Re: Network performance issues under heavy load

LDAPS", the customer would prefer not to so I need to keep digging into this. On Fri, Jan 20, 2023 at 1:29 PM Marc Boorshtein wrote: > >> I would say that we only have a limited number of threads dedicated to >> process the incoming messages, and this number is computed based on

Network performance issues under heavy load

We're using ApacheDS as a frontend for MyVD, running 2.0.0.AM27-SNAPSHOT. We're finding that under heavy load (~300 concurrent connections) we'll periodically get "broken pipe" errors from the client. i can reproduce this pretty easily with jmeter's LDAP module. The errors tend to come in

Re: Really odd issue

through when we needed to do a pass-through bind to the downstream LDAP server. Thanks On Thu, Feb 3, 2022 at 7:50 PM Emmanuel Lécharny wrote: > > > On 03/02/2022 21:21, Marc Boorshtein wrote: > > This is a shot in the dark but I figured I'd ask. I've got a deployment > > of

Really odd issue

This is a shot in the dark but I figured I'd ask. I've got a deployment of MyVD that is sitting in front of ADLDS. With Apache Directory Studio, 99% of the time, an ldapmodify add/delete uniqueMember generates an operations error from ADLDS with no additional error message. What's really odd

Re: Geting extended request bytes

Thanks again Emmanuel, this did the trick! On Fri, Jan 7, 2022 at 11:19 AM Marc Boorshtein wrote: > >> I just committed the hierarchy change. >> >> > Fantastic! Thank you. >

ApacheDS used in labs for Kubernetes: An Enterprise Guide 2nd Edition

Hey everyone, just wanted to let you know we use ApacheDS for all our labs in Kubernetes: An Enterprise Guide 2nd Edition as a stand in for AD. Working great! Here's the github repo with all the scripts if your interested - https://github.com/PacktPublishing/Kubernetes---An-Enterprise-Guide-2E

Performance benchmarks between apache ldap api and other java ldap libraries?

Curious if there's been any testing or published results? Not such a hot topic these days :-/ Thanks

Re: Geting extended request bytes

> > > I just committed the hierarchy change. > > Fantastic! Thank you.

Re: Geting extended request bytes

> > > > > the PasswordModify extended request is natively supported by the LDAP > API, there is no need to cast it. The class hierarchy is the following: > > [[AbstractRequest]] >^ >| >+-- [[AbstractExtendedReques]] >| ^ >| | >|

Re: Geting extended request bytes

> > >> we have replaced the ExtendedRequest/responseDecorator with the >> OpaqueExtendedRequest/Response classes. >> >> They have the gatValue() method that returns the byte[] containing the >> value: >> >> This isn't working for me. When I try to cast ExtendedRequest req to OpaqueExtendedRequest

Re: Geting extended request bytes

> > > > we have replaced the ExtendedRequest/responseDecorator with the > OpaqueExtendedRequest/Response classes. > > They have the gatValue() method that returns the byte[] containing the > value: > > Thanks Emmanuel, thats what I needed! Everything compiles, so now the fun part of getting it

Re: Geting extended request bytes

That would be awesome, thanks! On Tue, Dec 28, 2021 at 12:25 PM Emmanuel Lecharny wrote: > Hi Marc, > > I can give you an answer in 4 days when I’ll be back in front of my > computer… > > Din’t forget to ping me! > > Le mar. 28 déc. 2021 à 17:13, Marc Boorshte

Geting extended request bytes

I'm migrating MyVirtualDirectory from 2.0.0-M20 to 2.0.0-M27. I'm hung up on trying to handle Extended requests. In 2.0.0-M20 I was able to get the generic request to ExtendedRequestDecorator and getting the request value. That doesn't seem like an option in 2.0.0-M27. I'm struggling to

Re: ApacheDS as LDAP proxy / custom interceptors

> > > We want to use ApacheDS as a proxy to another LDAP server and try to adapt > the examples for writing custom interceptors. Can you help us with the > following questions? > > > Not sure your use case but take a look at MyVirtualDirectory -

Re: Question about sample ApacheDS Docker images

> > > Thanks for weighing in. This is cool. I like that you separated the data > from the image, and that you’ve externalized the keystore pw. What kinds > changes to make this suitable for production? > > Since ApacheDS stores pretty much all of its configuration internally in the directory

Re: Question about sample ApacheDS Docker images

On Mon, Dec 30, 2019, 1:57 PM Shawn McKinney wrote: > Just read a blogpost: > https://dumisblog.wordpress.com/2019/12/30/run-apacheds-on-docker/ > > That made a statement: > > "Unfortunately there are no official images in the Docker Hub for > ApacheDS.” > Not an "official" image but we

Re: Published container and source

> > > What about contributing that to the Directory project? > Sure, would be happy to. What's the mechanism to do that? >

Published container and source

All, I went ahead and added some docs and published the container. Its not designed for a production deployment but it works really well to get something up and running quickly in a cloud native environment. The Dockerfile is based on a template I use to get through scans and certifications and

Docker container

Thanks everyone for the point in the right direction. Here's what I have so far: https://github.com/mlbiam/apacheds I run it with: docker run -ti --name apacheds -p 10389:10389 -p 10636:10636 -e APACHEDS_ROOT_PASSWORD=start123 -e APACHEDS_TLS_KS_PWD=start123 -e DN=dc=domain,dc=com -e

Re: How to setup TLS without the directory studio?

> > > > > > dn: > ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config > > Typically, ads-keystoreFile which is the path to the keystore, and > ads-certificatePassword which contains the keystore password (which is > misleading, because it has nothing to do with a

How to setup TLS without the directory studio?

I've got my container working and I want to add TLS support. I found a link in the docs for configuring an external keystore but it uses the GUI. Looks like I need to edit the ads-transportid=ldaps,ou=transports,ads-serverId=ldapServer,ou=servers,ads-directoryServiceId=default,ou=config object?

Re: Existing ApacheDS containers?

> > > > There are many other images named "apacheds" [3] from other users, some > provide the source Dockerfile. > > As a general rule I avoid images from sources I don't trust so I thought I'd ask here first. > I think it would be nice to provide an offical Docker image, maybe with > the next

Re: Existing ApacheDS containers?

> It generates a native binary and (according to doc) takes less time to > start. But more than that we don't need to install JRE inside > the container. Those are all at the moment appear to be good things, but > haven't tested these in a container yet. > > Benefits are clear for a serverless

Re: Existing ApacheDS containers?

I did this last year, there wasn't anything special in it then but if I > have to do it again I will probably do it with https://quarkus.io/. > >> Interesting, why? Have you seen that apacheds benefits from it? >>

Existing ApacheDS containers?

All, I need a container that I can spin up quickly that i can just feed an LDIF file and be listening on 10636. Has anyone containerized apacheds? Can't imagine its hard but I thought I'd see if anyone else tried it already. Thanks Marc

Re: ApacheDS vs OpenDJ testing?

> > > > I'll be happy to take care of the eDirectory setup and tuning... :-) > > Oh man blast from the past...can you still even get eDirectory?

Re: ApacheDS vs OpenDJ testing?

> An older eval is in > http://www.lmdb.tech/SymasDocs/2014-LOADays-jkozyra.pdf Wow, that's great. Love seeing openldap at the front of that pack. Interested to see how well opendj 3 is doing. Also great seeing a Java based system in opendj faster then 389. Thanks

Re: ApacheDS vs OpenDJ testing?

Thanks Emmanuel for the detailed writeup. Hadn't seen the WrenSecurty project. (fyi forgerock doesn't even call it OpenDJ anymore, they took "Open" out of all their product names). On Tue, Nov 28, 2017 at 10:11 AM Emmanuel Lécharny <elecha...@gmail.com> wrote: > > > Le

ApacheDS vs OpenDJ testing?

