|
From: Neil W. <nei...@pi...> - 2017-08-30 16:00:33
|
What behavior do you expect?
If you search with a base DN of the empty string (the null base DN), then
the in-memory directory server will exhibit the standard LDAPv3 behavior.
If you use a scope of BASE, then it will retrieve the root DSE entry that
provides information about the server’s capabilities and data. If you use a
different scope, then it will automatically consider the null DN to be the
immediate parent of each of the naming contexts.
So in your case, if you have a base DN of “DC=test,DC=company,DC=local” and
perform a subtree search with a base DN equal to the null DN, then it will
automatically search below DC=test,DC=company,DC=local. However, this
doesn’t work for DNs subordinate to the null DN but superior to the naming
context. For example, if you search with a base DN of “DC=local”, then the
correct standard behavior is to get a NO_SUCH_OBJECT result because that
entry doesn’t exist. The interceptor that I provided can change that to
return a referral to “DC=test,DC=company,DC=local” instead, but that’s not
really standards-compliant behavior.
Neil
On Wed, Aug 30, 2017 at 4:16 AM, <g....@au...> wrote:
> Hello Neil,
>
>
>
> Thanks for your reply.
>
> On the way implementing that interceptor I had to realize that a referral
> didn't solve my problem.
>
> But I was able to intercept the request which doesn't have a base ("") and
> reply with an entry which contained the needed information for the client.
>
> And that finally solved my problem. :-)
>
>
>
> Regards,
>
> Gerrit
>
>
>
> *Von:* Neil Wilson via ldap-sdk-discuss [mailto:ldap-sdk-discuss@
> lists.sourceforge.net]
> *Gesendet:* Dienstag, 29. August 2017 21:26
> *An:* LDAP SDK Discussions
> *Cc:* Neil Wilson
> *Betreff:* Re: [ldap-sdk-discuss] Adding referral to
> InMemoryDirectoryServer
>
>
>
> Although both the LDAP SDK and the in-memory directory server support
> referrals, you cannot create referral entries above non-referral entries.
> You probably don’t really want that anyway, because referral entries
> generally apply to all types of operations, and you don’t want the server
> telling the client to send a modify attempt targeting “DC=local” to
> “DC=test,DC=company,DC=local” instead.
>
>
>
> Presumably, what you really want is to have only search operations with a
> base DN that is superior to “DC=test,DC=company,DC=local” to receive a
> referral telling them to use a base DN of “DC=test,DC=company,DC=local”. If
> you want that, you can achieve it with an InMemoryOperationInterceptor
> that intercepts search requests and throws an LDAPException with a
> referral result if the request has a base DN that is superior to the
> desired base DN. The attached ReferSearchesAboveBaseInMemory
> OperationInterceptor.java source file does exactly that.
>
>
>
> It’s pretty trivial to use the attached interceptor. Just use the
> InMemoryDirectoryServerConfig.addInMemoryOperationInterceptor method. For
> example:
>
>
>
> final String baseDN = "DC=test,DC=company,DC=local";
>
> final InMemoryDirectoryServerConfig cfg =
>
> new InMemoryDirectoryServerConfig(baseDN);
>
> cfg.addInMemoryOperationInterceptor(
>
> new ReferSearchesAboveBaseInMemoryOperationInterceptor(baseDN));
>
>
>
> final InMemoryDirectoryServer ds = new InMemoryDirectoryServer(cfg);
>
> ds.add(
>
> "dn: DC=test,DC=company,DC=local",
>
> "objectClass: top",
>
> "objectClass: domain",
>
> "DC: test");
>
> ds.startListening();
>
>
>
> try
>
> {
>
> final LDAPConnectionOptions connectionOptions =
>
> new LDAPConnectionOptions();
>
> connectionOptions.setFollowReferrals(true);
>
>
>
> try (LDAPConnection connection = ds.getConnection(connectionOptions))
>
> {
>
> final SearchResult searchResult = connection.search("DC=local",
>
> SearchScope.SUB, Filter.createPresenceFilter("objectClass"));
>
>
>
> LDAPTestUtils.assertResultCodeEquals(searchResult,
> ResultCode.SUCCESS);
>
> LDAPTestUtils.assertEntriesReturnedEquals(searchResult, 1);
>
> LDAPTestUtils.assertEntryReturned(searchResult,
>
> "DC=test,DC=company,DC=local");
>
> }
>
> }
>
> finally
>
> {
>
> ds.shutDown(true);
>
> }
>
>
>
> I hope this does what you need, or at least puts you on the right track.
>
>
>
> Neil
>
>
>
>
>
> On Tue, Aug 29, 2017 at 7:36 AM, <g....@au...> wrote:
>
> Hello everyone,
>
>
>
> I'm currently "fighting" with the InMemoryDirectoryServer.
>
> So far it works perfectly. I can use SSL/TLS, I can add credentials as
> well as entries.
>
> But somehow I can't figure out how to add referrals.
>
> My base DN is "DC=test,DC=company,DC=local" and I want referrals on each
> of the previous levels ("DC=company,DC=local", "DC=local", "") pointing to
> that base DN.
>
>
>
> Regards,
>
> Gerrit
>
>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> ldap-sdk-discuss mailing list
> lda...@li...
> https://lists.sourceforge.net/lists/listinfo/ldap-sdk-discuss
>
>
>
>
> *CONFIDENTIALITY NOTICE: This email may contain confidential and
> privileged material for the sole use of the intended recipient(s). Any
> review, use, distribution or disclosure by others is strictly prohibited.
> If you have received this communication in error, please notify the sender
> immediately by e-mail and delete the message and any file attachments from
> your computer. Thank you.*
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> ldap-sdk-discuss mailing list
> lda...@li...
> https://lists.sourceforge.net/lists/listinfo/ldap-sdk-discuss
>
>
--
*CONFIDENTIALITY NOTICE: This email may contain confidential and privileged
material for the sole use of the intended recipient(s). Any review, use,
distribution or disclosure by others is strictly prohibited. If you have
received this communication in error, please notify the sender immediately
by e-mail and delete the message and any file attachments from your
computer. Thank you.*
|
