  
javax.security.auth.useSubjectCredsOnly. This code sets it false. If code other 
than Kirby is using Kerberos, and relies on a different setting, there could be 
interference.

As noted in my sample code, this implementation can only read credential caches 
that are in files. Many operating systems today use KEYRING or KCM. If your 
application needs to use existsing user credential caches without prompting for 
a password, you may need to set  default_cc_name in /etc/krb5.conf to a file in 
/tmp.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostn

[jira] [Comment Edited] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883088#comment-16883088
 ] 

Charles Hedrick edited comment on DIRAPI-350 at 7/11/19 3:32 PM:
-

Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

There are some limitations to the Sun implementation of Kerberos that you may 
or may not want to document: 

There are potential thread-safety issues with krb5ConfFIlePath. This is set in 
a system property. If you use setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, this will affect the entire application. Even if you don't, the system 
variable is cleared. This could also affect the entire application. Basically, 
if your program is threaded, you need to use a consistent setting for the 
krb5ConfFIlePath, not just in Kirby but in any code the depends upon Kerberos.

The same issue could occur with the system property  
javax.security.auth.useSubjectCredsOnly. This code sets it false. If code other 
than Kirby is using Kerberos, and relies on a different setting, there could be 
interference.

As noted in my sample code, this implementation can only read credential caches 
that are in files. Many operating systems today use KEYRING or KCM. If your 
application needs to use existsing user credential caches without prompting for 
a password, you may need to set  default_cc_name in /etc/krb5.conf to a file in 
/tmp.

 


was (Author: clhedrick):
Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

There are some limitations to the Sun implementation of Kerberos that you may 
or may not want to document: 

There are potential thread-safety issues with krb5ConfFIlePath. This is set in 
a system property. If you use setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, this will affect the entire application. Even if you don't, the system 
variable is cleared. This could also affect the entire application. Basically, 
if your program is threaded, you need to use a consistent setting for the 
krb5ConfFIlePath.

The same issue could occur with the system property  
javax.security.auth.useSubjectCredsOnly. This code sets it false. If code other 
than Kirby is using Kerberos, and relies on a different setting, there could be 
interference.

As noted in my sample code, this implementation can only read credential caches 
that are in files. Many operating systems today use KEYRING or KCM. If your 
application needs to use existsing user credential caches without prompting for 
a password, you may need to set  default_cc_name in /etc/krb5.conf to a file in 
/tmp.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab&quo

[jira] [Comment Edited] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883088#comment-16883088
 ] 

Charles Hedrick edited comment on DIRAPI-350 at 7/11/19 3:31 PM:
-

Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

There are some limitations to the Sun implementation of Kerberos that you may 
or may not want to document: 

There are potential thread-safety issues with krb5ConfFIlePath. This is set in 
a system property. If you use setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, this will affect the entire application. Even if you don't, the system 
variable is cleared. This could also affect the entire application. Basically, 
if your program is threaded, you need to use a consistent setting for the 
krb5ConfFIlePath.

The same issue could occur with the system property  
javax.security.auth.useSubjectCredsOnly. This code sets it false. If code other 
than Kirby is using Kerberos, and relies on a different setting, there could be 
interference.

As noted in my sample code, this implementation can only read credential caches 
that are in files. Many operating systems today use KEYRING or KCM. If your 
application needs to use existsing user credential caches without prompting for 
a password, you may need to set  default_cc_name in /etc/krb5.conf to a file in 
/tmp.

 


was (Author: clhedrick):
Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

Note that if someone uses setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, the application is not thread-safe, since it does System.setProperty. 

 

It always does  System.setProperty( "javax.security.auth.useSubjectCredsOnly", 
"true" ); While this won't create thread safety issues if kirby is the only 
Kerberos code being used, it could cause issues if other code sets to to false 
and relies on that behavior.

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in 

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883088#comment-16883088
 ] 

Charles Hedrick commented on DIRAPI-350:


Note that there's a reference in documentation to bindSaslGssApi(). It does not 
appear to exist. I'm not sure quite what it would do. There are enough options 
for GSSAPI that creating a SaslGssApiRequest and using bind might make sense.

 

Note that if someone uses setKrb5ConfFilePath, or realmName, kdcHost, and 
kdcPort, the application is not thread-safe, since it does System.setProperty. 

 

It always does  System.setProperty( "javax.security.auth.useSubjectCredsOnly", 
"true" ); While this won't create thread safety issues if kirby is the only 
Kerberos code being used, it could cause issues if other code sets to to false 
and relies on that behavior.

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: gssapi.rtf

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: (was: gssapi.rtf)

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: gssapi.rtf

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: (was: gssapi.rtf)

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16883014#comment-16883014
 ] 

Charles Hedrick commented on DIRAPI-350:


It's a bit long to paste. I've attached it as a file.

I've been more careful not to include unnecessary stuff, and I've given you 
both ways to do configuration. It's pretty hard for a novice to figure out all 
this stuff from official Java documentation, even though it's there in 
principle.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Charles Hedrick updated DIRAPI-350:
---
Attachment: gssapi.rtf

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
> Attachments: gssapi.rtf
>
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Emmanuel Lecharny (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16882477#comment-16882477
 ] 

Emmanuel Lecharny commented on DIRAPI-350:
--

Side note : I use a formater for the included code.

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Emmanuel Lecharny (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16882476#comment-16882476
 ] 

Emmanuel Lecharny commented on DIRAPI-350:
--

(updating the code) Please do so !

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
> {code:java}
>     import javax.security.auth.login.Configuration;
>     class KerberosConfiguration extends Configuration {
>         private String cc;
>         public KerberosConfiguration(String cc) {
>             this.cc = cc;
>         }
>         @Override
>         public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
>             Map options = new HashMap();
>             options.put("useKeyTab", "true");
>             try {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } catch (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            return new AppConfigurationEntry[]{
>                 new 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  public KerberosConfiguration makeKerberosConfiguration(String cc) {
>        return new KerberosConfiguration(cc);
>  }
> {code}
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
> {code:java}
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         try {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } catch ( LdapException e ) {
>                 e.printStackTrace();
>         }
> {code}
> At this point you can do search or other operations.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRAPI-350) gssapi documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-350:
-
Description: 
In the section on authentication, there is no usable documentation for GSSAPI. 
Since GSSAPI is mostly used for Kerberos, you need sample code. Here is some 
that works.

First, non-trivial Kerberos authentication requires configuration. Creating a 
Kerberos configuration is not well documented elsewhere, so we include here 
sample code. It is possible to put configuration information in a JAAS login 
configuration file as well, but doing it programmatically provides more 
flexibiity for appications that need to use more than one principal.

{code:java}
    import javax.security.auth.login.Configuration;

    class KerberosConfiguration extends Configuration {

        private String cc;

        public KerberosConfiguration(String cc) {

            this.cc = cc;

        }

        @Override

        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {

            Map options = new HashMap();

            options.put("useKeyTab", "true");

            try {

                options.put("principal", "host/" + 
InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");

            } catch (Exception e){

                System.out.println("Can't find our hostname " + e);

            }

            options.put("refreshKrb5Config", "true");

            options.put("keyTab", "/etc/krb5.keytab");

            options.put("debug", "true");

           return new AppConfigurationEntry[]{

                new 
AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",

                                          
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,

                                          options),};

        }

 }

 public KerberosConfiguration makeKerberosConfiguration(String cc) {

       return new KerberosConfiguration(cc);

 }

{code}

 

makeKerberosConfiguration(null) will return the configuration object needed for 
GSSAPI. The options in this example authenticate the host, based on 
/etc/krb5.keytab. Other options are documented in the Java documentation for 
the class Krb5LoginModule. Note that if you are going to use user credentials, 
they should be stored in a file, not KEYRING or KCM.

 

The following code uses a configuration generated with the code above to do a 
GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already been 
opened using connect

{code:java}
        Configuration sconfig = makeKerberosConfiguration(null);

        SaslGssApiRequest saslGssApiRequestt = new SaslGssApiRequest();

        saslGssApiRequest.setLoginModuleConfiguration( sconfig);

        saslGssApiRequest.setLoginContextName( 
"org.apache.directory.ldap.client.api.SaslGssApiRequest" );

        saslGssApiRequest.setMutualAuthentication( false );

 

        BindResponse br;

 

        try {

                br = ldapNetworkConnection.bind( saslGssApiRequest );

                ldapNetworkConnection.startTls();

         } catch ( LdapException e ) {

                e.printStackTrace();

        }
{code}

At this point you can do search or other operations.


  was:
In the section on authentication, there is no usable documentation for GSSAPI. 
Since GSSAPI is mostly used for Kerberos, you need sample code. Here is some 
that works.

First, non-trivial Kerberos authentication requires configuration. Creating a 
Kerberos configuration is not well documented elsewhere, so we include here 
sample code. It is possible to put configuration information in a JAAS login 
configuration file as well, but doing it programmatically provides more 
flexibiity for appications that need to use more than one principal.

    *import* javax.security.auth.login.Configuration;

    *class* KerberosConfiguration *extends* Configuration {

        *private* String cc;

        *public* KerberosConfiguration(String cc) {

            *this*.cc = cc;

        }

        @Override

        *public* AppConfigurationEntry[] *getAppConfigurationEntry*(String 
name) {

            Map options = *new* HashMap();

            options.put("useKeyTab", "true");

            *try* {

                options.put("principal", "host/" + 
InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");

            } *catch* (Exception e){

                System.out.println("Can't find our hostname " + e);

            }

            options.put("refreshKrb5Config", "true");

            options.put("keyTab", "/etc/krb5.keytab");

            options.put("debug", &q

[jira] [Comment Edited] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16882471#comment-16882471
 ] 

Charles Hedrick edited comment on DIRAPI-350 at 7/10/19 9:59 PM:
-

my apologies. The sample has unncessary code. The cc argument and the 
constructor aren't really needed. I can update the code if you want.

 

I did try a credential cache, and verified that a file works but not a KEYRING 
entry. This is unfortunate, because a number of implementations are now putting 
credentials in KEYRING or even KCM by default. In the long run it would be nice 
to use your own Kerberos code for this, and fix it to understand all of the 
different cache types.

 


was (Author: clhedrick):
my apologies. The sample has unncessary code. The cc argument and the 
constructor aren't really needed. I can update the code if you want.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
>     *import* javax.security.auth.login.Configuration;
>     *class* KerberosConfiguration *extends* Configuration {
>         *private* String cc;
>         *public* KerberosConfiguration(String cc) {
>             *this*.cc = cc;
>         }
>         @Override
>         *public* AppConfigurationEntry[] *getAppConfigurationEntry*(String 
> name) {
>             Map options = *new* HashMap();
>             options.put("useKeyTab", "true");
>             *try* {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } *catch* (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            *return* *new* AppConfigurationEntry[]{
>                 *new* 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  *public* KerberosConfiguration *makeKerberosConfiguration*(String cc) {
>        *return* *new* KerberosConfiguration(cc);
>  }
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = *new* SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         *try* {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } *catch* ( LdapException e ) {
>                 e.printStackTrace();
>         }
> At this point you can do search or other operations.
> h2.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Commented] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16882471#comment-16882471
 ] 

Charles Hedrick commented on DIRAPI-350:


my apologies. The sample has unncessary code. The cc argument and the 
constructor aren't really needed. I can update the code if you want.

 

> gssapi documentation
> 
>
> Key: DIRAPI-350
> URL: https://issues.apache.org/jira/browse/DIRAPI-350
> Project: Directory Client API
>  Issue Type: Documentation
>Affects Versions: 2.0.0.AM4
>Reporter: Charles Hedrick
>Priority: Major
>
> In the section on authentication, there is no usable documentation for 
> GSSAPI. Since GSSAPI is mostly used for Kerberos, you need sample code. Here 
> is some that works.
> First, non-trivial Kerberos authentication requires configuration. Creating a 
> Kerberos configuration is not well documented elsewhere, so we include here 
> sample code. It is possible to put configuration information in a JAAS login 
> configuration file as well, but doing it programmatically provides more 
> flexibiity for appications that need to use more than one principal.
>     *import* javax.security.auth.login.Configuration;
>     *class* KerberosConfiguration *extends* Configuration {
>         *private* String cc;
>         *public* KerberosConfiguration(String cc) {
>             *this*.cc = cc;
>         }
>         @Override
>         *public* AppConfigurationEntry[] *getAppConfigurationEntry*(String 
> name) {
>             Map options = *new* HashMap();
>             options.put("useKeyTab", "true");
>             *try* {
>                 options.put("principal", "host/" + 
> InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");
>             } *catch* (Exception e){
>                 System.out.println("Can't find our hostname " + e);
>             }
>             options.put("refreshKrb5Config", "true");
>             options.put("keyTab", "/etc/krb5.keytab");
>             options.put("debug", "true");
>            *return* *new* AppConfigurationEntry[]{
>                 *new* 
> AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
>                                           
> AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
>                                           options),};
>         }
>  }
>  *public* KerberosConfiguration *makeKerberosConfiguration*(String cc) {
>        *return* *new* KerberosConfiguration(cc);
>  }
>  
> makeKerberosConfiguration(null) will return the configuration object needed 
> for GSSAPI. The options in this example authenticate the host, based on 
> /etc/krb5.keytab. Other options are documented in the Java documentation for 
> the class Krb5LoginModule. Note that if you are going to use user 
> credentials, they should be stored in a file, not KEYRING or KCM.
>  
> The following code uses a configuration generated with the code above to do a 
> GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already 
> been opened using connect
>         Configuration sconfig = makeKerberosConfiguration(null);
>         SaslGssApiRequest saslGssApiRequestt = *new* SaslGssApiRequest();
>         saslGssApiRequest.setLoginModuleConfiguration( sconfig);
>         saslGssApiRequest.setLoginContextName( 
> "org.apache.directory.ldap.client.api.SaslGssApiRequest" );
>         saslGssApiRequest.setMutualAuthentication( false );
>  
>         BindResponse br;
>  
>         *try* {
>                 br = ldapNetworkConnection.bind( saslGssApiRequest );
>                 ldapNetworkConnection.startTls();
>          } *catch* ( LdapException e ) {
>                 e.printStackTrace();
>         }
> At this point you can do search or other operations.
> h2.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Created] (DIRAPI-350) gssapi documentation

[Charles Hedrick (JIRA)]

Charles Hedrick created DIRAPI-350:
--

 Summary: gssapi documentation
 Key: DIRAPI-350
 URL: https://issues.apache.org/jira/browse/DIRAPI-350
 Project: Directory Client API
  Issue Type: Documentation
Affects Versions: 2.0.0.AM4
Reporter: Charles Hedrick


In the section on authentication, there is no usable documentation for GSSAPI. 
Since GSSAPI is mostly used for Kerberos, you need sample code. Here is some 
that works.

First, non-trivial Kerberos authentication requires configuration. Creating a 
Kerberos configuration is not well documented elsewhere, so we include here 
sample code. It is possible to put configuration information in a JAAS login 
configuration file as well, but doing it programmatically provides more 
flexibiity for appications that need to use more than one principal.

    *import* javax.security.auth.login.Configuration;

    *class* KerberosConfiguration *extends* Configuration {

        *private* String cc;

        *public* KerberosConfiguration(String cc) {

            *this*.cc = cc;

        }

        @Override

        *public* AppConfigurationEntry[] *getAppConfigurationEntry*(String 
name) {

            Map options = *new* HashMap();

            options.put("useKeyTab", "true");

            *try* {

                options.put("principal", "host/" + 
InetAddress.getLocalHost().getCanonicalHostName() + "@MYKERBOSDOMAIN");

            } *catch* (Exception e){

                System.out.println("Can't find our hostname " + e);

            }

            options.put("refreshKrb5Config", "true");

            options.put("keyTab", "/etc/krb5.keytab");

            options.put("debug", "true");

           *return* *new* AppConfigurationEntry[]{

                *new* 
AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",

                                          
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,

                                          options),};

        }

 }

 *public* KerberosConfiguration *makeKerberosConfiguration*(String cc) {

       *return* *new* KerberosConfiguration(cc);

 }

 

makeKerberosConfiguration(null) will return the configuration object needed for 
GSSAPI. The options in this example authenticate the host, based on 
/etc/krb5.keytab. Other options are documented in the Java documentation for 
the class Krb5LoginModule. Note that if you are going to use user credentials, 
they should be stored in a file, not KEYRING or KCM.

