[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[higgins-dev] Fwd: Re: Transferring data from JNDI probider
|
Let's do this where we have it archived.
Tom
>>> Jim Sermersheim 06/06/08 10:42 AM >>>
Peter, Is your LDAP server accessible by us? We could maybe look at it. I think that DN may technically be valid (what LDAP server are you using?), but it's likely that it doesn't point to an actual entry. A DN is comprised of one or more RDNs separated by commas. Each RDN is typically an AVA (<attribute>=<value>). So the leftmost RDN in that DN has as it's attribute name "uid", and as its attribute value "cn=root". I've never seen an RDN formed that way.
Looking at your config, I can see what is happening. You are telling the JNDI CP to transform names by always prepending "uid=" and always appending ",ou=identities,dc=higgins,dc=eclipse,dc=org". See the setting that looks like this:
<Setting Name="consumerEntityIDToProvider" Type="htf:jscriptexec">
<![CDATA[RESULT = "uid=" + consumerID + ",ou=identities,dc=higgins,dc=eclipse,dc=org"]]>
</Setting>
What does your LDAP tree structure look like?
>>> Tom Doman 06/06/08 10:25 AM >>>
Yeah, as I implied before, it looks like your DN is invalid, namely, "uid=cn=root,ou=identities,dc=higgins,dc=eclipse,dc=org". I don't know what user you really want to access, but that DN looks bogus.
Tom
>>> Peter Kimlach <pkimlach@xxxxxxxxxxxxxx> 06/06/08 10:19 AM >>>
Here is exception stack trace:
javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
org.eclipse.higgins.idas.api.IdASException:
javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
at
org.eclipse.higgins.idas.cp.jndi.JNDIContext._handleNamingException(JNDIContext.java:563)
at
org.eclipse.higgins.idas.cp.jndi.JNDIContext._setupContext(JNDIContext.java:625)
at
org.eclipse.higgins.idas.cp.jndi.JNDIContext.open(JNDIContext.java:478)
at
org.eclipse.higgins.idas.datatransfer.IdasDataTransfer.createContext(IdasDataTransfer.java:103)
at
org.eclipse.higgins.idas.datatransfer.IdasDataTransfer.getSource(IdasDataTransfer.java:110)
at
org.eclipse.higgins.idas.datatransfer.IdasDataTransfer.main(IdasDataTransfer.java:127)
Caused by: javax.naming.InvalidNameException: [LDAP: error code 34 -
invalid DN]
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
at javax.naming.InitialContext.init(Unknown Source)
at javax.naming.ldap.InitialLdapContext.<init>(Unknown Source)
at
org.eclipse.higgins.idas.cp.jndi.JNDIContext._setupContext(JNDIContext.java:616)
... 4 more
Tom Doman wrote:
> "uid=cn=root,ou=identities,dc=higgins,dc=eclipse,dc=org"? Maybe that's a nameform I'm unfamiliar with. At any rate, what is the failure reason? There should be an exception raised w/ more details.
>
> Tom
>
>
>>>> Peter Kimlach <pkimlach@xxxxxxxxxxxxxx> 06/06/08 3:57 AM >>>
>>>>
> Actually I need to copy (move) all data from one provider to another,
> from JNDI to jena or any other. The problem I've got is fail to open
> context with "uid=cn=root,ou=identities,dc=higgins,dc=eclipse,dc=org". I
> used cn=root to get access to all users and their entities.
>
> Here is part of code that I used to open context:
> private static synchronized IContext createContext(String configId)
> throws IdASException {
> IConfiguration config = getConfiguration(configId);
> String sFactories = config.getProperty(DISCOVERY_FILE,
> "contextfactories.xrds");
> FileDiscovery factories = new FileDiscovery(new File(sFactories));
> IdASRegistry registry = IdASRegistry.getInstance();
> registry.setDiscovery(factories);
>
> String sCtx = config.getProperty(IDAS_CONTEXT_ID,
> "userProfileContext.xrds");
> IContext ctx = registry.createContext(sCtx);
> if (ctx == null)
> throw new IdASException("User profile context not found with
> ID " + sCtx);
> ctx.open(new AuthNNamePasswordMaterials(ctx,
> config.getProperty(IDAS_USER_NAME, "testUser"),
> config.getProperty(IDAS_USER_PASSWORD, "testPassword")));
> return ctx;
> }
>
> with this config:
>
> <Setting Name="env" Type="htf:map">
> <Setting
> Name="java.naming.security.authentication"
> Type="xsd:string">simple</Setting>
> <Setting Name="java.naming.security.principal"
> Type="xsd:string">cn=root</Setting>
> <Setting Name="java.naming.security.credentials"
> Type="xsd:string">higgins</Setting>
> <Setting
> Name="java.naming.ldap.attributes.binary" Type="xsd:string">guid</Setting>
> <!-- Setting
> Name="org.eclipse.higgins.idas.cp.jndi.trustStore"
> Type="xsd:string">d:/.keystore</Setting-- >
> <!-- Setting
> Name="org.eclipse.higgins.idas.cp.jndi.startTLS"
> Type="xsd:string">false</Setting-- >
> </Setting>
> <Setting Name="JSPolicyAction" Type="htf:map">
> <Setting Name="JSSharedScope"
> Type="htf:jscriptscope">
> <![CDATA[
> var multimap = {
> consumer: [],
> provider: []
> };
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"]
> =
> ["givenname", "givenName", "2.5.4.42"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"]
> =
