Merge branch 'master' of
https://git-wip-us.apache.org/repos/asf/directory-fortress-core
# Conflicts:
# src/docker/apacheds-for-apache-fortress-tests/Dockerfile
# src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
diff --git a/.gitignore b/.gitignore
index b146c45..453831c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,6 @@
*.properties
b.sh
b.bat
-*.conf
+ldap/slapd.conf
*.zip
*.sav
\ No newline at end of file
diff --git a/README-CONFIG.md b/README-CONFIG.md
index 90ea6a5..3fec824 100644
--- a/README-CONFIG.md
+++ b/README-CONFIG.md
@@ -110,34 +110,38 @@
### Optional - Used to override fortress properties at runtime.
These fortress properties may be overridden at runtime by setting as Java System Properties:
- * fortress.host
- * fortress.port
- * fortress.admin.user
- * fortress.admin.pw
- * fortress.min.admin.conn
- * fortress.max.admin.conn
- * fortress.enable.ldap.ssl
- * fortress.enable.ldap.ssl.debug
- * fortress.trust.store
- * fortress.trust.store.password
- * fortress.trust.store.onclasspath
- * fortress.config.realm
- * fortress.config.root
- * fortress.ldap.server.type
- * fortress.is.arbac02
-
+
+ | system property name | description | default values |
+ | --------------------------------- | ----------------------------------------------------------------------- | --------------------------------------------------------------------- |
+ | fortress.host | Hostname or ip address of ldap server | localhost |
+ | fortress.port | Port for the ldap server | openldap:389, apacheds: 1389 |
+ | fortress.admin.user | Service account for access to ldap server | openldap: cn=manager,dc=example,dc=com, apacheds: uid=admin,ou=system |
+ | fortress.admin.pw | service account password | secret |
+ | fortress.min.admin.conn | minimum ldap a|min pool connections | 1 |
+ | fortress.max.admin.conn | maximum ldap admin pool connections | 10 |
+ | fortress.enable.ldap.ssl | true indicates LDAPS connectivity | false |
+ | fortress.enable.ldap.ssl.debug | true will output additional info to log | false |
+ | fortress.trust.store | Name of truststore (if on classpath) otherwise fully qualified name. | |
+ | fortress.trust.store.password | The password for Java truststore containing server certificate. | none |
+ | fortress.trust.store.onclasspath | true indicates truststore is in Java classpath. | true |
+ | fortress.suffix | The suffix is the toplevel LDAP node of the Directory Information Tree. | dc=example,dc=com |
+ | fortress.config.realm | The name of the configuration node in LDAP. | Default |
+ | fortress.config.root | The DN that points to the base of the LDAP config node. | ou=Config,dc=example,dc=com |
+ | fortress.is.arbac02 | Used in Apache Fortress Rest and Web to enforce administrative RBAC. | false |
+ | fortress.ldap.server.type | Used for non-standard processing like password policies and audits. | Valid values: apacheds, openldap or other |
+
The minimum system.properties to enable fortress apis to work (without a config file):
* fortress.admin.user
* fortress.admin.pw=secret
* fortress.config.root=ou=Config,dc=example,dc=com
- If the ldap host and port are not the default (localhost:389) set these two:
+ If the ldap host and/or port are not the default (openldap localhost:389) or (apacheds localhost:1389) set these:
* fortress.host
* fortress.port
___________________________________________________________________________________
## SECTION 5. Order Artifacts found in the Fortress Configuration Subsystem
-This subsystem has been hard wired to the following order:
+This subsystem has been hard-wired to the following order:
1. fortress.properties file - found on the classpath of that name.
2. Java system properties - to override any of the 14 properties listed above.
3. LDAP configuration node - found by config coordinates set in the fortress.properties file itself.
@@ -173,8 +177,8 @@
mvn install -Dload.file=./ldap/setup/ConfigNodeUpdate.xml
```
-A refreshes the entire LDAP server DIT, deletes of all entries under the suffix, recreating the DIT node structure, and re-adding of the config node.