 

The following code uses a configuration generated with the code above to do a 
GSSAPI SASL bind. The assumption is that ldapNetworkConnection has already been 
opened using connect

        Configuration sconfig = makeKerberosConfiguration(null);

        SaslGssApiRequest saslGssApiRequestt = *new* SaslGssApiRequest();

        saslGssApiRequest.setLoginModuleConfiguration( sconfig);

        saslGssApiRequest.setLoginContextName( 
"org.apache.directory.ldap.client.api.SaslGssApiRequest" );

        saslGssApiRequest.setMutualAuthentication( false );

 

        BindResponse br;

 

        *try* {

                br = ldapNetworkConnection.bind( saslGssApiRequest );

                ldapNetworkConnection.startTls();

         } *catch* ( LdapException e ) {

                e.printStackTrace();

        }

At this point you can do search or other operations.
h2.  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRSERVER-550) Clear numerous documentation TODOs

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-550?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-550:

Component/s: doc

> Clear numerous documentation TODOs
> --
>
> Key: DIRSERVER-550
> URL: https://issues.apache.org/jira/browse/DIRSERVER-550
> Project: Directory ApacheDS
>  Issue Type: Task
>  Components: doc
>Affects Versions: 1.5.4
>Reporter: Trustin Lee
>Priority: Major
> Fix For: 2.0.0-RC1
>
>
> There are too many documentation TODO items in the source code.  They 
> prevents me from fixing other TODO items.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRSERVER-1282) Unit testing documentation is out of date

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-1282?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-1282:
-
Component/s: test
 doc

> Unit testing documentation is out of date
> -
>
> Key: DIRSERVER-1282
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1282
> Project: Directory ApacheDS
>  Issue Type: Improvement
>  Components: doc, test
>Affects Versions: 1.5.4
>Reporter: Luke Daley
>Assignee: Kiran Ayyagari
>Priority: Major
> Fix For: 2.0.0-RC1
>
>
> http://directory.apache.org/apacheds/1.5/using-apacheds-for-unit-tests.html 
> is out of date. I am trying to upgrade from 1.0 to 1.5 and this documentation 
> is not helping me.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIRSERVER-1796) Add documentation about dedicated loggers

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-1796?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRSERVER-1796:
-
Component/s: doc

> Add documentation about dedicated loggers
> -
>
> Key: DIRSERVER-1796
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1796
> Project: Directory ApacheDS
>  Issue Type: Task
>  Components: doc
>Affects Versions: 2.0.0-M10
>Reporter: Emmanuel Lecharny
>Priority: Major
> Fix For: 2.0.0-RC1
>
>
> We have many dedicated loggers that would require a bit of documentation 
> (KERBEROS for kerberos related logs, JDBM for jdbm related logs, etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Closed] (DIR-248) Where to deploy generated documentation?

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIR-248?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny closed DIR-248.
-

> Where to deploy generated documentation?
> 
>
> Key: DIR-248
> URL: https://issues.apache.org/jira/browse/DIR-248
> Project: Directory
>  Issue Type: Task
>Reporter: Stefan Seelmann
>Assignee: Alex Karasulu
>Priority: Major
>
> As Felix mentioned in DIRSTUDIO-539 we currently use vm094.oxylos.org to 
> deploy documentation, however this machine is down. I wonder if the ASF 
> provides some infrastructure where we could deploy it?



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Closed] (DIR-300) Add contibution info to documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIR-300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny closed DIR-300.
-

> Add contibution info to documentation
> -
>
> Key: DIR-300
> URL: https://issues.apache.org/jira/browse/DIR-300
> Project: Directory
>  Issue Type: Improvement
>  Components: sitedocs
>Reporter: Ashton Davis
>Assignee: Alex Karasulu
>Priority: Minor
>
> Right now section 0.3 "Contributing" is empty.  It should probably be the 
> same as http://directory.apache.org/contribute.html
> I am building out documentation on my setup, I will write it generically 
> enough that I can upload it in more tickets to come.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Closed] (DIR-297) Lots of typographical errors in documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIR-297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny closed DIR-297.
-

> Lots of typographical errors in documentation
> -
>
> Key: DIR-297
> URL: https://issues.apache.org/jira/browse/DIR-297
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
>Reporter: Chad Dougherty
>Assignee: Alex Karasulu
>Priority: Minor
> Attachments: site_typos.diff
>
>
> Attached is a patch that corrects a lot of trivial typos in the documentation.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Closed] (DIR-326) Documentation bugs for LdapConnectionTemplate user guide

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIR-326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny closed DIR-326.
-

> Documentation bugs for LdapConnectionTemplate user guide
> 
>
> Key: DIR-326
> URL: https://issues.apache.org/jira/browse/DIR-326
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
>Reporter: Jarmod
>Assignee: Emmanuel Lecharny
>Priority: Minor
>
> The [#2.10 - Why use the 
> LdapConnectionTemplate|http://directory.apache.org/api/user-guide/2.10-ldap-connection-template.html]
>  docs have a couple of bugs:
> 1. The code 
> {code:java}
> private static final EntryMapper muppetEntryMapper
> {code}
>  should read as follows: 
> {code:java}
> private static final EntryMapper muppetEntryMapper
> {code}
> 2. The code 
> {code:java}
> public String map( Entry entry ) throws LdapException
> {code}
>  should read as follows: 
> {code:java}
> public Muppet map( Entry entry ) throws LdapException
> {code}
> The code, as it stands, will not compile (one warning, one error).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Updated] (DIR-335) Custom Interceptor documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIR-335?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIR-335:
--
Affects Version/s: (was: 2.0.0-M15)
  Component/s: (was: doc)
   sitedocs
  Key: DIR-335  (was: DIRSERVER-1975)
  Project: Directory  (was: Directory ApacheDS)

> Custom Interceptor documentation
> 
>
> Key: DIR-335
> URL: https://issues.apache.org/jira/browse/DIR-335
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
> Environment: Embedded server
>Reporter: Martin Choma
>Priority: Minor
>
> Hi,
> following documentation on writing custom interceptors here
> - http://joacim.breiler.com/apacheds/book.html
> or here
> -http://joacim.breiler.com/apacheds/ch07s02.html#Embedded mode Using the 
> interceptor
> I couldnt make my code run properly. Adding initialization part helped 
> finally. 
> myInterceptor.init(directoryService);
> Please correct the source of documentation.
> Martin 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (DIRAPI-74) Complete the API documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-74:

Fix Version/s: (was: 2.0.0)
   2.0.0.AM3

> Complete the API documentation
> --
>
> Key: DIRAPI-74
> URL: https://issues.apache.org/jira/browse/DIRAPI-74
> Project: Directory Client API
>  Issue Type: Task
>Affects Versions: 1.0.0-M9
>Reporter: Emmanuel Lecharny
>Priority: Blocker
> Fix For: 2.0.0.AM3
>
> Attachments: modifications.txt
>
>
> We need to complete the API documentation in 
> https://svn.apache.org/repos/asf/directory/documentation/ldap-api-manuals/trunk



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (DIRSTUDIO-1221) Path to ApacheDirectoryStudio.ini is wrong in documentation

[Stefan Seelmann (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1221?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIRSTUDIO-1221.

Resolution: Fixed

Fixed, thanks for reporting.

> Path to ApacheDirectoryStudio.ini is wrong in documentation
> ---
>
> Key: DIRSTUDIO-1221
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1221
> Project: Directory Studio
>  Issue Type: Documentation
>  Components: studio-apacheds-configuration
>Affects Versions: 2.0.0-M14
> Environment: macOS Mojave 10.14.4
>Reporter: Eric Liprandi
>Priority: Major
>
> The 
> [documentation|https://directory.apache.org/studio/faqs.html#location-of-apachedirectorystudioini-file]
>  says that on _Mac OS X_ you can find the {{ApacheDirectoryStudio.ini}} file 
> under {{/Applications/ApacheDirectoryStudio.app/Contents}}.
> However, it seems that the proper location is one level below, in the 
> {{Eclipse}} subfolder
> {{/Applications/ApacheDirectoryStudio.app/Contents/Eclipse/ApacheDirectoryStudio.ini}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (DIRSTUDIO-1221) Path to ApacheDirectoryStudio.ini is wrong in documentation

[Eric Liprandi (JIRA)]

Eric Liprandi created DIRSTUDIO-1221:


 Summary: Path to ApacheDirectoryStudio.ini is wrong in 
documentation
 Key: DIRSTUDIO-1221
 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1221
 Project: Directory Studio
  Issue Type: Documentation
  Components: studio-apacheds-configuration
Affects Versions: 2.0.0-M14
 Environment: macOS Mojave 10.14.4
Reporter: Eric Liprandi


The 
[documentation|https://directory.apache.org/studio/faqs.html#location-of-apachedirectorystudioini-file]
 says that on _Mac OS X_ you can find the {{ApacheDirectoryStudio.ini}} file 
under {{/Applications/ApacheDirectoryStudio.app/Contents}}.

However, it seems that the proper location is one level below, in the 
{{Eclipse}} subfolder
{{/Applications/ApacheDirectoryStudio.app/Contents/Eclipse/ApacheDirectoryStudio.ini}}




--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (DIRSTUDIO-1210) mixed up documentation bug, in replication section of studio docs

[Philip Brown (JIRA)]

Philip Brown created DIRSTUDIO-1210:
---

 Summary: mixed up documentation bug, in replication section of 
studio docs
 Key: DIRSTUDIO-1210
 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1210
 Project: Directory Studio
  Issue Type: Bug
Affects Versions: 2.0.0-M14
Reporter: Philip Brown


A link on
[https://directory.apache.org/studio/users-guide/2.0.0.v20180908-M14/apacheds/gettingstarted_configuration_editor.html]

 

for "the Replication page"

leads to

[https://directory.apache.org/studio/users-guide/2.0.0.v20180908-M14/apacheds/gettingstarted_configuration_editor_repl.html]

 

which does NOT walk the user through replication setup but instead describes

"The *Extended Operations Page"*

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (DIRSTUDIO-1165) Table Entry Editor - missing options following documentation

[Stefan Seelmann (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann updated DIRSTUDIO-1165:
---
Fix Version/s: 2.0.0-M15

> Table Entry Editor - missing options following documentation
> 
>
> Key: DIRSTUDIO-1165
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1165
> Project: Directory Studio
>  Issue Type: Question
>  Components: studio-ldapbrowser
>Affects Versions: 2.0.0-M13
> Environment: Windows, Java 8 Update 151
>Reporter: Jens
>Priority: Minor
> Fix For: 2.0.0-M15
>
>
> Hi,
> following the documentation 
> [https://directory.apache.org/studio/users-guide/ldap_browser/preferences_table_entry_editor.html]
>  I wanted to change the visible attributes settings. But I'm missing them 
> completely. They are not shown at all.
> Now the question is whether documentation is wrong and it's now longer 
> possible to select "Show objectClass attribute", "Show must attributes", 
> "Show may attributes", "Show operational attributes"?
> I know show operational attributes has been moved. But for editing some data 
> it's very helpful to also have "show may attributes".
>  
> Thanks.
> Jens
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (DIRSTUDIO-1051) Update developer documentation

[Stefan Seelmann (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1051?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIRSTUDIO-1051.

Resolution: Fixed

> Update developer documentation
> --
>
> Key: DIRSTUDIO-1051
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1051
> Project: Directory Studio
>  Issue Type: Task
>Reporter: Stefan Seelmann
>Priority: Major
> Fix For: 2.0.0-M9 (2.0.0.v20150606-M9)
>
>
> The developer guide https://directory.apache.org/studio/developers-guide.html 
> is totally outdated. It needs to be updated, or just link to the README.md 
> file.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (DIRAPI-74) Complete the API documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny resolved DIRAPI-74.
-
Resolution: Fixed

Done.

> Complete the API documentation
> --
>
> Key: DIRAPI-74
> URL: https://issues.apache.org/jira/browse/DIRAPI-74
> Project: Directory Client API
>  Issue Type: Task
>Affects Versions: 1.0.0-M9
>Reporter: Emmanuel Lecharny
>Priority: Blocker
> Fix For: 2.0.0
>
> Attachments: modifications.txt
>
>
> We need to complete the API documentation in 
> https://svn.apache.org/repos/asf/directory/documentation/ldap-api-manuals/trunk



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Help with task: Complete the LDAP API User Guide documentation

[Emmanuel Lécharny]

Hi !

that's pretty easy. All the API documentation is stored in
http://svn.apache.org/viewvc/directory/site/trunk/. You can check it out
using :


$ svn co http://svn.apache.org/viewvc/directory/site/trunk/


The pages are in
http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/,
and it's using Mardown as the syntax.


There are a lot of missing pages (marked with a (e) on the site), that's
the obvious first hing that need to get fixed.


The best solution would be to attache the changes you do into a JIRA
ticket
(https://issues.apache.org/jira/browse/DIRAPI-74?jql=project%20%3D%20DIRAPI%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20priority%20DESC)
so that we can review and apply them.

At some point, we can vote you in so that you have a direct access to
the project without needing one of us to review your work before you
push it !

Hope it's anough to get you started, but please don't hesitate to ask if
you need more specific informations.


Many thanks !

Le 08/02/2018 à 08:14, tokkelAcekiub tokkelAcekiub a écrit :
> I would like to help out with the task listed at
> https://helpwanted.apache.org/task.html?4f557867
> 

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Help with task: Complete the LDAP API User Guide documentation

[tokkelAcekiub tokkelAcekiub]

I would like to help out with the task listed at
https://helpwanted.apache.org/task.html?4f557867

[jira] [Commented] (DIRSTUDIO-1165) Table Entry Editor - missing options following documentation

[Emmanuel Lecharny (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRSTUDIO-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16327234#comment-16327234
 ] 

Emmanuel Lecharny commented on DIRSTUDIO-1165:
--

Hmmm, it seems it has disapeared a *long* time ago :/ I checked on a 2013 
version, and those options are not present.

Ok, it was removed 7 years ago :

[SVN commit 
927916|http://example.comhttp//svn.apache.org/viewvc?view=revision=927916]

Also check [DIRSTUDIO-638|https://issues.apache.org/jira/browse/DIRSTUDIO-638]

So the doc need to be updated...

> Table Entry Editor - missing options following documentation
> 
>
> Key: DIRSTUDIO-1165
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1165
> Project: Directory Studio
>  Issue Type: Question
>  Components: studio-ldapbrowser
>Affects Versions: 2.0.0-M13
> Environment: Windows, Java 8 Update 151
>Reporter: Jens
>Priority: Minor
>
> Hi,
> following the documentation 
> [https://directory.apache.org/studio/users-guide/ldap_browser/preferences_table_entry_editor.html]
>  I wanted to change the visible attributes settings. But I'm missing them 
> completely. They are not shown at all.
> Now the question is whether documentation is wrong and it's now longer 
> possible to select "Show objectClass attribute", "Show must attributes", 
> "Show may attributes", "Show operational attributes"?
> I know show operational attributes has been moved. But for editing some data 
> it's very helpful to also have "show may attributes".
>  
> Thanks.
> Jens
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Created] (DIRSTUDIO-1165) Table Entry Editor - missing options following documentation

[Jens (JIRA)]

Jens created DIRSTUDIO-1165:
---

 Summary: Table Entry Editor - missing options following 
documentation
 Key: DIRSTUDIO-1165
 URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1165
 Project: Directory Studio
  Issue Type: Question
  Components: studio-ldapbrowser
Affects Versions: 2.0.0-M13
 Environment: Windows, Java 8 Update 151
Reporter: Jens


Hi,

following the documentation 
[https://directory.apache.org/studio/users-guide/ldap_browser/preferences_table_entry_editor.html]
 I wanted to change the visible attributes settings. But I'm missing them 
completely. They are not shown at all.

