Saturday Sep 20, 2008
Today's Page Hits: 80
Saturday Sep 20, 2008
For SFD 2008 I tried explaining the whole free software idea to my son, Tim. When I showed him all the free software in the list of add ons for Ubuntu, he noticed immediately that there are lots of games available. At that point he quit listening, selected every package in the games category, and basically choked off my connection. He was celebrating free software by leaving YouTube on, simultaneously downloading probably every game from Debian, and watching TV instead.
I started out on a bug hunt in OpenDS, but got sidetracked after running into the same issue that Ludo and Daniel are addressing through issue 3489.
The latest promoted build seems to install fine through Java WebStart with the defaults and 2000 generated entries, however.
What sidetracked me were doc issues left to opends_unassigned. There is some low hanging fruit there for folks who want to get involved gently in the OpenDS project. You can fix open Wiki issues without getting committer access. All you need to do is join the java.net community, join the OpenDS Wiki, and pick an issue that you can handle.
Software Freedom Day 2008
Today is Software Freedom Day 2008. The celebration's seem to be going on around the world.
Over here near Grenoble, France, we will be celebrating with the latest build of OpenDS of course. But I am also planning to teach my son to apply at least the security patches on his Ubuntu desktop without Dad's help ;-)
Tuesday Sep 16, 2008
Ludo explained how to get involved with OpenDS on the OpenDS-users list. His answer was tucked away in a mail about posixGroup object classes.
Feel free to register to Java.net and join the OpenDS project as a user. To register, choose a login name, enter a password and your email address. Nothing else is required. Joining the OpenDS project as a user just indicates your interest in the project and will allow you to subscribe to the mailing lists if you want to.
The Java.net page is https://opends.dev.java.net/. There you find the mailing lists, the issue tracker, and so forth.
The OpenDS project home page is at http://www.opends.org. There you find an overall view of the project, where to download the latest OpenDS LDAP directory server, a link to the Wiki with nearly 800 pages of documentation, the source code to browse through, and so forth.
You are welcome to get involved to the extent that makes sense for you. For example, if you are looking for a fully featured LDAP directory server written in Java, you might want to try OpenDS and sign up on the OpenDS-users list.
Directory Proxy Server 6: Data Pools and Data Views
This entry shows how to set up the following scenario with Directory Proxy Server 6.
Send requests for ou=People_Pool1 to Servers A and B
Send requests for ou=People_Pool2 to Servers C and D
Thanks to Jay Biddle for the suggestion.
How To Prepare Directory Servers A, B, C, and DIn this example servers A and B are Directory Servers housing the suffix ou=People_Pool1, which contains seven entries, including 3 user entries. See ExamplePool1.ldif.
Directory Servers C and D house the suffix ou=People_Pool2. See ExamplePool2.ldif.
In this example all servers are on the same host. Directory Server A listens for LDAP on port 1389, B on 2389, C on 3389, and D on 4389.
If you want to import the LDIF for either one into your Directory Server, first create the corresponding suffixes on Directory Servers A, B, C, and D, and then import the data from LDIF. See The Version 6 CLI: Getting Started for an example of how to create a suffix and import data from LDIF using the command line.
How to Set Up ou=People_Pool1 and ou=People_Pool2 Data ViewsAfter you have Directory Servers A, B, C, and D are running with the data you imported, you can set up a Directory Proxy Server instance so send searches on ou=People_Pool1 to A and B, and searches on ou=People_Pool2 to C and D.
First, create an instance of Directory Proxy Server, and start the instance.
$ dpadm create -p 10389 -P 10636 -w /tmp/pwd.txt /export/mcraig/dps $ dpadm start /export/mcraig/dps Directory Proxy Server instance '/export/mcraig/dps' started: pid=19431
Second, create LDAP data sources hooked up to servers A, B, C, and D.
$ dpconf create-ldap-data-source -w /tmp/pwd.txt -p 10389 "A" localhost:1389 $ dpconf create-ldap-data-source -w /tmp/pwd.txt -p 10389 "B" localhost:2389 $ dpconf create-ldap-data-source -w /tmp/pwd.txt -p 10389 "C" localhost:3389 $ dpconf create-ldap-data-source -w /tmp/pwd.txt -p 10389 "D" localhost:4389
Third, set up LDAP data source pools to hold the data sources, and set up LDAP data views into the pools.