-B just updates the config node with the new values, preserving the other data.
+A. refreshes the entire LDAP server DIT, deletes of all entries under the suffix, recreating the DIT node structure, and re-adding of the config node.
+B. just updates the config node with the new values, preserving the other data.
### More notes:
* Use caution when running the **refreshLDAPData.xml** script. It deletes all nodes below the suffix before readding.
diff --git a/README-QUICKSTART-APACHEDS.md b/README-QUICKSTART-APACHEDS.md
index 8f0bf89..0f81c34 100644
--- a/README-QUICKSTART-APACHEDS.md
+++ b/README-QUICKSTART-APACHEDS.md
@@ -41,10 +41,6 @@
-------------------------------------------------------------------------------
## SECTION 1. Prerequisites
-Minimum hardware requirements:
- * 2 Cores
- * 4GB RAM
-
Minimum software requirements:
* Centos or Debian Machine
* Java SDK 8++
diff --git a/README-QUICKSTART-DOCKER-APACHEDS.md b/README-QUICKSTART-DOCKER-APACHEDS.md
index 85f68f1..c3fd1d1 100644
--- a/README-QUICKSTART-DOCKER-APACHEDS.md
+++ b/README-QUICKSTART-DOCKER-APACHEDS.md
@@ -35,10 +35,6 @@
-------------------------------------------------------------------------------
## SECTION 1. Prerequisites
-Minimum hardware requirements:
- * 2 Cores
- * 4GB RAM
-
Minimum software requirements:
* Centos or Debian Machine
* Java SDK 8++
@@ -48,134 +44,144 @@
___________________________________________________________________________________
## SECTION 2. Apache Fortress Core Setup using ApacheDS Docker Image
-1. Download the apache directory fortress-core source from apache git repo:
+1. Download the package:
- a. from the command line:
- ```
- git clone https://gitbox.apache.org/repos/asf/directory-fortress-core.git
- cd directory-fortress-core
- ```
+ a. from git:
+```
+git clone --branch 2.0.5 https://gitbox.apache.org/repos/asf/directory-fortress-core.git
+cd directory-fortress-core
+```
-2. Now build the apache directory fortress docker image (trailing dot matters):
+b. or from Apache:
+```
+wget http://www.apache.org/dist/directory/fortress/dist/2.0.5/fortress-core-2.0.5-source-release.zip
+unzip fortress-core-2.0.5-source-release.zip
+cd fortress-core-2.0.5
+```
- ```
- docker build -t apachedirectory/apacheds-for-apache-fortress-tests -f src/docker/apacheds-for-apache-fortress-tests/Dockerfile .
- ```
+2. Prepare the package:
+
+```
+cp build.properties.example build.properties
+```
+
+ * Seeds the apacheds properties with defaults.
+ * [build.properties.example](build.properties.example) contains the default config for the apacheds docker image.
+ * Learn how the fortress config subsystem works: [README-CONFIG](README-CONFIG.md).
+
+3. Now build the apachedirectory apacheds docker image (trailing dot matters):
+
+```
+docker build -t apachedirectory/apacheds-for-apache-fortress-tests -f src/docker/apacheds-for-apache-fortress-tests/Dockerfile .
+```
Or just pull the prebuilt image:
- ```
- docker pull apachedirectory/apacheds-for-apache-fortress-tests
- ```
+```
+docker pull apachedirectory/apacheds-for-apache-fortress-tests
+```
-3. Run the docker container:
+4. Run the docker container:
- ```
- CONTAINER_ID=$(docker run -d -P apachedirectory/apacheds-for-apache-fortress-tests)
- CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "10389/tcp") 0).HostPort}}' $CONTAINER_ID)
- echo $CONTAINER_PORT
- ```
+```
+CONTAINER_ID=$(docker run -d -P apachedirectory/apacheds-for-apache-fortress-tests)
+CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "10389/tcp") 0).HostPort}}' $CONTAINER_ID)
+echo $CONTAINER_PORT
+```
- *note: make note of the port as it's needed later
- *depending on your docker setup may need to run as root or sudo priv's.