Now the question is whether documentation is wrong and it's now longer possible 
to select "Show objectClass attribute", "Show must attributes", "Show may 
attributes", "Show operational attributes"?

I know show operational attributes has been moved. But for editing some data 
it's very helpful to also have "show may attributes".

 

Thanks.

Jens

 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Re: Contribution to the LDAP API Project Documentation

[Gunwant Singh]

Thanks a lot! Appreciate your time to reply.

On Jan 4, 2018 7:02 PM, "Emmanuel Lécharny" <elecha...@gmail.com> wrote:

>
>
> Le 04/01/2018 à 12:14, Gunwant Singh a écrit :
> > Hi Team,
> >
> > I am never contributed to Apache projects and I am new here. I have IT
> > (non-development) experience of 15 years and would like to contribute to
> > this project.
>
> You are very welcome !
>
> >
> > I don't have much knowledge on this project but I know basic details of
> > LDAP and how software projects work. I checked the Apache Directories
> > project and came to know about the documentation work available for LDAP
> > API.
> >
> > Please help me how I can contribute.
>
> This is quite simple. If you look at the website
> (http://directory.staging.apache.org/api/user-guide.html), you may
> notice that many pages are either incomplete (..) or empty (e). The idea
> is to pick teh page you feel comfortable with filling the gaps, and
> submit the missing text. The best would be to subscribe to JIRA
> (http://directory.staging.apache.org/issue-tracking.html) and more
> specifically to https://issues.apache.org/jira/projects/DIR, and to
> create an issue for each page you want to contribute, like :
> https://issues.apache.org/jira/browse/DIR-324?jql=
> project%20%3D%20DIR%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%
> 20created%20DESC%2C%20priority%20DESC%2C%20updated%20DESC
>
> If you have any question, feel free to post on teh dev list !
>
> >
>
> --
> Emmanuel Lecharny
>
> Symas.com
> directory.apache.org
>
>

Re: Contribution to the LDAP API Project Documentation

[Emmanuel Lécharny]

Le 04/01/2018 à 12:14, Gunwant Singh a écrit :
> Hi Team,
> 
> I am never contributed to Apache projects and I am new here. I have IT
> (non-development) experience of 15 years and would like to contribute to
> this project.

You are very welcome !

> 
> I don't have much knowledge on this project but I know basic details of
> LDAP and how software projects work. I checked the Apache Directories
> project and came to know about the documentation work available for LDAP
> API.
> 
> Please help me how I can contribute.

This is quite simple. If you look at the website
(http://directory.staging.apache.org/api/user-guide.html), you may
notice that many pages are either incomplete (..) or empty (e). The idea
is to pick teh page you feel comfortable with filling the gaps, and
submit the missing text. The best would be to subscribe to JIRA
(http://directory.staging.apache.org/issue-tracking.html) and more
specifically to https://issues.apache.org/jira/projects/DIR, and to
create an issue for each page you want to contribute, like :
https://issues.apache.org/jira/browse/DIR-324?jql=project%20%3D%20DIR%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20created%20DESC%2C%20priority%20DESC%2C%20updated%20DESC

If you have any question, feel free to post on teh dev list !

> 

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Contribution to the LDAP API Project Documentation

[Gunwant Singh]

Hi Team,

I am never contributed to Apache projects and I am new here. I have IT
(non-development) experience of 15 years and would like to contribute to
this project.

I don't have much knowledge on this project but I know basic details of
LDAP and how software projects work. I checked the Apache Directories
project and came to know about the documentation work available for LDAP
API.

Please help me how I can contribute.

-- 
Gunwant Singh

[jira] [Commented] (DIR-326) Documentation bugs for LdapConnectionTemplate user guide

[Jarmod (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIR-326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16251780#comment-16251780
 ] 

Jarmod commented on DIR-326:


Appreciate the quick response, thanks.

> Documentation bugs for LdapConnectionTemplate user guide
> 
>
> Key: DIR-326
> URL: https://issues.apache.org/jira/browse/DIR-326
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
>Reporter: Jarmod
>Assignee: Emmanuel Lecharny
>Priority: Minor
>
> The [#2.10 - Why use the 
> LdapConnectionTemplate|http://directory.apache.org/api/user-guide/2.10-ldap-connection-template.html]
>  docs have a couple of bugs:
> 1. The code 
> {code:java}
> private static final EntryMapper muppetEntryMapper
> {code}
>  should read as follows: 
> {code:java}
> private static final EntryMapper muppetEntryMapper
> {code}
> 2. The code 
> {code:java}
> public String map( Entry entry ) throws LdapException
> {code}
>  should read as follows: 
> {code:java}
> public Muppet map( Entry entry ) throws LdapException
> {code}
> The code, as it stands, will not compile (one warning, one error).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Resolved] (DIR-326) Documentation bugs for LdapConnectionTemplate user guide

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIR-326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny resolved DIR-326.
---
Resolution: Fixed

Many thanks !

Patches applied.

> Documentation bugs for LdapConnectionTemplate user guide
> 
>
> Key: DIR-326
> URL: https://issues.apache.org/jira/browse/DIR-326
> Project: Directory
>  Issue Type: Bug
>  Components: sitedocs
>Reporter: Jarmod
>Assignee: Emmanuel Lecharny
>Priority: Minor
>
> The [#2.10 - Why use the 
> LdapConnectionTemplate|http://directory.apache.org/api/user-guide/2.10-ldap-connection-template.html]
>  docs have a couple of bugs:
> 1. The code 
> {code:java}
> private static final EntryMapper muppetEntryMapper
> {code}
>  should read as follows: 
> {code:java}
> private static final EntryMapper muppetEntryMapper
> {code}
> 2. The code 
> {code:java}
> public String map( Entry entry ) throws LdapException
> {code}
>  should read as follows: 
> {code:java}
> public Muppet map( Entry entry ) throws LdapException
> {code}
> The code, as it stands, will not compile (one warning, one error).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (DIR-326) Documentation bugs for LdapConnectionTemplate user guide

[Jarmod (JIRA)]

Jarmod created DIR-326:
--

 Summary: Documentation bugs for LdapConnectionTemplate user guide
 Key: DIR-326
 URL: https://issues.apache.org/jira/browse/DIR-326
 Project: Directory
  Issue Type: Bug
  Components: sitedocs
Reporter: Jarmod
Assignee: Emmanuel Lecharny
Priority: Minor


The [#2.10 - Why use the 
LdapConnectionTemplate|http://directory.apache.org/api/user-guide/2.10-ldap-connection-template.html]
 docs have a couple of bugs:

1. The code 
{code:java}
private static final EntryMapper muppetEntryMapper
{code}
 should read as follows: 
{code:java}
private static final EntryMapper muppetEntryMapper
{code}

2. The code 
{code:java}
public String map( Entry entry ) throws LdapException
{code}
 should read as follows: 
{code:java}
public Muppet map( Entry entry ) throws LdapException
{code}

The code, as it stands, will not compile (one warning, one error).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Re: Task #4f557867: Complete the LDAP API User Guide documentation

[Emmanuel Lécharny]

Hi Vikas,


no, it's not already copleted, as you can see on
http://directory.apache.org/api/user-guide.html. There are many
incomplete pages, and some are even empty
(http://directory.apache.org/api/user-guide/2.8-comparing.html, etc)

All the pages are stored in a SVN repository, stored in
http://svn.apache.org/viewvc/directory/site/trunk/, and more
specifically in
http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/


Fetching the pages is easy :

svn co
http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/


The best way to proceed is to pick a page that you feel you can
complete/fulfill, write the text using your favorite editor, and to
propose a patch by attaching the modified page in
https://issues.apache.org/jira/projects/DIRAPI/issues/DIRAPI-74


Feel free to contact me for any information you'd liek to get.