$ dpconf create-ldap-data-source-pool -w /tmp/pwd.txt -p 10389 "People_Pool1" $ dpconf create-ldap-data-source-pool -w /tmp/pwd.txt -p 10389 "People_Pool2"
$ dpconf attach-ldap-data-source -w /tmp/pwd.txt -p 10389 "People_Pool1" "A" "B" $ dpconf attach-ldap-data-source -w /tmp/pwd.txt -p 10389 "People_Pool2" "C" "D"
$ dpconf create-ldap-data-view -w /tmp/pwd.txt -p 10389 "People_Pool1_View" "People_Pool1" ou=People_Pool1 $ dpconf create-ldap-data-view -w /tmp/pwd.txt -p 10389 "People_Pool2_View" "People_Pool2" ou=People_Pool2
Fourth, enable your LDAP data sources for searches (and other operations if you want), and restart Directory Proxy Server.
$ dpconf set-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "A" is-enabled:true $ dpconf set-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "B" is-enabled:true $ dpconf set-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "C" is-enabled:true $ dpconf set-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "D" is-enabled:true $ dpconf set-attached-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "People_Pool1" "A" search-weight:100 $ dpconf set-attached-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "People_Pool1" "B" search-weight:100 $ dpconf set-attached-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "People_Pool2" "C" search-weight:100 $ dpconf set-attached-ldap-data-source-prop -w /tmp/pwd.txt -p 10389 "People_Pool2" "D" search-weight:100 $ dpadm restart /export/mcraig/dps Directory Proxy Server instance '/export/mcraig/dps' stopped Directory Proxy Server instance '/export/mcraig/dps' started: pid=19494
Finally, search Directory Proxy Server in each pool to ensure that you get the results you expect. Here bcubbins is in People Pool1. yyorgens is in People Pool2
$ ldapsearch -p 10389 -b ou=People_Pool1 uid=bcubbins version: 1 dn: uid=bcubbins,ou=People,ou=People_Pool1 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: bcubbins givenName: Bartholomew sn: Cubbins cn: Bartholomew Cubbins mail: bcubbins@example.com facsimileTelephoneNumber: +1 234 567 8910
$ ldapsearch -p 10389 -b ou=People_Pool2 uid=yyorgens version: 1 dn: uid=yyorgens,ou=People,ou=People_Pool2 objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson uid: yyorgens givenName: Yolanda sn: Yorgenson cn: Yolanda Yorgenson mail: yyorgens@example.com secretary: uid=scooper,ou=People,ou=People_Pool2
Wednesday Aug 20, 2008
This entry explains a simple example of OpenDS, the pure Java LDAP directory server, embedded in a web application. Ludovic Poitou presented on the subject at a talk he gave at Jazoon in Zurich this summer.
Based on those ideas I wrote a sample servlet, leaning as much as I could on NetBeans 6.1 to handle the build management and deployment in GlassFish. The servlet code is posted at the bottom of this entry.
Before You Start
If you want to try this yourself, get NetBeans with an application server plugin and an application server to manage such as GlassFish or Tomcat. Otherwise you will have to do the work of writing an ant build script or a Makefile. (See Tools > Plugins and Tools > Servers in NetBeans 6.1 for example.)
Also download and install OpenDS, importing some people entries. (The servlet uses CN and SN in the search filter.) You will embed the result in your application. OpenDS databases and other files are completely portable, so you can set up your test instance in one place, and copy the files to a completely different system.
To Create the Web App
In NetBeans, select File > New Project.
In the New Project wizard, Categories: Web > Projects : Web Application.
Give your project a name such as OpenDSInsideSample.
For the other settings, accept the defaults, assuming you configured your Web Application server before you started.
To Add the Servlet
Right-click the project Source Packages > New > Java Class...
In the Name and Location page of the wizard, Class Name: OpenDSServlet, Package: org.opendsinside.embedded.
For other settings, accept the defaults.
Replace the content of the file with the code for OpenDSServlet, shown below.
Note NetBeans shows lots of red-colored errors in the code at this point. That's because you have not yet added the OpenDS .jar files. So NetBeans cannot resolve many of the missing class names, yet.
To Add the Home Page
Under Web Pages, delete the existing index.jsp file.
Right-click Web Pages > New > HTML..., and then create an empty index.html file using the wizard.
Replace the content with the content of index.html, shown below.
To Add OpenDS Inside
Using a terminal, or a file manager, copy the OpenDS configuration, databases, .jars (lib/), locks, and logs to the WEB-INF folder where NetBeans stores your project.
When you finish, your files should appear in the NetBeans Projects view.