+ * The '$CONTAINER_PORT' value required for next step.
+ * Depending on your Docker setup, may need to run this step as root or sudo priv's.
-4. Prepare fortress to use the apacheds running inside docker container:
+5. Prepare your terminal for execution of maven commands.
- ```
- cp build.properties.example build.properties
- ```
+```
+#!/bin/sh
+export M2_HOME=...
+export JAVA_HOME=...
+export PATH=$PATH:$M2_HOME/bin
+export MAVEN_OPTS="
+ -Dfortress.host=localhost
+ -Dfortress.port=32768"
+```
-5. Edit the *build.properties* file:
+ More about 'MAVEN_OPTS':
+ * Provides the coordinates to the ldap server running inside Docker container.
+ * Replace the 'fortress.port' value with result from ```echo $CONTAINER_PORT```.
+ * if Docker image running on a different machine, replace fortress.host to point to it.
- ```
- vi build.properties
- ```
+6. Run the maven install to build fortress and initialize config settings:
-6. Update the *ldap.port* prop:
-
- ```
- ldap.port= port from earlier step
- ```
-
-7. Save and exit
-
-8. Prepare your terminal for execution of maven commands.
-
- ```
- #!/bin/sh
- export M2_HOME=...
- export JAVA_HOME=...
- export PATH=$PATH:$M2_HOME/bin
- ```
-
-9. Run the maven install to build fortress lib and prepare its configuration (fortress.properties):
-
- ```
- mvn clean install
- ```
-
+```
+mvn clean install
+```
___________________________________________________________________________________
## SECTION 3. Apache Fortress Core Integration Test
1. From fortress core base folder, enter the following commands:
- ```
- mvn install -Dload.file=./ldap/setup/refreshLDAPData.xml
- mvn install -Dload.file=./ldap/setup/DelegatedAdminManagerLoad.xml
- ```
+```
+mvn install -Dload.file=./ldap/setup/refreshLDAPData.xml
+```
*These will build the Directory Information Tree (DIT), create the config and data policies needed for the integration test to follow.*
2. Next, enter the following command:
- ```
- mvn -Dtest=FortressJUnitTest test
- ```
+```
+mvn -Dtest=FortressJUnitTest test -Dfortress.host=localhost -Dfortress.port=32768
+```
- *Tests the APIs against your LDAP server.*
+ More about this step:
+ * Provides the coordinates to the ldap server running inside Docker container.
+ * Replace the 'fortress.port' value with result from ```echo $CONTAINER_PORT```.
+ * if Docker image running on a different machine, replace fortress.host to point to it.
+ * Tests the APIs against your LDAP server.*
3. Verify the tests worked:
- ```
- Tests run: Failures: 0, Errors: 0, Skipped: 0
- Results :
+```
+Tests run: Failures: 0, Errors: 0, Skipped: 0
+Results :
- Tests run: Failures: 0, Errors: 0, Skipped: 0
+Tests run: Failures: 0, Errors: 0, Skipped: 0
- [INFO]
- [INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
- [INFO] Executing tasks
+[INFO]
+[INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
+[INFO] Executing tasks
- fortress-load:
- [INFO] Executed tasks
- [INFO] ------------------------------------------------------------------------
- [INFO] BUILD SUCCESS
- ```
+fortress-load:
+[INFO] Executed tasks
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+```
4. Rerun the tests to verify teardown APIs work:
- ```
- mvn -Dtest=FortressJUnitTest test
- ```
+```
+mvn -Dtest=FortressJUnitTest test -Dfortress.host=localhost -Dfortress.port=32768
+```
+
+ More about this step:
+ * Again verify fortress.host and fortress.port match your environment.
5. Verify that worked also:
- ```
- Results :
+```
+Results :
- Tests run: Failures: 0, Errors: 0, Skipped: 0
+Tests run: Failures: 0, Errors: 0, Skipped: 0
- [INFO]
- [INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
- [INFO] Executing tasks
+[INFO]
+[INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
+[INFO] Executing tasks
- fortress-load:
- [INFO] Executed tasks
- [INFO] ------------------------------------------------------------------------
- [INFO] BUILD SUCCESS
- [INFO] ------------------------------------------------------------------------
- ```
- Notice more tests ran this time vs the first time, due to teardown.
+fortress-load:
+[INFO] Executed tasks
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+```
+ * More tests ran this time vs the first time, due to teardown.
Test Notes:
* If tests complete without errors Apache Fortress works with your ApacheDS server (in Docker).
@@ -196,44 +202,44 @@
#### Build image
- ```
- docker build -t apachedirectory/apacheds-for-apache-fortress-tests -f src/docker/apacheds-for-apache-fortress-tests/Dockerfile .
- ```
+```
+docker build -t apachedirectory/apacheds-for-apache-fortress-tests -f src/docker/apacheds-for-apache-fortress-tests/Dockerfile .
+```
* trailing dot matters
Or just to be sure don't use cached layers:
- ```
- docker build --no-cache=true -t apachedirectory/apacheds-for-apache-fortress-tests -f src/docker/apacheds-for-apache-fortress-tests/Dockerfile .
- ```
+```
+docker build --no-cache=true -t apachedirectory/apacheds-for-apache-fortress-tests -f src/docker/apacheds-for-apache-fortress-tests/Dockerfile .
+```
#### Run container
- ```
- CONTAINER_ID=$(docker run -d -P apachedirectory/apacheds-for-apache-fortress-tests)
- CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "10389/tcp") 0).HostPort}}' $CONTAINER_ID)
- echo $CONTAINER_PORT
- ```
+```
+CONTAINER_ID=$(docker run -d -P apachedirectory/apacheds-for-apache-fortress-tests)
+CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "10389/tcp") 0).HostPort}}' $CONTAINER_ID)
+echo $CONTAINER_PORT
+```
#### Go into the container
- ```
- docker exec -it $CONTAINER_ID bash
- ```
+```
+docker exec -it $CONTAINER_ID bash
+```
#### Restart container
- ```
- docker restart $CONTAINER_ID
- ```
+```
+docker restart $CONTAINER_ID
+```
#### Stop and delete container
- ```
- docker stop $CONTAINER_ID
- docker rm $CONTAINER_ID
- ```
+```
+docker stop $CONTAINER_ID
+docker rm $CONTAINER_ID
+```
____________________________________________________________________________________
#### END OF README-QUICKSTART-DOCKER-APACHEDS
diff --git a/README-QUICKSTART-DOCKER-SLAPD.md b/README-QUICKSTART-DOCKER-SLAPD.md
index ed403a9..84919be 100644
--- a/README-QUICKSTART-DOCKER-SLAPD.md
+++ b/README-QUICKSTART-DOCKER-SLAPD.md
@@ -35,10 +35,6 @@
-------------------------------------------------------------------------------
## SECTION 1. Prerequisites
-Minimum hardware requirements:
- * 2 Cores
- * 4GB RAM
-
Minimum software requirements:
* Centos or Debian Machine
* Java SDK 8++
@@ -48,145 +44,156 @@
___________________________________________________________________________________
## SECTION 2. Apache Fortress Core Setup using OpenLDAP Docker Image
-1. Download the apache directory fortress-core source from apache git repo:
+1. Download the package:
- a. from the command line:
- ```
- git clone https://gitbox.apache.org/repos/asf/directory-fortress-core.git
- cd directory-fortress-core
- ```
+ a. from git:
+```
+git clone --branch 2.0.5 https://gitbox.apache.org/repos/asf/directory-fortress-core.git
+cd directory-fortress-core
+```
-2. Now build the apache directory fortress docker image (trailing dot matters):
+b. or from Apache:
+```
+wget http://www.apache.org/dist/directory/fortress/dist/2.0.5/fortress-core-2.0.5-source-release.zip
+unzip fortress-core-2.0.5-source-release.zip
+cd fortress-core-2.0.5
+```
- ```
- docker build -t apachedirectory/openldap-for-apache-fortress-tests -f src/docker/openldap-for-apache-fortress-tests/Dockerfile .
