Hi Manoel!
Am 22.07.2011 02:44, schrieb Manoel Matos:
I might be missing some technical knowledge about it then...
I've done basic LDAP administration but it's the first time I'm developing for
LDAP.
What I need to do is... Add roles and add users association with those roles...
Adding users
Hi Kevin,
currently I am quite busy and others at the users mailing list know the
server much better than me.
I therefore forward it to the list. Hopefully, you are subscribed to it.
Greetings from Hamburg,
StefanZ
Am 15.07.2011 14:26, schrieb Kevin Hamilton:
Sorry to bother you, but I
Hi Cem!
Cem Kavuklu wrote:
First, I must say I am very new to ApacheDS (and LDAP for that matter) and
hence I was browsing through the Basic User's Guide to start myself off with
some information and quickly realized some portions are missing at the moment
(including the whole chapter on
Hi all,
at YouTube you find German tutorials about LDAP, ApacheDS, Apache
Directory Studio and Tomcat integration.
3 parts
http://www.youtube.com/watch?v=glyGHPxUT5E
http://www.youtube.com/watch?v=NTmo9a-zCJY
http://www.youtube.com/watch?v=ZQOZMIPodiE
Thanks to creator Andreas Mertens for
Hi Frédéric!
Thanks for providing feedback. It seems to be a general problem, that
all of our example code is not displayed, e.g.
http://directory.apache.org/apacheds/1.5/141-changing-the-server-port-for-ldap.html
We generate the site from a Confluence wiki, perhaps the template
mechanism
Muralidhar Yaragalla wrote:
We have an application running on tomcat. We are
storing user information on APCAHEDS using some other application. But
whenever there is a change in the user information my application (which is
running on tomcat) has to be notified and
Peter Horne wrote:
I started using ApacheDS a few weeks ago and was using an embedded model like the webapp demo (embedded + TCP). Notwithstanding the renaming to DN etc, my program, and the demos verbatim, no longer work with 1.5.6. I am happy to do the work to describe specific bug details,
Hi Peter!
Peter Horne wrote:
Thanks for the replies and I'll look forward to the updates. One place where you may want to start is with installer/apacheds-noarch. As I was trying to work out what was wrong with my code, I thought I'd get it (installer/apacheds-noarch) going and then make some
Hi Dan!
Dan McLaughlin wrote:
I followed the documentation to build and deploy ApacheDS as war. I found
additional documentation on configuring a partition. Now I see my
partition, but it's read only.
How do you know it is read only? It should normally be possible to write
entries to it
Dan McLaughlin wrote:
I followed this documentation to create the war
http://cwiki.apache.org/DIRxSRVx11/43-embedding-apacheds-as-a-web-application.html
Then I followed this documentation to create a partition ou=test
Hi Carl!
Carl Myers wrote:
One workaround that occured to me is: Can ApacheDS be configured to
automatically flatten nested groups, and always return transitive members?
I assume no. At least it is not easy, to accomplish this task. A
directory does not know, what nested groups are. It does
Cook, Lee (IS) (Contr) wrote:
2- authenticate simple mode LDAP username/password credentials
LDAPAPI:
uid = username, userpassword = password
? user password stored in UNIX crypt format ?
Bind ?
Search user uid, userpassword?
It is very uncommon to search entries with a
Hi Bill,
Bill Keirskie wrote:
I have a web application that I am trying to authenticate to ApacheDS. The web application can authenticate the
user against ApacheDS, but cannot obtain a list of groups the user belohas membership to. Upon login, the web
application syncs the user's groups
Saavedra, Gisella wrote:
Can somebody tell me whether I can use this control with Apache DS? And if so,
maybe some URL with information about steps
to install it, or make it available, or whatever else is needed to get it to
work?
As far as I know, it is not implemented. A related JIRA
Bren Norris wrote:
I can run Softerra LDAP Administrator and easily add custom Object Classes
to the DIT... however when using ApacheDS openLDAP will shut the socket down
for the same operation.
I guess you mean Apache Directory Studio (the RCP client), not AoacheDS
which is the server).
Jacques Oosthuizen wrote:
Sorry to be a pain but how would I do it programmatically ?
No pain.
Not 100% sure, but I assume you should modify (reduce) the list of
interceptors. There is one responsible for Authentication
The following code lists the default interceptors, if the Directory
Linus van Geuns wrote:
My name is Linus van Geuns and I've been asked to write an article on
Apache Directory Studio as a LDAP server administration tool.
The article will span about 3 to 5 pages (DIN A4) and be published in
Linux Magazin[1] (de_DE).
Hi Linus,
I assume your article will be in
Alex Karasulu wrote:
The administrator entry is just like any other entry and the userPassword
field is like any other attribute. You can use these LDAP client tools to
update this attribute just the same way even on your SUN machine since this
goes over the wire.
Hence this mechanism also
Please don't crosspost our users and dev ML.
http://en.wikipedia.org/wiki/Crossposting
See answers on dev.
Murali K Gandrakota wrote:
Hi,
I have some queries on using C-library SDK against ADS 1.5.4.
1. Does apache provide its own C-SDK for ldap programming?
2. If not, what if we use SDK's
Hi Greg!
Greg Allen wrote:
This sounds like the right solution to me too.
My next question is when? How much work is this?
I would be happy to help, either by attempting the implementation or
testing out something that the ApacheDS people create.
I have started a Realm implementation. A
Hi Paul,
It seems that you do not want to modify or extend the schema (which is
the set of object classes, attribute types etc.), because your LDIF does
not contain Paul-specific stuff.
The thing you probably need is to add a new suffix. You can't load your
context entry dc=hyro,dc=com LDIF
Hi Carlo,
Carlo Camerino wrote:
I just want to know if Apache Directory server can do the following.
1.) Can it force the users to change password? (Expire password after a
specific time period)
2.) Can I make a list of commonly used passwords that users shouldn't use?
The functionality
Greg Allen wrote:
I'm new to ApacheDS, so forgive me if these questions are simple...
I would like to use ApacheDS as the authentication module for a web
application, probably
bundled in somehow with Tomcat (or maybe embedded)?
Just a small addition. Besides embedding ApacheDS (as described
Ah, I have not seen your answer before, E.
Emmanuel Lecharny wrote:
On Mon, Feb 23, 2009 at 3:00 PM, werner mueller
werner.muel...@mimacom.ch wrote:
hallo
a few days ago i started to setup apache ds (1.5.4) to have my own ldap
server. mainly to be able to sync users across different tools.
i
Alex Karasulu wrote:
Stefan, can you build and test the server from the trunk and see if this
re-added feature actually works and satisfies your SSL requirements for OG
certification? If it does not work we can fix it before 1.5.5 instead of
finding out that 1.5.5 still has issues with respect
Emmanuel Lecharny wrote:
What do you mean exactly ? It's an LDAP server, and the authentication
system will just look for a user which DN is given, and compare its
credential with what has been passed to the Bind Request operation (at
least for a Simple authentication).
Either the user exists
ayyagarikiran wrote:
hi John,
No, there isn't, but this feature was added in the trunk which will
be released as 1.5.5 soon.
From my point of view, this feature is crucial for the Open Group
certification; otherwise the system under test is really hard to set up.
Greetings from
Emmanuel Lecharny wrote:
Just in addition to Emmanuel (who is right), Mike perhaps compares it to
vendor specific features, some LDAP servers provide (Active Directory, IBM
Tivoli, etc.).
I would like to know about those features, because I think it might be
valuable - and really easy - to add
Emmanuel Lecharny wrote:
Overwriting the keys for uid=admin,ou=system did not work out
as expected so that we had to use our own ldapserver class.
This overwriting is really hard, because one has to modify at least
three attribute values (private key, public key, cetificate). The
biggest
Hi David!
David R Robison wrote:
I am using Novel's LDAP client. When attempting to update a record I get
the following error:
LDAPException: Loop Detect (54) Loop Detect
Any thoughts as to what the problem might be? Thanks, David
We need more information.What exactly is a Novell's LDAP
Hi William,
William Wilkins wrote:
I am attempting to enabled ldaps using the apacheds 1.5.5 revision
725332. I am unsure of where to specify the external keystore file I
would like to use for secure authentication. The 1.0 branch used spring
with the MutableServerConfuration bean but I
Athar Shiraz Siddiqui wrote:
I cannot believe it but I just changed eperson to person (As per
error) and it worked).
Please note that eperson and person are different object classes, the
latter is contained in the schema of ApacheDS out-of-the-box, eperson is
IBM specific and therefore not.
Hi Tore,
Tore Halset wrote:
It is a readonly partition which publishes the system properties and
their values via ldap.
As I said, I currently work on it. Filters and sub tree searches
currently do not work correctly (the filter is ignored, for instance).
But at least it starts and shows up
Ersin Er wrote:
Here is an article from IBM developworks:
Securing a multitenant SaaS application:
http://www.ibm.com/developerworks/java/library/j-saas/?S_TACT=105AGX01S_CMP=HP
Nice to see ApacheDS is prefered more and more.
I have added a link here
Jain, Prateek wrote:
Can I use mysql as backend to directory server?
Not out of the box. You would need a special partition implementation
for that. A good option would be to have a generic one for JDBC
compliant database drivers. We do not have such a thing within out code
base; using
Hi James,
James D Carroll wrote:
It would seem that Directory comes with basically one user in the
database. Is there somewhere that I can get more test data? Maybe
something that sorta models a typical business with maybe 100 or more
employees?
We have some sample data here
Joshua J. Kugler wrote:
Hi! I came across this page:
http://directory.apache.org/apacheds/1.0/ldap-related-rfcs.html and
noticed it's missing an LDAP RFC. Namely this one:
http://www.rfc-editor.org/rfc/rfc2891.txt Can anyone tell me if Server
Side Sorting of Search Results is supported by
Hi all,
next week I will present an introduction to LDAP for Java developers at
the Java User Group (JUG) Berlin, Germany.
http://www.java-berlin.de/
The talk will be in German. I will add the slides here afterwards:
Harakiri wrote:
will you talk about more specifics of ApacheDS or is it more about introduction
to JNDI? (the last slide is more about JNDI introduction).
Neither ApacheDS, nor JNDI in detail. It will basically be an
introduction to LDAP for Java developers.
Agenda (draft)
- Advantages of
Hi Andreas!
Eternach, Andreas (EXT) wrote:
I have created a new Schema, which defines just two object-classes (lets
call them Product and ProductProperty).
Of course ProductProperty is a child of Product, i.e. Products consist
of ProductProperties.
How about modeling product properties as
Hi all,
this week I had a short talk on Studio at German JAX conference in
Wiesbaden (http://www.jax.de).
I have added the slides (PDF) of my presentation to our conference
materials page (be warned: German).
http://directory.apache.org/community%26resources/conference-materials.html
Siva Kumar wrote:
We are using OpenLDAP currently and attempting to move to ApacheDS.
With 40K entries on my persons tree, my preferences api lookup
takes enormous amount time. I have all the main attributes added on the
index configuration on the server.xml.
Could anyone help.?
Michael Decker wrote:
But it would be intresting for me what your motivation to move to ApacheDS
from OpenLDAP, because I wonder, if it would be chance to use OpenLdap
instead of ApacheDS because of all their tools and scripts.
Which tools do you exactly mean? OpenLDAP does not provide UI
Hi Jürgen!
Juergen Weber wrote:
Listening on a socket is kind of misbehaviour for web applications. It
were better if the app server would control the socket listener.
See http://issues.apache.org/bugzilla/show_bug.cgi?id=39862
This is really interesting!
Please note that the described
Kashif Ali Siddiqui wrote:
My environment is
Client: RHES3, MozillaLDAP v6.0.4, Cyrus SASL 2.1.22
Server: WinXP, ApacheDS 1.5.1
At the step#18, I got the following error
_ldap_search: Unavailable critical extension
ldap_search: additional info: Unsupport critical
Hi Kevin!
Kevin Bortis wrote:
Ok, I run ApacheDS Version 1.5.1, Thunderbird version 2.0.0.6. I
configured Thunderbird exactly the same as in the User's Guide. I
modified only the hostname to localhost and tested some values for
Bind DN, which I think is the line for user authentication.
I
Stefan Zoerner wrote:
Native client from Sun ONE works fine:
$ ldapsearch -h localhost -p 10389 -b dc=example,dc=com -D
uid=admin,ou=system -w secret (cn=Tori*) sn
version: 1
dn: cn=Tori Amos,dc=example,dc=com
Oops, I made a cut/copy/paste error. Result is (as expected)
version: 1
dn: cn
Hi Ricardo!
I can reproduce this error with a ApacheDS 1.0.3 SNAPSHOT.
But it seems to be related to either the Java-Version of the Search-Tool
or the LDAP library from Sun/Netscape itself.
Here is what happens in my environment (Windows XP and Java 6 as well)
Native client from Sun ONE
Emmanuel Lecharny wrote:
I think it's definitively a bug in the LdapSearch client : the
twixDecoder logs show that the incoming request contains a star.
I would like to get the bytes sent by the client. You have a way to
get a byte dump of the request somwhere in the logs you generated. Can
you
Emmanuel Lecharny wrote:
This is a clear client bug. The client just add an empty attribute at
the end of the attributes list :
...
30 06 // Attributes list
04 02 // 2 chars length attribute
sn // sn is requested
04 00 // 0 length attribute.
In this very case, we
Emmanuel Lecharny wrote:
well, we can change the server behavior, but it won't be that easy. I
tried to change during the past hour, but the pb is that we have many
different cases :
- if the user doesn't pass any attributes, it defaults to '*'
- if a use passes at least an attribute, then we
Ricardo Chicca Junior wrote:
I've just filed a JIRA issue as requested by Stefan.
I hope i did it right, it's my first time.
Regards,
Thanks, Ricardo!