Right-click Libraries > Add JAR/Folder..., and add the OpenDS.jar, je.jar, quicksetup.jar, and aspectjrt.jar files you copied to WEB-INF/lib/.
As a result, the errors in OpenDSServlet should disappear as NetBeans resolves the class references for OpenDS objects.
Right-click the project, and then select Run.
After the web application starts and is deployed, you can access it through your browser at http://host:port/OpenDSServlet.
Notice that the LDIF contains even userPassword, because the servlet gets a root (Directory Manager) connection. In a real-world version, you would get more than one connection, and you would no doubt also use access control.
For details and further information, see the OpenDS Wiki articles on embedding OpenDS.
Here is the web page, index.html.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Redirecting to OpenDS Embedded Example</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="refresh" content="0;./OpenDSServlet">
</head>
<body bgcolor='#a3b8cb'>
<p>This page redirects to the web app after starting OpenDS...</p>
</body>
</html>
Here is the servlet code, OpenDSServlet.java.
package org.opendsinside.embedded;
import java.io.File;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.opends.server.config.ConfigException;
import org.opends.server.protocols.internal.InternalClientConnection;
import org.opends.server.protocols.internal.InternalSearchOperation;
import org.opends.server.types.DirectoryEnvironmentConfig;
import org.opends.server.types.DirectoryException;
import org.opends.server.types.InitializationException;
import org.opends.server.types.SearchResultEntry;
import org.opends.server.types.SearchScope;
import org.opends.server.util.EmbeddedUtils;
/*
* Search an embedded OpenDS instance by using a web form.
*/
public class OpenDSServlet extends HttpServlet {
private InternalClientConnection InternalConnection;
/**
* When the servlet starts, configure OpenDS, start OpenDS,
* and open an internal connection to OpenDS.
*/
@Override
public void init(ServletConfig config) throws ServletException {
// Ensure that OpenDS gets configured.
ServletContext context = config.getServletContext();
String appRoot = context.getRealPath(context.getContextPath());
DirectoryEnvironmentConfig envConfig = new DirectoryEnvironmentConfig();
try {
envConfig.setServerRoot(new File(appRoot + "/WEB-INF"));
envConfig.setConfigFile(new File(appRoot +
"/WEB-INF/config/config.ldif"));
envConfig.setDisableConnectionHandlers(true);
// If something goes wrong configuring the server, log what happened.
} catch (InitializationException ex) {
Logger.getLogger(OpenDSServlet.class.getName())
.log(Level.SEVERE, null, ex);
ex.printStackTrace();
throw new ServletException(
"Failed to setup server config: " +
envConfig.getConfigFile().getName());
}
// Start the OpenDS server.
if (EmbeddedUtils.isRunning()) {
return;
} else {
try {
EmbeddedUtils.startServer(envConfig);
// If omething went wrong starting the server, log what happened.
} catch (ConfigException ex) {
Logger.getLogger(OpenDSServlet.class.getName())
.log(Level.SEVERE, null, ex);
ex.printStackTrace();
throw new ServletException(
"Failed to start server: config exception.");
} catch (InitializationException ex) {
Logger.getLogger(OpenDSServlet.class.getName())
.log(Level.SEVERE, null, ex);
ex.printStackTrace();
throw new ServletException(
"Failed to start server: initialization exception.");
}
}
// Get an internal, root connection to the OpenDS instance.
InternalConnection = InternalClientConnection.getRootConnection();
if (InternalConnection == null) {
throw new ServletException("Internal connection is null.");
}
}
/**
* Generate the web form and results of searching OpenDS.
*/
protected void processRequest(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException {
// Get the name to search for
String name = request.getParameter("SrchStr");
if (name == null) { // No search string when the page is first loaded.
name = "";
}
// Send back an HTML page in response
String OpenDSLogo =
"<a href='https://opends.dev.java.net/public/downloads_index.html'>" +
"<img src='https://opends.dev.java.net/public/images/opends_logo.png' " +
"alt='Download OpenDS' style='float: right;' border='0' width='155'" +
"height='49'></a>";
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
try {
out.println("<html>");
out.println("<head>");
out.println("<title>Embedded OpenDS Example</title>");
out.println("</head>");
out.println("<body bgcolor='#a3b8cb'>");
out.println(OpenDSLogo);
out.println("<h2>Embedded OpenDS Example</h2>");
out.println("<p>This web app embeds an instance of OpenDS, ");
out.println("the pure Java LDAP Directory Server.</p><hr />");
out.println("<h2>NameLookupTool 0.0.001</h2>");
out.println("<form>");
out.println("Enter a name: <input type='text' name='SrchStr' ");
out.println("value='"+name+"'/><input type='submit' value='OK'/>");
out.println("</form>");
out.println(getSearchResult(name));
out.println("</body>");
out.println("</html>");
} finally {
out.close();
}
}
/**
* Return an HTML snippet containing LDIF for entries found.