Just curious, has anyone compared the two from a performance standpoint? Thanks Marc

Re: Apache Directory/Studio/Fortress/Kerby/... blog

that would be great! btw what twitter handle do you use? want to help spread the word On Tue, Feb 14, 2017 at 6:24 AM, Jim Willeke wrote: > I think it is important. > > -- > -jim > Jim Willeke > > On Tue, Feb 14, 2017 at 5:52 AM, Emmanuel Lécharny >

Re: Secondary Development about ApacheDS

Rocky, It looks like you want an LDAP Virtual Directory. You can custom code one with ApacheDS by implementing the right classes. Depending on the complexity of what you are trying to do you can look at MyVirtualDirectory (my own project) which uses ApacheDS as the LDAP front end or you can

[jira] [Created] (DIRKRB-454) Support for s4u2self and s4u2proxy in the kerby client library

Marc Boorshtein created DIRKRB-454: -- Summary: Support for s4u2self and s4u2proxy in the kerby client library Key: DIRKRB-454 URL: https://issues.apache.org/jira/browse/DIRKRB-454 Project: Directory

Re: 389 Directory Server support in API

I wonder if it is possible to create an automated interoperability test suite for the LDAP API. At least for Open-Source LDAP servers (ApacheDS, OpenDJ, OpenLDAP, 389ds) is should be easy to create Docker images. There are Maven plugins [0] that start containers in pre-integration-test phase

Re: [ApacheDS] Virtual directory Server configuration

First, I'm the maintainer of MyVD and its probably best to move this conversation to MyVD's list. There's a link to it on our website. I have my setup as Apache DS - Application but I want Microsoft AD Integrated as well So it will be like Apache DS -- MyVD --

Re: [ApacheDS] Virtual directory Server configuration

Here is the scenario, one of our client is looking to have a second LDAP service(Apache DS) for external facing(Internet) portals. Internally they are using Microsoft active directory and they will continue to use this along with the ApacheDS . External facing portal should allow both

Re: [ApacheDS] Virtual directory Server configuration

MyVirtualDirectory (http://myvd.sourceforge.net/) uses ApacheDS as the front end for a virtual directory (though its mostly transparent to the user) and can easily provide the requirements you describe. Interesting project. Do you know who is driving it ? It being MyVirtualDirectory?

Re: [ApacheDS] Virtual directory Server configuration

Has it been tested against more recent Java version. Where are you seeing the java reference? Works great with 1.7. Haven't tried 8 yet.

Re: Where can I get the client certificate?

That will validate the certificate. But I need to be able to get the certificate from inside of an interceptor. Is there any way I can get it from the LdapSession? On Mar 13, 2015 3:58 AM, Kiran Ayyagari kayyag...@apache.org wrote: On Fri, Mar 13, 2015 at 1:09 PM, Marc Boorshtein mboorsht

Re: Where can I get the client certificate?

Also, I've already got a custom implementation of DefaultCoreSession, can I get the certificate from the IoSession? Or should I be asking that question to the MINA list? Thanks On Fri, Mar 13, 2015 at 7:55 AM, Marc Boorshtein mboorsht...@gmail.com wrote: here you have access

Re: Where can I get the client certificate?

Well thats untrue. The certificate can be used for user mapping, authorization, etc. This is VERY common in the HTTP world. In a servlet you can get the certificate, DN, etc from the request object. not the case in LDAP, AFAIK OK well if it wasn't the case I wouldn't have folks asking

Re: Where can I get the client certificate?

Well thats untrue. The certificate can be used for user mapping, authorization, etc. This is VERY common in the HTTP world. In a servlet you can get the certificate, DN, etc from the request object. not the case in LDAP, AFAIK OK well if it wasn't the case I wouldn't have folks asking

Re: Where can I get the client certificate?

here you have access to the certificate and this is the only place where you have a chance to see it, and if you want to store it for any other purpose then you need to extend server, cause certs are useless after establishing a secure channel. Well thats untrue. The certificate can be

Re: Where can I get the client certificate?

Correct. On Mar 12, 2015 8:24 PM, Kiran Ayyagari kayyag...@apache.org wrote: On Fri, Mar 13, 2015 at 4:48 AM, Marc Boorshtein mboorsht...@gmail.com wrote: I'm using ApacheDS as the LDAP front end for MyVD. Its been working great for months. Here's my question, where can I get a client

Where can I get the client certificate?

I'm using ApacheDS as the LDAP front end for MyVD. Its been working great for months. Here's my question, where can I get a client certificate from? (in instances where ssl client authentication is being used for SSL connections). Thanks Marc

Re: ApacheDS as a front for Google Apps

On Wed, Dec 3, 2014 at 2:17 PM, Ned Twigg ned.tw...@diffplug.com wrote: I have a small company that's moving from cloud services to internal services, so we're getting our first-ever LDAP server up to manage these accounts. We're using ApacheDS, but I really wish we could use Google Apps to

Scalability / performance testing?