Thanks !



Le 30/10/2017 à 06:39, Vikas Sherawat a écrit :
> Hi,
>
> I am Vikas Kumar, looking to contribute in ASF. I would like to contribute
> to this task, if it is not already completed.
>
> Please let me know how can i help.
>

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org

Task #4f557867: Complete the LDAP API User Guide documentation

[Vikas Sherawat]

Hi,

I am Vikas Kumar, looking to contribute in ASF. I would like to contribute
to this task, if it is not already completed.

Please let me know how can i help.

-- 
Thanks and Regards,
Vikas

[jira] [Updated] (DIRAPI-74) Complete the API documentation

[Stefan Seelmann (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann updated DIRAPI-74:
--
Fix Version/s: 2.0.0

> Complete the API documentation
> --
>
> Key: DIRAPI-74
> URL: https://issues.apache.org/jira/browse/DIRAPI-74
> Project: Directory Client API
>  Issue Type: Task
>Affects Versions: 1.0.0-M9
>Reporter: Emmanuel Lecharny
>Priority: Blocker
> Fix For: 1.0.0-RC3, 2.0.0
>
> Attachments: modifications.txt
>
>
> We need to complete the API documentation in 
> https://svn.apache.org/repos/asf/directory/documentation/ldap-api-manuals/trunk



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Task #4f557867: Complete the LDAP API User Guide documentation

[Ramanand Bhagwandin]

Hi,


My name is Ramanand Bhagwandin and I am new to apache.org.

My ICLA has been filed.

As a starter I want to start from the bottom and work my way up.

Starting with documentation or simple programming tasks seems to me the way to 
get acquainted with apache.org.

If the mentioned task is still open I would like to start with that.


With kind regards,


Ramanand Bhagwandin


Sent from Outlook<http://aka.ms/weboutlook>

[jira] [Created] (DIRSERVER-2188) Documentation empty : kerberos and client auth

[JIRA]

Gaétan QUENTIN created DIRSERVER-2188:
-

 Summary: Documentation empty : kerberos and client auth
 Key: DIRSERVER-2188
 URL: https://issues.apache.org/jira/browse/DIRSERVER-2188
 Project: Directory ApacheDS
  Issue Type: Bug
  Components: doc
 Environment: official apache site
Reporter: Gaétan QUENTIN


theses urls:

http://directory.apache.org/apacheds/advanced-ug/4.1.4-certificate-authn.html

http://directory.apache.org/apacheds/advanced-ug/4.1.3-kerberos-authn.html

are empty.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Closed] (DIRAPI-287) Documentation is wrong for connection pooling

[lucas theisen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lucas theisen closed DIRAPI-287.


Documentation updated.

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRAPI-287) Documentation is wrong for connection pooling

[lucas theisen (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15748794#comment-15748794
 ] 

lucas theisen commented on DIRAPI-287:
--

[~gdt], thanks for the reports...  I just got done updating the 2.10.  You 
should see the updates on staging now, they should show up on the regular site 
soon.

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRAPI-287) Documentation is wrong for connection pooling

[Greg Thomas (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15747664#comment-15747664
 ] 

Greg Thomas commented on DIRAPI-287:


That's much clearer. Thanks. 

The doc's at 
http://directory.staging.apache.org/api/user-guide/2.10-ldap-connection-template.html#managing-connections
 probably also need updating, though.

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRAPI-287) Documentation is wrong for connection pooling

[Emmanuel Lecharny (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15746468#comment-15746468
 ] 

Emmanuel Lecharny commented on DIRAPI-287:
--

Hi Lucas,

you can publish the web site immediately, no vote is required. Staging is just 
a place where you can double check the content and presentation, and as soon as 
the result pleases you, you can go public !

Thanks a lot for the update.

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (DIRAPI-287) Documentation is wrong for connection pooling

[lucas theisen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lucas theisen resolved DIRAPI-287.
--
Resolution: Fixed

Published to staging:

http://directory.staging.apache.org/api/user-guide/2.1-connection-disconnection.html

Awaiting further instruction.

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRAPI-287) Documentation is wrong for connection pooling

[lucas theisen (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15746211#comment-15746211
 ] 

lucas theisen commented on DIRAPI-287:
--

[~elecharny], I updated the documentation, and published to staging:

http://directory.staging.apache.org/api/user-guide/2.1-connection-disconnection.html

Do we wait on releasing updates to the documentation (for vote or something), 
or do we just publish as we modify?

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Assigned] (DIRAPI-287) Documentation is wrong for connection pooling

[lucas theisen (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

lucas theisen reassigned DIRAPI-287:


Assignee: lucas theisen

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>Assignee: lucas theisen
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRAPI-287) Documentation is wrong for connection pooling

[Greg Thomas (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRAPI-287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15745344#comment-15745344
 ] 

Greg Thomas commented on DIRAPI-287:


Also 
http://directory.apache.org/api/user-guide/2.10-ldap-connection-template.html#managing-connections
 - this talks about using {{GenericObjectPool}}, I'm guessing that should be 
updated with {{*PoolableLdapConnectionFactory}}

> Documentation is wrong for connection pooling
> -
>
> Key: DIRAPI-287
> URL: https://issues.apache.org/jira/browse/DIRAPI-287
> Project: Directory Client API
>  Issue Type: Bug
>Affects Versions: 1.0.0-RC2
>Reporter: Greg Thomas
>    Priority: Minor
>
> The documentation at At 
> http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
> there's a nice easy to follow example of how to set up connection pooling.
> The unfortunate thing is that it just doesn't work. The following line:
> {code}
> PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
> config );
> {code}
> won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
> guessing this is a change in API that's not yet filtered through to the 
> documentation yet. Digging around 1.0.0-RC2 does turn up either 
> {{DefaultPoolableLdapConnectionFactory}} or 
> {{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
> probably be updated to reflect this.
> While I'm being picky on pooling documentation;
> a) It's not clear to me on reading the javadoc of these classes what exactly 
> the difference is. The validating pool suggests that the default pool "may be 
> the right choice" - but under what circumstances? My first thought was that 
> the default pool is sufficient if you're using the same server/credentials 
> but on closer examination the server/cred's are part of the pool, so clearly 
> that's not right. A bit more explanation in this area may help.
> b) It may be useful to document exactly how the "test on borrow" works. 
> Digging round the javadoc I ended up at 
> http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
>  but I'd then need to check the source to find out /how/ the validation 
> works. Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if 
> the connection is valid. Can this be configured (e.g. a "I think I'm 
> connected" may be sufficient for some use cases, "I think I'm connected and 
> the server is responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (DIRAPI-287) Documentation is wrong for connection pooling

[Greg Thomas (JIRA)]

Greg Thomas created DIRAPI-287:
--

 Summary: Documentation is wrong for connection pooling
 Key: DIRAPI-287
 URL: https://issues.apache.org/jira/browse/DIRAPI-287
 Project: Directory Client API
  Issue Type: Bug
Affects Versions: 1.0.0-RC2
Reporter: Greg Thomas
Priority: Minor


The documentation at At 
http://directory.apache.org/api/user-guide/2.1-connection-disconnection.html 
there's a nice easy to follow example of how to set up connection pooling.

The unfortunate thing is that it just doesn't work. The following line:

{code}
PoolableLdapConnectionFactory factory = new PoolableLdapConnectionFactory( 
config );
{code}

won't compile because {{PoolableLdapConnectionFactory}} doesn't exist. I'm 
guessing this is a change in API that's not yet filtered through to the 
documentation yet. Digging around 1.0.0-RC2 does turn up either 
{{DefaultPoolableLdapConnectionFactory}} or 
{{ValidatingPoolableLdapConnectionFactory}} so the documentation should 
probably be updated to reflect this.