* @param name Used to construct filter "(|(cn=*name*)(sn=*name*))"
*/
String getSearchResult(String name) {
String result = "";
// No results without a "name" string to search for
if (name == null || name.equals("")) {
return result;
}
// Get LDIF for entries whose common name or surname contains "name"
InternalSearchOperation searchOperation;
try {
searchOperation = InternalConnection.processSearch(
"dc=example,dc=com",
SearchScope.WHOLE_SUBTREE,
"(|(cn=*" + name + "*)(sn=*" + name + "*))");
for (SearchResultEntry matchingEntry :
searchOperation.getSearchEntries()) {
result += matchingEntry.toLDIFString() + "\n";
}
} catch (DirectoryException ex) {
Logger.getLogger(OpenDSServlet.class.getName())
.log(Level.SEVERE, null, ex);
}
// Return the HTML snippet, depending on whether the search
// found any directory entries.
if (!result.equals("")) {
return "<hr /><h2>Entries Found</h2><pre>" + result + "</pre>";
} else {
return "<hr /><p>No results found searching for " + name + ".</p>";
}
}
/**
* Stop the OpenDS instance when the servlet is shut down.
*/
public void destroy(ServletContext context) {
EmbeddedUtils.stopServer("org.mcraig.hello.OpenDSServlet", null);
}
/**
* Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
*/
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
*/
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
*/
public String getServletInfo() {
return "Short description";
}
}
Tuesday Aug 12, 2008
Ludo Poitou, Mazen Arakji, and Marina Sum continued with the second article about advanced configuration of OpenDS as the LDAP directory server for the naming service on OpenSolaris. Their latest article covers configuring authentication, configuring clients, and optimizing performance. You will find the article at http://developers.sun.com/identity/reference/techart/opends-namesvcs2.html.
For a link to part one, see my earlier entry, OpenDS For Your OpenSolaris Naming Service.
Monday Aug 04, 2008
Following OpenDS 1.0.0, Sun OpenDS Standard Edition 1.0, the pure Java LDAP directory server, is now available for download. See http://wikis.sun.com/display/sunopends/Sun+OpenDS+Downloads.
Sun OpenDS Standard Edition 1.0 includes an LDAP core that is designed for easy installation, embedding, and configuration. Sun OpenDS Standard Edition 1.0 brings you not only LDAPv3 compliance, support for many controls and extended operations, APIs to manage and enhance the server, but also multi-master replication.
Sun OpenDS Standard Edition 1.0 is based on the open source community project OpenDS. Sun OpenDS Standard Edition is the Sun commercial offering based on this project. So when you buy Sun OpenDS Standard Edition you get Sun support to back up your OpenDS deployment plans.
Sun OpenDS Standard Edition 1.0 documentation can be found at http://wikis.sun.com/display/SunOpenDSSEdocs/Documentation.
Wednesday Jul 16, 2008
Ludo Poitou, Mazen Arakji, and Marina Sum worked together on an article about using OpenDS as the LDAP directory for the naming service on OpenSolaris. You will find the article at http://developers.sun.com/identity/reference/techart/opends-namesvcs.html.
Plans are also taking shape to get OpenDS available with OpenSolaris, so you will not even have to go through the 3-minute install.
OpenDS: Open Source, Java Based LDAP Directory Server Reaches 1.0
As Ludo announced July 10, OpenDS, the open source, Java based, fully featured LDAP Directory Server officially reached 1.0.0. OpenDS 1.0.0 is the first stable release from the OpenDS project. You can download OpenDS 1.0.0 at http://www.opends.org/promoted-builds/1.0.0. The release notes can be found at https://www.opends.org/1.0/page/ReleaseNotes.
Post 1.0.0 the OpenDS project plans to deliver a number of additional LDAP features and extensions, security enhancements, extensions to replication, and more. The roadmap is posted on the OpenDS Wiki at https://www.opends.org/wiki/page/OpenDSRoadmap.
Thursday Jun 26, 2008
This entry is an excerpt from a longer discussion about turning off the ManageDSAIT control, which lets you manage referral entries, and instead following referrals no matter what using Directory Proxy Server. This entry starts off by showing how to specify which controls are forwarded to LDAP data sources. In other words, this entry shows how to turn off a supported control.
You can turn off ManageDSAIT on Directory Proxy, however. allowed-ldap-controls is a server property, documented at http://docs.sun.com/app/docs/doc/820-2767/allowed-ldap-controls-5dpconf.
To turn off ManageDSAIT on Directory Proxy, you set the allowed-ldap-controls to everything but manage-dsa. The Directory Proxy in this example listens on port 2389:
dpconf set-server-prop -p 2389 \ allowed-ldap-controls:proxy-auth-v1 \ allowed-ldap-controls:proxy-auth-v2 \ allowed-ldap-controls:persistent-search \ allowed-ldap-controls:auth-request \ allowed-ldap-controls:real-attributes-only \ allowed-ldap-controls:chaining-loop-detection \ allowed-ldap-controls:vlv-request \ allowed-ldap-controls:server-side-sorting \ allowed-ldap-controls:get-effective-rights
Following referrals is a separate thing, set as part of a resource limits policy on a connection handler. So if you want referrals to be followed for connections through the default handler, set up a policy, attach it to the default handler, and make sure part of the policy is following referrals:
dpconf create-resource-limits-policy -p 2389 myPolicy dpconf set-connection-handler-prop -p 2389 "default connection handler" resource-limits-policy:myPolicy dpconf set-resource-limits-policy-prop -p 2389 myPolicy referral-policy:follow
In Directory Server for the example here a referral is set up. Directory Server listens on port 1389:
ldapsearch -p 1389 -M -b ou=employees,dc=example,dc=com uid=bjensen version: 1 dn: uid=bjensen,ou=employees,dc=example,dc=com objectClass: top objectClass: extensibleObject objectClass: referral ref: ldap://localhost:1389/uid=bjensen,%20ou=People,%20dc=example,dc=com uid: bjensen ldapsearch -p 1389 -b ou=employees,dc=example,dc=com uid=bjensen version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209
Now when you go through Directory Proxy to Directory Server without or with -R, you see the same thing:
ldapsearch -p 2389 -b ou=employees,dc=example,dc=com uid=bjensen version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209 ldapsearch -R -p 2389 -b ou=employees,dc=example,dc=com uid=bjensen version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209
When you try to get a look at the referral entry with -M, however, Directory Proxy balks as expected:
ldapsearch -M -p 2389 -b ou=employees,dc=example,dc=com uid=bjensen ldap_search: Unavailable critical extension ldap_search: additional info: The server is not configured to pass through control 2.16.840.1.113730.3.4.2
Tuesday Apr 15, 2008
Directory Server Enterprise Edition 6.3 is now available for download. You can download Directory Server Enterprise Edition directly. See http://www.sun.com/software/products/directory_srvr_ee/ for information. This 6.3 patch release offers updated platform support, perf improvements, and a number of handy fixes.
The documentation for this release is available on docs.sun.com, http://docs.sun.com/app/docs/coll/1224.4. Kevin has published a summary of key features and news on the DSEE blog.
Monday Apr 14, 2008
Jay Biddle commented that the examples in The Version 6 CLI: First Steps With Directory Proxy would be more helpful if they showed what to do when Directory Proxy Server is not able to get through to Directory Server. This entry does not cover all possible things that could go wrong, but touches on what happens when you have a partial setup, what happens when Directory Server is down, and what happens when you want to access cn=monitor.
Partially Set Up Directory Proxy Server
What if you think you set up Directory Server and Directory Proxy Server as shown in The Version 6 CLI: First Steps With Directory Proxy, but you cannot get through.
$ ldapsearch -p 2389 -b dc=example,dc=com uid=bjensen ldap_search: Operations error ldap_search: additional info: Unable to retrieve a backend SEARCH connection to process the search request
Evidently, Directory Proxy Server is not able to talk to Directory Server. If you are sure Directory Server is running and is properly configured, check the Directory Proxy Server configuration to see if any objects in the chain are missing. In order for everything to work, you need at least a data source in a data source pool, and a view into the data source pool.
$ dpconf list-ldap-data-sources -p 2389 My DS $ dpconf list-ldap-data-source-pools -p 2389 defaultDataSourcePool $ dpconf list-ldap-data-views -p 2389 root data view
Aha! The data source pool and data view objects appear to be missing. Only the defaults exist. Create "My Pool" and "My View", attaching "My DS" to "My Pool".
$ dpconf create-ldap-data-source-pool -p 2389 "My Pool" $ dpconf attach-ldap-data-source -p 2389 "My Pool" "My DS" $ dpconf create-ldap-data-view -p 2389 "My View" "My Pool" dc=example,dc=com
You must also set the search weight property on the data source. Otherwise, Directory Proxy Server shows you nothing.
$ dpconf set-attached-ldap-data-source-prop -p 2389 "My Pool" "My DS" search-weight:100
Now the search should work.
$ ldapsearch -p 2389 -b dc=example,dc=com uid=bjensen version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209
Directory Server Not Started
Stop the Directory Server you use as a data source, and then try the search against Directory Proxy Server.
$ dsadm stop /local/ds $ ldapsearch -p 2389 -b dc=example,dc=com uid=bjensen ldap_search: Operations error ldap_search: additional info: Unable to retrieve a backend SEARCH connection to process the search request
Hmm, where have we seen this message before? ;-) Start Directory Server.
$ dsadm start /local/ds Server started: pid=10733 $ ldapsearch -p 2389 -b dc=example,dc=com uid=bjensen ldap_search: Operations error ldap_search: additional info: Unable to retrieve a backend SEARCH connection to process the search request
It looks like Directory Proxy Server needs a restart to open its connections again.
$ dpadm restart /local/dps Directory Proxy Server instance '/local/dps' stopped Directory Proxy Server instance '/local/dps' started: pid=10757 $ ldapsearch -p 2389 -b dc=example,dc=com uid=bjensen version: 1 dn: uid=bjensen, ou=People, dc=example,dc=com cn: Barbara Jensen cn: Babs Jensen sn: Jensen givenName: Barbara objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson ou: Product Development ou: People l: Cupertino uid: bjensen mail: bjensen@example.com telephoneNumber: +1 408 555 1862 facsimileTelephoneNumber: +1 408 555 1992 roomNumber: 0209
Which cn=monitor?
Unless you bind as cn=Proxy Manager, Directory Proxy Server shows you cn=monitor on the Directory Server data source, rather than Directory Proxy Server. By default, the pipes might not be configured either.
$ ldapsearch -p 2389 -b cn=monitor objectclass=\*ldap_search: Operations error ldap_search: additional info: Unable to retrieve a backend SEARCH connection to process the search request $ ldapsearch -D cn=Proxy\ Manager -w - -p 2389 -b cn=monitor objectclass=\* Enter bind password: … many lines of output … operationalStatus: OK statusDescription: globalIndicator: GREEN
This behavior is the same for cn=config.
Friday Apr 04, 2008
Congratulations to Ludo for originating a very successful Directory Masters Event April 3-4 here at Sun's Grenoble Engineering Center! Thanks to all who attended, in particular to all who presented and contributed to the conversation. Also thanks to Dom and Caroline for their precious planning and logistical help.
Directory Masters is an opportunity for Directory experts to get together and share. This sort of face-to-face meeting really helps us to clarify the best practices that help our customers, and to prioritize what we need to do for the future. So the Directory Masters Event is not something we can easily replace by email, IM, etc.
Missed this meeting in Grenoble? Luckily there's another one coming up, the week after JavaOne, May 12-13 in Somerset, New Jersey.
Sunday Mar 23, 2008
This was a bit trickier than Ubuntu in VirtualBox on OpenSolaris. The screen resolution was resolved by the Developer Preview 2 install inside VirtualBox, but the OpenSolaris VM had no networking. How do you download missing stuff when you have no network access?
You get the .iso for the ae network driver from Alan Burlinson's blog. I do not have bunzip2 on Windows XP, though you can probably get binaries somewhere. Instead I unzipped the .iso on another system, stopped the OpenSolaris VM, and then mounted the .iso.
Next I followed the directions in the Readme file for the driver ( more or less ;-). After a reboot of the VM, the network seems to work fine.
Saturday Mar 22, 2008
Giving a beta a try is easier with VirtualBox. Beta within beta, in fact, since VirtualBox seems to be in beta on OpenSolaris.
All I had to do to get started with the install was mount the beta Ubuntu .iso as a CD-ROM. What's not working yet? Looks like screen resolution is stuck at 800x600, and USB does not get cabled through correctly.
Last time I tried to do the same thing with VMWare, I had to find someone with VMWare workstation. Kind of expensive if all you want to do is give some beta software a whirl.