I was wondering if anyone's done any performance or scalability testing on apacheds 2.0.0M15? I know no 2 benchmarks are the same so I'm not looking for comparisons with other directories. I ask because I've completed the integration of MyVD into apacheds and for the most part it works great. I

Re: Scalability / performance testing?

is it possible to share the test code? I can try to reproduce and see why this is happening The tests are actually based on jmeter. Its based on a customer's environment and requires active directory to really replicate but here's the ascii art version: Webb/App Server -- LDAPS -- MyVD

Re: Scalability / performance testing?

I have done some benchmarks 6 months ago with 5 injectors sending as manu search request as possible to the server. I won't say it's enough to guarantee that the server is stable enough... Performance testing is an art, not a science :-) This is typical of a client hving closed the

ApacheDS fails to start after unclean shutdown

If I start and stop ApacheDS cleanly then I have no issues. But if ApacheDS is shutdown abruptly (ie the jvm crashes) I can't re-start it with the following Exception: Exception in thread main org.apache.directory.api.ldap.model.exception.LdapOtherException: java.lang.Integer cannot be cast to

Re: ApacheDS fails to start after unclean shutdown

On Fri, Dec 27, 2013 at 11:57 AM, Emmanuel Lécharny elecha...@gmail.comwrote: Le 12/27/13 5:28 PM, Marc Boorshtein a écrit : If I start and stop ApacheDS cleanly then I have no issues. But if ApacheDS is shutdown abruptly (ie the jvm crashes) I can't re-start it with the following

Re: ApacheDS fails to start after unclean shutdown

I know this is not a good news, but I hope to be able to get a working solution in the next two weeks. If so, we will immediately issue a release. That's pretty much where we are atm, and I'm sorry for that... Emmanuel, No worries and thanks for the quick update. I have a workaround, since

Re: Creating a custom partition on apacheds 2.0.0-M15

On Tue, Dec 24, 2013 at 12:17 PM, Kiran Ayyagari kayyag...@apache.orgwrote: take a look at EmbeddedADSVerTrunk.java in here http://svn.apache.org/repos/asf/directory/sandbox/kayyagari/embedded-sample-trunk Thanks Kiran. While that vastly simplified my code, it didn't solve my initial

Re: Chaing ApacheDS to Active Directory

You should look at a virtual directory, http://myvd.sourceforge.net, maybe OpenDJ from forge rock too. Thanks Marc On Fri, Aug 17, 2012 at 9:29 AM, Alex Karasulu akaras...@apache.org wrote: On Fri, Aug 17, 2012 at 3:30 PM, torcaz99 torca...@hotmail.com wrote: Hello: I'm using ApacheDS

Re: [CONF] Apache Directory Development Guide to Directory Releases

P Sent from my iPhone On Oct 11, 2010, at 10:24 AM, conflue...@apache.org wrote: Guide to Directory Releases Page edited by Stefan Seelmann Changes (2) ... h2. Releasing Directory Projects and Making Release Announcements |Releasing Shared|[Releasing Skins|[Releasing Skins]|

[Kerberos Client] KERB_CHECKSUM_HMAC_MD5 in Java?

All, So I've made considerable progress in implementing s4u in the kerberos client. I've created the PA-FOR-USER data type and am able to generate a s4u2self request. However I think my checksum is incorrect. From MS-S4U: cksum: A checksum of userName, userRealm, and auth-package. This is

[Kerberos Client] Pre-auth failing with Windows 2003r2

All, I've been trying to setup a control to be able to develop the s4u extensions in the kerberos client. I've gotten the ticket to the point that the windows KDC does not throw an unknown error, primarily by changing the encryption type to RC4-HMAC. Now the kdc is telling me pre-authentication

[Kerberos Client] Can not generate a service ticket

All, I've setup a development environment for working with the kerberos client library and am running into a problem generating a service ticket. The below code works in that I get a TGT and it fails if I put in the wrong password but I don't seem to get the correct tickets and when I try to

s4u2self, s4u2proxy

Hello all, I know I've asked about this before, but this time I'm going to try my hand at implementing these tickets. Any helpful tips (beyond rtfrfc)? I plan on doing my testing against MS Windows 2003r2 Thanks Marc

[Kerberos] Constrained Delegation Support?

