[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Authz interoperability of Sun's JNDI LDAP boost pack and OpenLDAP



--On Wednesday, June 20, 2007 5:43 PM +0200 Michael StrÃder <michael@stroeder.com> wrote:

HI!

I'm currently testing proxy authorization with the control
implementation com.sun.jndi.ldap.ctl.ProxiedAuthorizationControl in
Sun's LDAP boost pack for JNDI.

slapd seems to be configured correctly since this command-line works:

ldapsearch -x -H "ldap://localhost:1390"; -D
"uid=proxyuser,ou=proxyauthztests,ou=Testing,dc=stroeder,dc=de" -w
testproxy -b "ou=Testing,dc=stroeder,dc=de" -s sub -e
\!authzid="dn:uid=proxieduser,ou=proxyauthztests,ou=Testing,dc=stroeder,d
c=de" "(objectClass=*)"

Now I'm trying to do the same via JNDI (see attached Test2.java). But
this results in:

Exception: javax.naming.NamingException: [LDAP: error code 47 - authzId
mapping failed]; remaining name 'ou=Testing,dc=stroeder,dc=de'

If starting slapd with debugging (-d args,trace,packets) I get the log
I've also attached. Note the extra char before "dn:" in line starting
with "parseProxyAuthz". I extracted the control from Wireshark and even
dumpasn1.c did not manage to decode it properly. So I suspect
something's wrong with the encoding. Can anybody please confirm this?

Any hint how to reach Sun's JNDI developers?

Have you tried using JLDAP instead? When I was at Stanford, we started having to use JLDAP over JNDI as JLDAP had better support for control implementations.


--Quanah

--
Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration