directory-api mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lécharny <elecha...@gmail.com>
Subject Re: Ldap API Custom Controls
Date Sun, 24 Dec 2017 19:17:41 GMT
Hi Chris,

I have applied the PR, with a bit of cleanup/modifications :

- First, the class name should be AdPolicyHints, not
LdapServerPolicyHintsOid (the Oid is spurious, so is the LdapServer
prefix, and I added the 'Ad' prefix, as for all the AD controls).
- I have added javadoc to the code, and a standard header (@author tag)
- the control has been moved to the
o.a.d.api.ldap.extras.controls.ad_impl instead of
o.a.d.api.ldap.extras.controls.policyHints_impl (same thing for the
interface package o.a.d.api.ldap.extras.controls.ad.policyHints which
has been moved to o.a.d.api.ldap.extras.controls.ad). The rationnal is
that every AD controls goes under the o.a.d.api.ldap.extrascontrols.ad
package.

Otherwise, all is good.

Thanks for the PR and happy Xmas !


Le 04/12/2017 à 19:19, Chris Pike a écrit :
> Emmanuel,
> 
> We have created a pull request
> 
> https://github.com/apache/directory-ldap-api/pull/1
> 
> Let us know if anything needs changed.
> 
> Thanks,
> 
> ~Chris P.
> 
> 
> ----- Original Message -----
> From: "Emmanuel Lécharny" <elecharny@gmail.com>
> To: "Chris Pike" <clp207@psu.edu>, "api" <api@directory.apache.org>, "elecharny"
<elecharny@apache.org>
> Sent: Tuesday, November 28, 2017 5:54:39 PM
> Subject: Re: Ldap API Custom Controls
> 
> Hi Chris,
> 
> do you need any more information to get the code pushed ?
> 
> 
> Many thanks !
> 
> 
> 
> Le 05/10/2017 à 21:18, Chris Pike a écrit :
>> Emmanuel,
>>
>> We got this working. Is there a git repo for the directory api, or do we have to
use subversion to provide the code back?
>>
>> Thanks,
>>
>> ~Chris Pike
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "Emmanuel Lecharny" <elecharny@apache.org>
>> To: "api" <api@directory.apache.org>
>> Sent: Monday, September 11, 2017 6:57:38 PM
>> Subject: Re: Ldap API Custom Controls
>>
>> The control value (3003020101) is a PDU which has teh following meaning :
>>
>> 0x30 0x03 : SEQ length 3
>>   0x02 0x01 0x01 : INTEGER length 1 value 1
>>
>> So you have sent a correct Control, but the OID has changed :
>> 1.2.840.113556.1.4.20669 was for ancient versions of Windows Server (up to
>> Windows 2012) and the OID you are using is a new one
>> (1.2.840.113556.1.4.2239).
>>
>> I can only bet that the OID is not understood by the Windows machine you
>> are talking to.
>>
>>
>> On Fri, Sep 8, 2017 at 4:11 PM, CRAIG BENNER <craig.benner@psu.edu> wrote:
>>
>>> Thanks Shawn, I was going to ask that.  But I got wireshark working.
>>> Below is the packet I'm assuming we want to see.  In concept it looks
>>> correct, but i'm not sure what the controlValue is suppose to be on the
>>> wire.
>>>
>>> Frame 9: 295 bytes on wire (2360 bits), 295 bytes captured (2360 bits) on
>>> interface 0
>>> Ethernet II, Src: PcsCompu_f5:e8:94 (08:00:27:f5:e8:94), Dst:
>>> PcsCompu_4b:a3:17 (08:00:27:4b:a3:17)
>>> Internet Protocol Version 4, Src: 192.168.33.10, Dst: 192.168.33.11
>>>
>>> Transmission Control Protocol, Src Port: 44766, Dst Port: 389, Seq: 45,
>>> Ack: 46, Len: 229
>>> Lightweight Directory Access Protocol
>>>     LDAPMessage modifyRequest(7) "cn=model_ouadmin,ou=PSU-OU-
>>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>>> Administration,dc=develop,dc=local"
>>>         messageID: 7
>>>         protocolOp: modifyRequest (6)
>>>             modifyRequest
>>>                 object: cn=model_ouadmin,ou=PSU-OU-
>>> Admin-Accounts,ou=PSU-AD-OU-Administration,ou=PSU-AD-
>>> Administration,dc=develop,dc=local
>>>                 modification: 1 item
>>>         [Response In: 10]
>>>         controls: 1 item
>>>             Control
>>>                 controlType: 1.2.840.113556.1.4.2239 (ISO assigned OIDs,
>>> USA.113556.1.4.2239)
>>>                 criticality: True
>>>                 controlValue: 3003020101
>>>
>>> Thanks.
>>> Craig Benner
>>>
>>> ----- Original Message -----
>>> From: "Shawn McKinney" <smckinney@apache.org>
>>> To: "api" <api@directory.apache.org>
>>> Sent: Friday, September 8, 2017 9:58:56 AM
>>> Subject: Re: Ldap API Custom Controls
>>>
>>>> On Sep 7, 2017, at 8:41 PM, CRAIG BENNER <craig.benner@psu.edu> wrote:
>>>>
>>>> It will take some changes to get a wireshark capture, since Password's
>>> can only be managed over a secure connection.  Hopefully tomorrow I can get
>>> you the wireshark capture
>>>
>>> Wonder if it would be easier to just enable the API logger containing the
>>> BER request/response traces?  That’s typically how I debug.  Saves the
>>> trouble of setting up wireshark.
>>>
>>>     <category name="org.apache.directory.api" class="org.apache.log4j.Logger"
>>> additivity="false">
>>>         <priority value="DEBUG" class="org.apache.log4j.Level"/>
>>>         <appender-ref ref="file"/>
>>>     </category>
>>>
>>
>>
> 

-- 
Emmanuel Lecharny

Symas.com
directory.apache.org


Mime
View raw message