While I'm being picky on pooling documentation;

a) It's not clear to me on reading the javadoc of these classes what exactly 
the difference is. The validating pool suggests that the default pool "may be 
the right choice" - but under what circumstances? My first thought was that the 
default pool is sufficient if you're using the same server/credentials but on 
closer examination the server/cred's are part of the pool, so clearly that's 
not right. A bit more explanation in this area may help.

b) It may be useful to document exactly how the "test on borrow" works. Digging 
round the javadoc I ended up at 
http://directory.apache.org/api/gen-docs/1.0.0-RC1/apidocs/org/apache/directory/ldap/client/api/LdapConnectionValidator.html#validate-org.apache.directory.ldap.client.api.LdapConnection-
 but I'd then need to check the source to find out /how/ the validation works. 
Does it perform an LDAP equivalent of {{SELECT 1}} - or just check if the 
connection is valid. Can this be configured (e.g. a "I think I'm connected" may 
be sufficient for some use cases, "I think I'm connected and the server is 
responding" for others).



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (DIRSERVER-2072) Documentation For Kerberos Configuration Needs To Be Updated

[Stefan Seelmann (JIRA)]

[ 
https://issues.apache.org/jira/browse/DIRSERVER-2072?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15681891#comment-15681891
 ] 

Stefan Seelmann commented on DIRSERVER-2072:


Fixed here: http://svn.apache.org/viewvc?rev=1770592=rev

> Documentation For Kerberos Configuration Needs To Be Updated
> 
>
> Key: DIRSERVER-2072
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2072
> Project: Directory ApacheDS
>  Issue Type: Bug
>  Components: doc
>Affects Versions: 2.0.0-M20
>Reporter: Ed Brown
>  Labels: documentation
> Fix For: 2.0.0-M24
>
>
> I configured Directory Server LDAP and Kerberos as specified in the 
> documentation, but could never get the user authenticated. After looking 
> around the Internet, and initially ignoring the solution, I looked at the 
> test code for Directory Server and saw the test code used the krb5.conf file 
> in JAVA_HOME/jre/lib/security. After putting the information in the file, 
> authentication worked. 
> *It wasn't in the documentation*
> I used the following entries:
> [libdefaults]
>   default_realm = EXAMPLE.COM
>  [realms]
>   EXAMPLE.COM = {
>   kdc = localhost:6088
>   }
>  [domain_realm]
>   .example.com = EXAMPLE.COM
>   example.com = EXAMPLE.COM
>  [login]
>   krb4_convert = true
>   krb4_get_tickets = false



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (DIRSERVER-2072) Documentation For Kerberos Configuration Needs To Be Updated

[Stefan Seelmann (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-2072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann resolved DIRSERVER-2072.

Resolution: Fixed

> Documentation For Kerberos Configuration Needs To Be Updated
> 
>
> Key: DIRSERVER-2072
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2072
> Project: Directory ApacheDS
>  Issue Type: Bug
>  Components: doc
>Affects Versions: 2.0.0-M20
>Reporter: Ed Brown
>  Labels: documentation
> Fix For: 2.0.0-M24
>
>
> I configured Directory Server LDAP and Kerberos as specified in the 
> documentation, but could never get the user authenticated. After looking 
> around the Internet, and initially ignoring the solution, I looked at the 
> test code for Directory Server and saw the test code used the krb5.conf file 
> in JAVA_HOME/jre/lib/security. After putting the information in the file, 
> authentication worked. 
> *It wasn't in the documentation*
> I used the following entries:
> [libdefaults]
>   default_realm = EXAMPLE.COM
>  [realms]
>   EXAMPLE.COM = {
>   kdc = localhost:6088
>   }
>  [domain_realm]
>   .example.com = EXAMPLE.COM
>   example.com = EXAMPLE.COM
>  [login]
>   krb4_convert = true
>   krb4_get_tickets = false



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRSERVER-2072) Documentation For Kerberos Configuration Needs To Be Updated

[Stefan Seelmann (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRSERVER-2072?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Stefan Seelmann updated DIRSERVER-2072:
---
Fix Version/s: (was: 2.0.0-M20)
   (was: 2.0.0-M19)
   2.0.0-M24

> Documentation For Kerberos Configuration Needs To Be Updated
> 
>
> Key: DIRSERVER-2072
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2072
> Project: Directory ApacheDS
>  Issue Type: Bug
>  Components: doc
>Affects Versions: 2.0.0-M20
>Reporter: Ed Brown
>  Labels: documentation
> Fix For: 2.0.0-M24
>
>
> I configured Directory Server LDAP and Kerberos as specified in the 
> documentation, but could never get the user authenticated. After looking 
> around the Internet, and initially ignoring the solution, I looked at the 
> test code for Directory Server and saw the test code used the krb5.conf file 
> in JAVA_HOME/jre/lib/security. After putting the information in the file, 
> authentication worked. 
> *It wasn't in the documentation*
> I used the following entries:
> [libdefaults]
>   default_realm = EXAMPLE.COM
>  [realms]
>   EXAMPLE.COM = {
>   kdc = localhost:6088
>   }
>  [domain_realm]
>   .example.com = EXAMPLE.COM
>   example.com = EXAMPLE.COM
>  [login]
>   krb4_convert = true
>   krb4_get_tickets = false



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DIRAPI-74) Complete the API documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-74:

Fix Version/s: (was: 1.0.0-RC2)
   1.0.0-RC3

> Complete the API documentation
> --
>
> Key: DIRAPI-74
> URL: https://issues.apache.org/jira/browse/DIRAPI-74
> Project: Directory Client API
>  Issue Type: Task
>Affects Versions: 1.0.0-M9
>Reporter: Emmanuel Lecharny
>Priority: Blocker
> Fix For: 1.0.0-RC3
>
> Attachments: modifications.txt
>
>
> We need to complete the API documentation in 
> https://svn.apache.org/repos/asf/directory/documentation/ldap-api-manuals/trunk



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Help with task: Complete the LDAP API User Guide documentation

[John Rauser]

I would like to help out with the task listed at
https://helpwanted.apache.org/task.html?4f557867

Re: Help with task: Complete the LDAP API User Guide documentation

[Emmanuel Lecharny]

Hi Sudheer !


that's pretty easy. All the API documentation is stored in
http://svn.apache.org/viewvc/directory/site/trunk/. You can check it out
using :


$ svn co http://svn.apache.org/viewvc/directory/site/trunk/


The pages are in
http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/,
and it's using Mardown as the syntax.


There are a lot of missing pages (marked with a (e) on the site), that's
the obvious first hing that need to get fixed.


The best solution would be to attache the changes you do into a JIRA
ticket
(https://issues.apache.org/jira/browse/DIRAPI-74?jql=
project%20%3D%20DIRAPI%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%
20priority%20DESC)
so that we can review and apply them.

At some point, we can vote you in so that you have a direct access to
the project without needing one of us to review your work before you
push it !

Hope it's anough to get you started, but please don't hesitate to ask if
you need more specific informations.


Many thanks !

On Wed, Sep 7, 2016 at 5:47 PM, sudheer T <sudhe9...@gmail.com> wrote:

> I would like to help out with the task listed at
> https://helpwanted.apache.org/task.html?4f557867
>



-- 
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com

Help with task: Complete the LDAP API User Guide documentation

[sudheer T]

I would like to help out with the task listed at
https://helpwanted.apache.org/task.html?4f557867

Re: Apache documentation

[Pierre Smits]

Yay for Martin's contribution!

Best regards,

Pierre Smits

ORRTIZ.COM 
OFBiz based solutions & services

OFBiz Extensions Marketplace
http://oem.ofbizci.net/oci-2/

On Wed, Aug 3, 2016 at 9:37 PM, Shawn McKinney  wrote:

>
> > On Aug 3, 2016, at 2:26 PM, Emmanuel Lécharny 
> wrote:
> >
> > Martin, I would not have wrote a better answer... You can *feel* the
> > technical writer being you ;-)
>
> Agreed.  I would like to see Martin’s note turned into an article and
> published on our website.

