0

For testing purposes I started to use in-memory ldap server

val config = InMemoryDirectoryServerConfig(baseDn)
config.addAdditionalBindCredentials("cn=$LOGIN", PASSWORD)
config.schema = null
val server = InMemoryDirectoryServer(config)
val importFromLDIF = server .importFromLDIF(
    true,
    ResourceUtils.getFile("classpath:dump.ldif"),
)
ds.startListening()

I wanted to test the case when I change userPrincipalName with userPrincipalName which already in use by another user.

Expected result - server will respond with error
Actual result - userPrincipalName was successfully changed

On real server I get an error. Is there way to make the same behaviour on in-memory ldap server ?

enter image description here

gstackoverflow
  • 36,709
  • 117
  • 359
  • 710
  • Why do you set `config.schema = null` ? There is a mechanism for validating entries against the (default if not specified otherwise) schema. Also, is the expected error "_entryAlreadyExists (68)_" (ie. dn already exists) or do you need a specific constraint on the cn attribute regardless of the full dn ? – EricLavault Aug 01 '23 at 14:10
  • 1. I set `config.schema = null` because I want to import some data from my existing samba server. More context could be found here: https://stackoverflow.com/questions/76739106/how-to-import-ldif-file-in-a-manner-insensitive-to-entries-order Without this line - import fails and I don't understand what should I put instead of null. Is there way to export schema from existing samba server? 2. "entryAlreadyExists (68)" will be fine although I see a different issue if I try to change `userPrincipalName`(it was a typo in a topic - edited): – gstackoverflow Aug 01 '23 at 15:00
  • [error_image](https://i.stack.imgur.com/TpByT.png) – gstackoverflow Aug 01 '23 at 15:01
  • So your server uses an AD schema (which is not standard) so yes you would need to export it and import it in the InMemoryDirectoryServer config (though I never tried that but I guess it should be the way to go). I saw in another post that you were using Apache LDAP Browser, I think you can use it to export the schema as an ldif entry. – EricLavault Aug 01 '23 at 15:30
  • @EricLavault could you please share a bit more details how can I get AD schema which I can use in InMemoryDirectoryServerConfig ? – gstackoverflow Aug 01 '23 at 15:40
  • In this [post](https://stackoverflow.com/q/76739106/2529954) you are using an LDAP browser, why not using it to connect to your AD and explore the schema entry, which you can export just like any other entry. Once you have a schema.ldif file, you can use ldapsdk ldif tools to load it and set it as your schema, ie. see how the default schema is loaded [here](https://github.com/pingidentity/ldapsdk/blob/master/src/com/unboundid/ldap/sdk/schema/Schema.java#L1330) – EricLavault Aug 01 '23 at 15:52
  • @EricLavault sorry but I didn't get how can I get(export) schema.ldif file from LDAP browser ? could you provide step by step explanation ? – gstackoverflow Aug 03 '23 at 16:54
  • So I just tried and must admit it's not that simple, you may have found another way in the meantime but for the record : 1. From the Root DSE entry [read the subschemaSubentry's dn](https://i.stack.imgur.com/JaSvZ.png), 2. [Expose the subschema in the DIT](https://i.stack.imgur.com/y1yBL.png), so that you can then 3. [Export it as LDIF](https://i.stack.imgur.com/xULKD.png) via the context menu (in the dialog check both user and operational attributes, and set the scope to 'Object'). – EricLavault Aug 05 '23 at 14:18
  • You could do the same (step 1 and 3) with ldapsearch : `ldapsearch ... -LLL -s base -b '' 'subschemaSubentry'`, then `ldapsearch ... -LLL -s base -b '*' '+' > schema.ldif`. In fact, the most straightforward way would be to connect to your AD and read the schema using ldap-sdk directly (why didn't I think about that in the first place is another question.. though I haven't tested) : `ds.getSchema().getSchemaEntry().toLDIFString()`. – EricLavault Aug 05 '23 at 14:27
  • @EricLavault I was able to follow step 1 but I don't understand where should I click to expose the schema – gstackoverflow Aug 09 '23 at 16:24
  • https://i.stack.imgur.com/PPmxP.jpg – gstackoverflow Aug 09 '23 at 16:32
  • On my side it's a down arrow but on yours it's should be the 3 vertical dots, see your screenshot right above the dropdown "CN=Aggregate,CN=...". – EricLavault Aug 09 '23 at 16:46
  • Oh, thanks - I was able to make ldif export. But I've got very short file, Is it expected ? https://i.stack.imgur.com/d83km.jpg – gstackoverflow Aug 09 '23 at 18:56
  • I would say no, but it depends what very short means. Do you have any other subschemaSubentry ? – EricLavault Aug 09 '23 at 19:05
  • As short as on my screenshot. – gstackoverflow Aug 10 '23 at 06:32
  • About your question. ```Do you have any other subschemaSubentry ?``` I am not sure how to check it but I can provide couple of screenshots. Hope it will answer the question – gstackoverflow Aug 10 '23 at 09:23
  • https://i.stack.imgur.com/jZGLP.jpg – gstackoverflow Aug 10 '23 at 09:26
  • https://i.stack.imgur.com/fTxSX.jpg – gstackoverflow Aug 10 '23 at 09:28

0 Answers0