Was curious if anyone has looked at constrained delegation support? I know its an MS extension and the only APIs that it works with are commercial libraries so I was curious if anyone had looked at it. Thanks Marc

Re: [Kerberos] Constrained Delegation Support?

On Tue, Sep 22, 2009 at 7:50 PM, Alex Karasulu akaras...@gmail.com wrote: No we really have not but its not so hard to do I think. We just need to add the A2D2 attribute to the schema and enable some authorization checks in the KDC to make sure it constrains the service tickets the KDC grants

Re: Intercepting LDAP request

The biggest problem is that this library does not handle the communication part. However, you can also have a look at a dormant project we have once worked on : http://svn.apache.org/repos/asf/directory/sandbox/old/proxy/ which is a Ldap Proxy. It was designed once upon a time to offer a

Re: [Kerberos Client] Works on Active Directory, question about connection pooling

Glad to hear it. Which version of AD? Are you by any chance testing against 2008? I'll have to look into what the reasons are for the case issue. AD 2003, haven't tried anything on 2008 yet IIRC, the client is fully blocking and doesn't pool connections; a new connection is created

[Kerberos Client] Works on Active Directory, question about connection pooling

ApacheDSers, I just wanted to drop you guys a line to let you know that the kerberos-client code works well with Active Directory (at least for a TGT, I haven't tried a SGT) with one caveat. The user principal name in ad has the domain as lowercase (ie [EMAIL PROTECTED]) but in order for the

Fixed: [Kerberos Client] Authentication always succeeds?

My apologies, it turned out that I wasn't properly handling a class not found exception. Thanks Marc

How to compile Kerberos client classes?

ApacheDSers, I'm trying to build the apacheds' kerberos client. I first checked out the trunk-with-dependencies and ran 'mvn test' I then checked out ' http://svn.apache.org/repos/asf/directory/clients/trunk/kerberos/' and then ran mvn and got the following error: Project ID:

[Kerberos Client] Can't compile kerberos client

Sorry if this is a re-post, but gmail seemed to have lost the original post. I'm trying to compile the kerberos client classes. I first downloaded trunk-with-dependencies and ran 'mvn -P1.5.2-SNAPSHOT', then downloaded http://svn.apache.org/repos/asf/directory/clients/trunk/kerberos/and ran 'mvn

Re: [Kerberos Client] Can't compile kerberos client

mvn -Prelease install on top level first ? (just press enter when requesting for PGP key ...) I tried this and got the following error: GPG Passphrase: * *gpg: directory `/home/mlb/.gnupg' created Reading passphrase from file descriptor 0 gpg: new configuration file

Re: [Kerberos Client] Can't compile kerberos client

On Sun, Apr 20, 2008 at 12:04 PM, Emmanuel Lecharny [EMAIL PROTECTED] wrote: Marc Boorshtein wrote: mvn -Prelease install on top level first ? (just press enter when requesting for PGP key ...) I tried this and got the following error: OK, so I ran mvn -Prelease from

Re: How to compile Kerberos client classes?

Sorry, I made a mistake : I was not compiling the clients, but the main project... The Clients project have not been released yet, and they have not been modified to point to the new apacheds and shared release (should point to 1.5.3-SNAPSHOT and 0.9.11-SNAPSHOT) I will change that and

Re: [Kerberos] Client and server libraries?

There is a client implementation, but the focus was on getting the minimum working to support integration tests of our own server and the JAAS Kerberos client was too rigid in it's configuration. I'm sure as All I really need is authentication, so this looks perfect. Out of curiosity,

[Kerberos] Client and server libraries?