> ["sn", "surname", "2.5.4.4"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"]
> =
> ["mail", "email", "emailaddress",
> "internetaddress",
> "1.2.840.113549.1.9.1",
> "rfc822mailbox", "0.9.2342.19200300.100.1.3"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress"]
> =
> ["street", "streetaddress", "2.5.4.9"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality"]
> =
> ["localityName", "2.5.4.7"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince"]
> =
> ["st", "stateprovincename", "2.5.4.8"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode"]
> =
> ["postalcode", "2.5.4.17"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country"]
> =
> ["countryname", "2.5.4.6"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone"]
> =
> ["homephone", "telephonenumber",
> "2.5.4.20"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone"]
> =
> ["otherphone", "telephoneNumber"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone"]
> =
> ["mobile", "mobilephone",
> "0.9.2342.19200300.100.1.41"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth"]
> =
> ["dateofbirth"];
>
> multimap.consumer["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender"]
> =
> ["gender"];
>
> multimap.consumer["http://sts.labs.live.com/2006/06/claims/nickname"] =
> ["nickname"];
>
> multimap.consumer["http://burtongroup.com/interop/2007/05/identity/cameratype"]
> =
> ["cameratype"];
>
> multimap.consumer["http://burtongroup.com/interop/2007/05/identity/group"] =
> ["GroupName"];
>
> multimap.consumer["http://burtongroup.com/interop/2007/05/identity/groupRole"]
> =
> ["groupRole"];
> for (elem in multimap.consumer)
> {
> for (provider in
> multimap.consumer[elem])
>
> multimap.provider[multimap.consumer[elem][provider]] = elem;
> }
> ]]>
> </Setting>
> <Setting Name="consumerEntityIDToProvider"
> Type="htf:jscriptexec">
> <![CDATA[
> RESULT = "uid=" + consumerID +
> ",ou=identities,dc=higgins,dc=eclipse,dc=org"
> ]]>
> </Setting>
> <Setting Name="providerEntityIDToConsumer"
> Type="htf:jscriptexec">
> <![CDATA[
> var re = new
> RegExp("^uid=(.*),ou=identities,dc=higgins,dc=eclipse,dc=org$", "i");
> RESULT =
> String(providerID.toString()).replace(re, "$1");
> ]]>
> </Setting>
> <Setting Name="consumerAIDToProvider"
> Type="htf:jscriptexec">
> <![CDATA[
> map =
> multimap.consumer[String(consumerID.toString())];
> if (!map)
> {
> var re = new
> RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_",
> "i");
> map =
> String(consumerID.toString()).replace(re, "");
> }
> RESULT = map;
> ]]>
> </Setting>
> <Setting Name="providerAIDToConsumer"
> Type="htf:jscriptexec">
> <![CDATA[
> map =
> multimap.provider[String(providerID.toString()).toLowerCase()];
> if (!map)
> map =
> "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#attr_" +
> providerID.toString();
> RESULT = map;
> ]]>
> </Setting>
> <Setting Name="consumerEntityTypeToProvider"
> Type="htf:jscriptexec">
> <![CDATA[
> var re = new
> RegExp("^http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_",
> "i");
> RESULT =
> String(consumerType.toString()).replace(re, "");
> ]]>
> </Setting>
> <Setting Name="providerEntityTypeToConsumer"
> Type="htf:jscriptexec">
> <![CDATA[
> RESULT =
> "http://www.eclipse.org/higgins/ontologies/2006/higgins/ldap#class_" +
> String(providerType.toString());
> ]]>
> </Setting>
>
>
> Peter
> Jim Sermersheim wrote:
>
>> Hi Peter,
>>
>>
>> Can we include Tom in this discussion? Actually it would be
>> preferable to move it to higgins- dev because then it will be in the
>> archive for future reference. I'll leave it to you to move it there.
>>
>>
>> On #1, Do you want to get all entities in a context, or only those
>> that represent "users" (which I assume would represent people as
>> opposed to things like devices, groups, etc.). If you want to get all
>> entities in a context, you can call IContext.getEntities(null); If
>> you want to get only person entities, you need to build a filter which
>> constrains the entities returned to only those that represent people.
>> If this is what you want, let me know, and send me your context's
>> configuration file so I can make a guess at what entity type
>> represents people and then I can show you what kind of filter would be
>> used to constrain the set of IEntities returned by
>> IContext.getEntities(IFilter) to people- only.
>>
>>
>> On #2 and #3, I'd have to see the code you are using to make a better
>> guess at what's causing these problems.
>>
>>
>> Jim
>>
>>
>>>>> Peter Kimlach <pkimlach@xxxxxxxxxxxxxx> 06/06/08 2:39 AM >>>
>>>>>
>> Hi Jim,
>> I have a problem with transferring data from and to JNDI provider using
>> idas interfaces. I need your help with this:
>> 1. How to get all users and their entities?
>> 2. When I tried to copy entity from one JNDI context to another JNDI
>> context it lost all its attributes
>> 3. There is also problem with coping entity id and type.
>>
>> Peter
>>
>>
>
>