[jboss-jira] [JBoss JIRA] Commented: (SECURITY-5) Integrate OpenDS in HEAD testsuite
Anil Saldhana (JIRA)
jira-events at jboss.com
Thu Sep 14 17:32:34 EDT 2006
[ http://jira.jboss.com/jira/browse/SECURITY-5?page=comments#action_12343341 ]
Anil Saldhana commented on SECURITY-5:
--------------------------------------
I have been able to bootstrap the DS via a MBean Service and also shutdown properly (except for a glitch). There is a OpenDS JMXConnectionHandler lurking around listening on port 1689 after the shutdown.
https://opends.dev.java.net/issues/show_bug.cgi?id=648
This is no big deal. But takes away the ability to continuosly start/stop the DS cleanly as part of test setup.
Workaround:
Make the start/stop of the DS as part of the server configuration "start/stop" and let the tests deal with adding ldifs and removing ldifs.
> Integrate OpenDS in HEAD testsuite
> ----------------------------------
>
> Key: SECURITY-5
> URL: http://jira.jboss.com/jira/browse/SECURITY-5
> Project: JBoss Security
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Reporter: Anil Saldhana
> Assigned To: Anil Saldhana
>
> My preliminary testing with OpenDS has been a success. I was able to secure a jmx-console using the LdapLoginModule with the example1.ldif in
> http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule
> Since the configuration of OpenDS is based on scripts that internally call java classes, it should be easy to integrate it into HEAD testsuite.
> My prelim testing details:
> ====================================================================
> C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>start-ds
> [12/Sep/2006:12:57:14 -0500] category=CORE severity=NOTICE id=458886 msg="OpenDS
> Directory Server 0.1-build007 starting up."
> [12/Sep/2006:12:57:15 -0500] category=BACKEND severity=NOTICE id=8847402 msg="A
> database backend containing 1 entries has started."
> [12/Sep/2006:12:57:16 -0500] category=CONFIG severity=SEVERE_WARNING id=3277325
> msg="Access control has been disabled."
> [12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458887 msg="The Di
> rectory Server has started successfully."
> [12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458891 msg="The Di
> rectory Server has sent an alert notification generated by class org.opends.serv
> er.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, al
> ert ID 458887): The Directory Server has started successfully.."
> ================================================================================
> =============================================================================
> C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapmodify -h localhost
> -D "cn=Directory Manager" -w password -a -f a.ldif
> Processing ADD request for dc=jboss,dc=org.
> ADD operation successful for DN dc=jboss,dc=org.
> Processing ADD request for ou=People,dc=jboss,dc=org.
> ADD operation successful for DN ou=People,dc=jboss,dc=org.
> Processing ADD request for uid=jduke,ou=People,dc=jboss,dc=org.
> ADD operation successful for DN uid=jduke,ou=People,dc=jboss,dc=org.
> Processing ADD request for ou=Roles,dc=jboss,dc=org.
> ADD operation successful for DN ou=Roles,dc=jboss,dc=org.
> Processing ADD request for cn=Echo,ou=Roles,dc=jboss,dc=org.
> ADD operation successful for DN cn=Echo,ou=Roles,dc=jboss,dc=org.
> Processing ADD request for cn=TheDuke,ou=Roles,dc=jboss,dc=org.
> ADD operation successful for DN cn=TheDuke,ou=Roles,dc=jboss,dc=org.
> ===============================================================================
> ==============================================================================
> C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapsearch -h localhost
> -b "dc=jboss,dc=org" -s sub "objectclass=*"
> dn: dc=jboss,dc=org
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: JBoss
> dc: jboss
> dn: ou=People,dc=jboss,dc=org
> objectClass: top
> objectClass: organizationalUnit
> ou: People
> dn: uid=jduke,ou=People,dc=jboss,dc=org
> objectClass: top
> objectClass: person
> objectClass: uidObject
> userPassword: {SSHA}XM3FqJX2rfY5Cnzd1Q77gBIsSaiS/MWFfg2LPw==
> cn: Java Duke
> sn: Duke
> uid: jduke
> =====================================================================================
> The application policy:
> <application-policy name = "jmx-console">
> <authentication>
> <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
> flag="required">
> <module-option name="java.naming.factory.initial">
> com.sun.jndi.ldap.LdapCtxFactory
> </module-option>
> <module-option name="java.naming.provider.url">
> ldap://localhost:389/
> </module-option>
> <module-option name="java.naming.security.authentication">
> simple
> </module-option>
> <module-option name="principalDNPrefix">uid=</module-option>
> <module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=org</module-option>
> <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
> <module-option name="uidAttributeID">member</module-option>
> <module-option name="matchOnUserDN">true</module-option>
> <module-option name="roleAttributeID">cn</module-option>
> <module-option name="roleAttributeIsDN">false</module-option>
> <module-option name="searchTimeLimit">5000</module-option>
> <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
> </login-module>
> </authentication>
> </application-policy>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list