ApacheDSers, I'm looking to implement Kerberos for JLDAP (for MyVirtualDirectory). I've got JNDI's Kerberos support working, but I don't like it all that much and would like to integrate Kerberos into JLDAP. I know you guys have implemented a server side library, do you guys have a client side

Re: Synchronizing with Active directory on windows 2003 machine

I was wondering if there is a method to synchronize the the existing Active directory of our company on windows 2003 server to Apache Directory ? . You can write a script which export data from AD and import them to ADS automatically. Or use a Virtual Directory to do the job. If there

Re: Synchronizing with Active directory on windows 2003 machine

The main issue you will see with syncing is you can't easily sync passwords from AD. Hm, all you need is a listener for MS's password sync agent. It's a trivial protocol, trivial piece of code. (And of course, the sync agent must be installed on the AD side.) -- Trivial is relative. It

Re: Synchronizing with Active directory on windows 2003 machine

Probably true. But it's easy to show that application (and AD) reliability/stability will improve by offloading LDAP traffic from AD onto a real LDAP server, and it's pretty poor politics to be on the wrong side of that argument. Technically, yes. But if politics could be solved based on

Re: Object LDAP mapping

You may want to try using jdbc-ldap with your favorite orm. Marc On 12/17/07, Graham Leggett [EMAIL PROTECTED] wrote: Hi all, Although not directly related to the directory server itself, I thought I would ask here as the concentration of LDAP experts is high :) Has anybody heard of a

Memory only partition?

All, Is there a way to run apacheds in a 'memory only' mode? This would be very useful as a caching mechanism (I plan on integrating ApacheDS as a backend for MyVirtualDirectory). I'm not a storage expert but if I am pointed int he right direction I'd be happy to take a stab at adding a memory

Re: Empty DN () String Value?

Well, based on the discussion I am going to change toString() to return an empty String (). I think its bad form for an instantiated object to have 'null' for its string representation anyway. Marc

Empty DN () String Value?

I wanted to get an opinion from the other java ldap projects. Should the toString() method of a class that represents a DN return null or an empty string? I would think an empty string but JLDAP returns null. Anyone have an opinion on the matter? Thanks Marc

Re: Empty DN () String Value?

RFC 4514 states : 2.1. Converting the RDNSequence If the RDNSequence is an empty sequence, the result is the empty or zero-length string. Which means that a DN should be the empty String, ie : , not null. IMHO and as far as I understand the RFC :) A very good point in-deed.

Parameters for starting ApacheDS...

All, I'm trying to use apacheds in my unit tests for MyVD. I've seen some examples for starting ApacheDS using JNDI, but I'd prefer to start it in a separate process (I do something similar with OpenLDAP). I've found that by setting APACHEDS_HOME and SERVER_HOME I'm able to relocate the

Re: [ApacheDS] Specifying application level subtrees?

It's essentially a means to group entries together and much more powerful than what is currently used in practice for dynamic groups: dynamic groups uses an LDAP URL to dynamically select the users for inclusion in the group. Ok, I think I better understand what you are saying now. I've

Re: [ApacheDS] Specifying application level subtrees?

Alex, Thats why many virtual directories have dynamic group plugins to make dynamic groups work and act like static groups. Yes this is one such approach but it scares me in terms of the size of entries that will be returned. You're going to be caching a lot in memory. Consider a

Re: [ApacheDS] Specifying application level subtrees?

If the user is a member of the group then the group dn will be returned as the only entry. While there are definitely really badly written applications that will retrieve the entire group and then do an evaluation thats pretty rare. Yeah this is what I am afraid of. I know of many apps

Re: [ApacheDS] Specifying application level subtrees?

Emmanuel, On 9/21/07, Emmanuel Lecharny [EMAIL PROTECTED] wrote: Hi Marc, Alex, just a small comment in the body IMO LDAP was too lightweight in an adverse reaction to the OSI weight of X.500. So now people realize we have to embrace X.500 concepts and in particular the admin

Re: [ApacheDS] Delegated authenticator ideas

Now I am thinking how to enable delegation to multiple LDAP servers and how to map users to these servers. Then how do you make users in ApacheDS to another principalDn in the external server? MyVirtualDirectory handles this as part of the joiner system. When a user binds to the virtual

Re: [ApacheDS] Specifying application level subtrees?

Any reason why LDAP never defined application level subtree specification mechanisms? Right now the subentry is used with the a operational usage for the main subtreeSpecification attribute. Also the base is AP position relative. Why not have an application space specification and use that

Re: OT kerberos, iwa and proxys

Awesome! you guys are the best. Thanks Marc

OT kerberos, iwa and proxys

All, I've got an kerberos question when cobined with integrated windows authentication. Can the process of authenticating the user to an iis server be proxied succesfully? Thanks for any input. Marc On 6/1/07, Alex Karasulu [EMAIL PROTECTED] wrote: On 6/1/07, Emmanuel Lecharny [EMAIL

Re: OT kerberos, iwa and proxys

] wrote: Marc Boorshtein a écrit : All, Hi Marc, I've got an kerberos question when cobined with integrated windows authentication. Can the process of authenticating the user to an iis server be proxied succesfully? so far, I think you just need to enable SPNEGO on you browser to do so

Re: OT kerberos, iwa and proxys

with the authentication process. Thanks Marc On 6/1/07, Alex Karasulu [EMAIL PROTECTED] wrote: SPNEGO does this. Alex On 6/1/07, Marc Boorshtein [EMAIL PROTECTED] wrote: Thanks What I'm actually doing is trying to proxy the ticket as part of an http request/response but I thought I had

Re: OT kerberos, iwa and proxys

I need to detect a failed login and am investigating possabilities. If the login fails I need to present the user a form. Thx Marc On 6/1/07, Alex Karasulu [EMAIL PROTECTED] wrote: What use case is this for or rather what is your aim with a KRB5 proxy? Alex On 6/1/07, Marc Boorshtein [EMAIL

Re: [ApacheDS] Cost of interceptors

All, I've been reading this discussion and as MyVD uses a very similar model I thought I'd throw in my 2 cents - as each method in an interceptor should know which is the next interceptor to call for the same method, this leads to some mi of concept : we are dealing with a chain of global

Re: Using Apache DS as proxy server

I am using apache DS 1.0. Is there a way to use it only as a proxy server? I just want the requests to be forwarded to another backend instead of the one in apache DS. Vijay, What precisely are you looking to do? I don't believe apacheds has a proxy backend (someone please correct me if

Re: [Terminology] Virtualization

Jim Yang and I started a wikipedia page on virtualization if anyone would like to contribute/comment/rant/etc http://en.wikipedia.org/wiki/Virtual_directory On 5/23/07, Ole Ersoy [EMAIL PROTECTED] wrote: Another perspective on the word Virtualization

MINA 1.0.2 Scalability?

I was curious if any scalability testing has been done on MINA based servers and any scalability tips that may be available. I've already upped my SocketAcceptor threads which is not seeming to help. MyVD uses MINA for it's protocol stack (based on the apacheds stack). No matter what I do, I

Re: MINA 1.0.2 Scalability?

On 2/23/07, Marc Boorshtein [EMAIL PROTECTED] wrote: thanks for the testimony. the problem is most likely pebkac :-D (problem exists between keyboard and chair). Marc This was in fact the problem. MINA is scaling great! Thanks for the quick testimonials. It made it much easier for me

Re: TCP service not shutting down cleanly

Ah I see. Then isn't it a problem of JVM rather than of MINA? I don't think so because I never had (and still don't have) this issue with the MINA that came with ApacheDS 0.9.8 It is really weird, but I guess we don't have any control on it if it only occurs when you kill (i.e. kill -9

Re: TCP service not shutting down cleanly

On 1/30/07, Trustin Lee [EMAIL PROTECTED] wrote: I attached some test code for reproducing the problem. https://issues.apache.org/jira/browse/DIRMINA-342 So far, I couldn't reproduce the problem using it, but I believe what it does is almost same with what ApacheDS does. I suspect it is a

Re: TCP service not shutting down cleanly

Make sure you're using the following parameters to the acceptor config. Namely the reuse address true parameter. Thanks Alex, but that does match my code. What OS/jdk do you guys test on? I'm on Fedora Core 5/jdk 1.5.something. Since I don't have this issue with the mina that comes with

Re: TCP service not shutting down cleanly

Well, this is a rampant problem we have, and it don't want to vanish... Odd, why didn't this happen in the original version I used? If you are on linux, you can modify you TCP keepalive parameter to a smaller value, so the socket will be freed faster. This didn't work. How does the

  1   2   >