[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Proxy Authz interoperability of Sun's JNDI LDAP boost pack and OpenLDAP

--On Wednesday, June 20, 2007 5:43 PM +0200 Michael StrÃder <michael@stroeder.com> wrote:


I'm currently testing proxy authorization with the control
implementation com.sun.jndi.ldap.ctl.ProxiedAuthorizationControl in
Sun's LDAP boost pack for JNDI.

slapd seems to be configured correctly since this command-line works:

ldapsearch -x -H "ldap://localhost:1390"; -D
"uid=proxyuser,ou=proxyauthztests,ou=Testing,dc=stroeder,dc=de" -w
testproxy -b "ou=Testing,dc=stroeder,dc=de" -s sub -e
c=de" "(objectClass=*)"

Now I'm trying to do the same via JNDI (see attached Test2.java). But
this results in:

Exception: javax.naming.NamingException: [LDAP: error code 47 - authzId
mapping failed]; remaining name 'ou=Testing,dc=stroeder,dc=de'

If starting slapd with debugging (-d args,trace,packets) I get the log
I've also attached. Note the extra char before "dn:" in line starting
with "parseProxyAuthz". I extracted the control from Wireshark and even
dumpasn1.c did not manage to decode it properly. So I suspect
something's wrong with the encoding. Can anybody please confirm this?

Any hint how to reach Sun's JNDI developers?

Have you tried using JLDAP instead? When I was at Stanford, we started having to use JLDAP over JNDI as JLDAP had better support for control implementations.


Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
Zimbra ::  the leader in open source messaging and collaboration