We can use this to track the issue, I'll add some comments. Looking
forward to here more from you.
Greetings from Hamburg,
Stefan
legolas wood wrote:
Thank you for your help.
Is there any manual about making the connection secure?
I mean for example it works over SSL .
You have to configure ApacheDS in order to offer LDAP/SSL (ldaps), which
is described for the 1.0.x versions here:
find out.
Greetings from Hamburg,
Stefan
---8---
Stefan Zoerner ([EMAIL PROTECTED])
Committer :: PMC Member
Apache Directory Project
http://directory.apache.org
Emmanuel Lecharny wrote:
Seems to be a clear bug !
I _think_ there is already a JIRA about it, but not 100% sure.
Do you mean this one:
uniqueMember attribute compare does not seem to work properly
(uniqueMemberMatch is not implemented?)
http://issues.apache.org/jira/browse/DIRSERVER-766
Emmanuel Lecharny wrote:
Well, I would first suggest that you try to see where those %20 are
generated from (it's not into AD, for sure !). If there is nothing you
can do, as DN are parsed during the ASN.1 decoding, and as the DN you
have will be seen as invalid, you will get an exception. The
Chris Custine wrote:
Yes, I can reproduce this as well. The password does not seem to update
immdiately when bound as another user (uid=admin,ou=system), but does
update
immediately when bound as that user.
So who wants to file the Jira? :-)
I'll do. The information in my mail is
Austin Taylor wrote:
http://directory.apache.org/apacheds/1.0/14-basic-configuration-tasks.html
I click it, I can see that there is text there, but I can't see it after the
page loads
is there a downloadable version of this guide? I would rather not wait too
long to use this software
Hi
Hi Jürgen!
Juergen Aschenbrenner wrote:
In order to develop and test components offline I am currently trying to
migrate a directory from the network to my local machine using ApacheDS
1.0.
I would recommend to use ApacheDS 1.5, although it is not a stable
release yet. But the schema
Hi Andrew!
Emmanuel has fixed the bug in the current 1.5 trunk which caused an
exception in the server. I have tested the server with Thunderbird 1.5
and the Search dialog is able to find entries.
Perhaps you can check whether we can close the related bug
Alex Karasulu wrote:
Although reported as a ApacheDS specific issue this may just be due to
lack of information about the behavior of other LDAP servers. I'm sure
other LDAP servers behave in the same manner when schema checking
is enabled. Hence I think it is incorrect to presume this is ADS
Hi Andrew!
I assume that you really have encountered an error within the new schema
subsystem of ApacheDS 1.5, see my comment to the issue here:
http://issues.apache.org/jira/browse/DIRSERVER-927
As a workaround, try to enable the Mozilla schema within ApacheDS. It is
part of the 1.5 package
in Oct. 2006, and we will
continue to release exclusively versions which fulfill their
requirements (knowing that the tests are not complete; and therefore
can't *prove* correctness).
Greetings from Hamburg,
Stefan
---8---
Stefan Zoerner ([EMAIL PROTECTED])
Committer :: PMC Member
For those of you interested in the new schema subsystem which is part of
ApacheDS 1.5 and a drastic improvement to its 1.0 counterpart:
I have moved the content of the little schema subsystem primer for
ApacheDS 1.5 to the documentation available on the web:
Hello Martin!
Martin Marcher wrote:
The second thing is that LDAPStudio won't show a posixAccount or
posixGroup objectClass, was it dropped in 1.5 or am I doing something
wrong? I'll be happy to provide details but I'm not too proficient
with ldap right now.
First of all, posixAccount is
Hallo Markus!
Markus Pohle wrote:
dn: cn=users,DC=VERWALTUNG,DC=DOUGLASHOLDING
objectClass: container
objectClass: top
cn: users
Object class container is probably the IBM specific one with OID
1.3.18.0.2.6.28 as described here:
http://www.alvestrand.no/objectid/1.3.18.0.2.6.28.html
%26resources/openldap-adieu-ein-ldap-server-in-java.html
Greetings,
Stefan Zoerner (szoerner)
Hi!
Here is an addition to my last mail. I changed all true to TRUE in
Damien's LDIF, was able to load it (via command line tool ldapmodify)
and use it.
Find a changed version of the LDIF file attached.
Greetings,
Stefan Zoerner (szoerner)
dn: cn=moz,ou=schema
objectClass: metaSchema
vs. TRUE.
Perhaps it has something to do with enabling syntax checking of
attribute types?
Greetings from Wiesbaden,
Stefan Zoerner (szoerner)
-trunks.html
Greetings from Bremen,
Stefan
---8---
Stefan Zoerner ([EMAIL PROTECTED])
Apache Directory Project
Committer :: PMC Member
70 matches
Mail list logo