Re: Apache documentation

[Shawn McKinney]

> On Aug 3, 2016, at 2:26 PM, Emmanuel Lécharny  wrote:
> 
> Martin, I would not have wrote a better answer... You can *feel* the
> technical writer being you ;-)

Agreed.  I would like to see Martin’s note turned into an article and published 
on our website.

Re: Apache documentation

[Emmanuel Lécharny]

Le 03/08/16 à 20:26, Martin Rosse a écrit :
> Hi Daphne,
>
> I am a technical writer who just started working on the Apache Directory
> developer documentation, and that requires Java knowledge. It sounds like
> you are looking to work on end user documentation. I have 10+ years of
> experience in software documentation, so maybe I can give you some tips.
>
> One caveat, I am relatively new to this project, and I defer to subsequent
> responses from experienced committers to the project.
>
> On to your question--I apologize if you know the following already, but
> it's worth making sure so here's some up front info just in case...
>
> Contributing to open source projects requires a lot of self-learning. These
> are technical projects where your help is welcomed, but you are expected to
> either have a lot of experience or are expected to be really good at
> figuring out a lot of things on your own. All open source projects provide
> the necessary info on how to contribute, including making doc
> contributions. In other words, the answer to your question is already there
> for you on the Apache Directory website already. Essentially, you can
> either fix existing doc bugs or propose doc enhancements, and the tools and
> info for doing so are described in detail such that in general you
> shouldn't need to be posting a question like this to the developer list. If
> they are not, then post and explain specifically what's lacking in that
> regard. That being said, of course, your post still has some value in that
> it may garner some interest, make others aware of your skills, and open the
> door to some doc need info that has been percolating in some developer's
> head. But generally, you should be able to move forward on your own and
> find things to work on without even asking.
>
> Also, unless you are already familiar with tools like JIRA, Maven,
> Markdown, Subversion, etc., there can be a lot to learn just to be able to
> understand the workflow and tools to be able to submit a documentation fix
> or improvement, let alone learn the underlying software so you can revise a
> user guide's contents.
>
> But if you are up for the challenge, it is an awesome learning
> experience...just don't expect much hand-holding and only ask questions to
> developers as a last resort after googling, checking JIRA issues, etc.
>
> With all that said, I am new to this project and have noticed that the
> published guides are very good and thorough, but have some minor issues.
> For example, if you install the software and use the guides to learn the
> software, you will notice some minor doc issues. So you may want to start
> doing essentially usability testing of the existing docs and noting things
> to fix. You also may find existing doc issues documented in the bug
> tracking tool -- JIRA. Before getting to involved in digging in to the
> usability testing, you may want to find a JIRA issue (marked
> "documentation") and then see if you can figure out all the mechanics of
> submitting a documentation patch, and submit one successfully. Going
> through that effort alone will be a great learning process.
>
> Hope that helps,
>
> Martin Rosse
Martin, I would not have wrote a better answer... You can *feel* the
technical writer being you ;-)

Thanks !

Re: Apache documentation

[Martin Rosse]

Hi Daphne,

I am a technical writer who just started working on the Apache Directory
developer documentation, and that requires Java knowledge. It sounds like
you are looking to work on end user documentation. I have 10+ years of
experience in software documentation, so maybe I can give you some tips.

One caveat, I am relatively new to this project, and I defer to subsequent
responses from experienced committers to the project.

On to your question--I apologize if you know the following already, but
it's worth making sure so here's some up front info just in case...

Contributing to open source projects requires a lot of self-learning. These
are technical projects where your help is welcomed, but you are expected to
either have a lot of experience or are expected to be really good at
figuring out a lot of things on your own. All open source projects provide
the necessary info on how to contribute, including making doc
contributions. In other words, the answer to your question is already there
for you on the Apache Directory website already. Essentially, you can
either fix existing doc bugs or propose doc enhancements, and the tools and
info for doing so are described in detail such that in general you
shouldn't need to be posting a question like this to the developer list. If
they are not, then post and explain specifically what's lacking in that
regard. That being said, of course, your post still has some value in that
it may garner some interest, make others aware of your skills, and open the
door to some doc need info that has been percolating in some developer's
head. But generally, you should be able to move forward on your own and
find things to work on without even asking.

Also, unless you are already familiar with tools like JIRA, Maven,
Markdown, Subversion, etc., there can be a lot to learn just to be able to
understand the workflow and tools to be able to submit a documentation fix
or improvement, let alone learn the underlying software so you can revise a
user guide's contents.

But if you are up for the challenge, it is an awesome learning
experience...just don't expect much hand-holding and only ask questions to
developers as a last resort after googling, checking JIRA issues, etc.

With all that said, I am new to this project and have noticed that the
published guides are very good and thorough, but have some minor issues.
For example, if you install the software and use the guides to learn the
software, you will notice some minor doc issues. So you may want to start
doing essentially usability testing of the existing docs and noting things
to fix. You also may find existing doc issues documented in the bug
tracking tool -- JIRA. Before getting to involved in digging in to the
usability testing, you may want to find a JIRA issue (marked
"documentation") and then see if you can figure out all the mechanics of
submitting a documentation patch, and submit one successfully. Going
through that effort alone will be a great learning process.

Hope that helps,

Martin Rosse




On Wed, Aug 3, 2016 at 9:18 AM, Daphne Somkin <123writingwiz...@gmail.com>
wrote:

> Hi - I am a Tech Writer looking to get some documentation experience. Can
> you direct me to the part of your project that needs documentation help?
>
> I don't know any programming languages.
>
> Thank you,
> Respectfully yours,
>
> Daphne Somkin
> www.writingwizard.org ~ 415.819.0600
>
>
>
>

Apache documentation

[Daphne Somkin]

Hi - I am a Tech Writer looking to get some documentation experience. Can
you direct me to the part of your project that needs documentation help?

I don't know any programming languages.

Thank you,
Respectfully yours,

Daphne Somkin
www.writingwizard.org ~ 415.819.0600

[jira] [Updated] (DIRAPI-74) Complete the API documentation

[Emmanuel Lecharny (JIRA)]

 [ 
https://issues.apache.org/jira/browse/DIRAPI-74?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emmanuel Lecharny updated DIRAPI-74:

Fix Version/s: (was: 1.0.0-RC1)
   1.0.0-RC2

> Complete the API documentation
> --
>
> Key: DIRAPI-74
> URL: https://issues.apache.org/jira/browse/DIRAPI-74
> Project: Directory Client API
>  Issue Type: Task
>Affects Versions: 1.0.0-M9
>Reporter: Emmanuel Lecharny
>Priority: Blocker
> Fix For: 1.0.0-RC2
>
> Attachments: modifications.txt
>
>
> We need to complete the API documentation in 
> https://svn.apache.org/repos/asf/directory/documentation/ldap-api-manuals/trunk



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Re: Volunteer for writting Documentation and Guides

[Emmanuel Lécharny]

Le 21/05/16 à 00:34, Syed Gardezi a écrit :
> Hello.
>
>I would like to help with this task of completing documentation for 
> the Apache LDAP API  with samples. Kindly direct me forward.
>
>
> Cheers,
>
> Sheece
>
>
Hi !


that's pretty easy. All the API documentation is stored in
http://svn.apache.org/viewvc/directory/site/trunk/. You can check it out
using :


$ svn co http://svn.apache.org/viewvc/directory/site/trunk/


The pages are in
http://svn.apache.org/viewvc/directory/site/trunk/content/api/user-guide/,
and it's using Mardown as the syntax.


There are a lot of missing pages (marked with a (e) on the site), that's
the obvious first hing that need to get fixed.


The best solution would be to attache the changes you do into a JIRA
ticket
(https://issues.apache.org/jira/browse/DIRAPI-74?jql=project%20%3D%20DIRAPI%20AND%20resolution%20%3D%20Unresolved%20ORDER%20BY%20priority%20DESC)
so that we can review and apply them.

At some point, we can vote you in so that you have a direct access to
the project without needing one of us to review your work before you
push it !

Hope it's anough to get you started, but please don't hesitate to ask if
you need more specific informations.


Many thanks !