- ```
+2. Prepare the package:
+
+```
+cp build.properties.example build.properties
+cp slapd.properties.example slapd.properties
+```
+
+ * Seeds the openldap properties with defaults.
+ * [slapd.properties.example](slapd.properties.example) contains the default config for openldap docker image.
+ * Learn how the fortress config subsystem works: [README-CONFIG](README-CONFIG.md).
+
+3. Now build the apachedirectory openldap docker image (trailing dot matters):
+
+```
+docker build -t apachedirectory/openldap-for-apache-fortress-tests -f src/docker/openldap-for-apache-fortress-tests/Dockerfile .
+```
Or just pull the prebuilt image:
- ```
- docker pull apachedirectory/openldap-for-apache-fortress-tests
- ```
+```
+docker pull apachedirectory/openldap-for-apache-fortress-tests
+```
-3. Run the docker container:
+4. Run the docker container:
- ```
- CONTAINER_ID=$(docker run -d -P apachedirectory/openldap-for-apache-fortress-tests)
- CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "389/tcp") 0).HostPort}}' $CONTAINER_ID)
- echo $CONTAINER_PORT
- ```
+```
+CONTAINER_ID=$(docker run -d -P apachedirectory/openldap-for-apache-fortress-tests)
+CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "389/tcp") 0).HostPort}}' $CONTAINER_ID)
+echo $CONTAINER_PORT
+```
- *note: make note of the port as it's needed later
- *depending on your docker setup may need to run as root or sudo priv's.
+ * The '$CONTAINER_PORT' value required for next step.
+ * Depending on your Docker setup, may need to run this step as root or sudo priv's.
-4. Prepare fortress to use the slapd running inside docker container:
+5. Prepare your terminal for execution of maven commands.
- ```
- cp build.properties.example build.properties
- cp slapd.properties.example slapd.properties
- ```
+```
+#!/bin/sh
+export M2_HOME=...
+export JAVA_HOME=...
+export PATH=$PATH:$M2_HOME/bin
+export MAVEN_OPTS="
+ -Dfortress.host=localhost
+ -Dfortress.port=32768"
+```
-5. Edit the *slapd.properties* file:
+ More about 'MAVEN_OPTS':
+ * Provides the coordinates to the ldap server running inside Docker container.
+ * replace the 'fortress.port' value with result from ```echo $CONTAINER_PORT```.
+ * if Docker image running on a different machine, replace fortress.host to point to it.
- ```
- vi slapd.properties
- ```
+6. Run the maven install to build fortress and initialize config settings:
-6. Update the *ldap.port* prop:
-
- ```
- ldap.port= port from earlier step
- ```
-
-7. Save and exit
-
-8. Prepare your terminal for execution of maven commands.
-
- ```
- #!/bin/sh
- export M2_HOME=...
- export JAVA_HOME=...
- export PATH=$PATH:$M2_HOME/bin
- ```
-
-9. Run the maven install to build fortress lib and prepare its configuration (fortress.properties):
-
- ```
- mvn clean install
- ```
+```
+mvn clean install
+```
___________________________________________________________________________________
## SECTION 3. Apache Fortress Core Integration Test
1. From fortress core base folder, enter the following commands:
- ```
- mvn install -Dload.file=./ldap/setup/refreshLDAPData.xml
- mvn install -Dload.file=./ldap/setup/DelegatedAdminManagerLoad.xml
- ```
+```
+mvn install -Dload.file=./ldap/setup/refreshLDAPData.xml
+```
*These will build the Directory Information Tree (DIT), create the config and data policies needed for the integration test to follow.*
2. Next, enter the following command:
- ```
- mvn -Dtest=FortressJUnitTest test
- ```
+```
+mvn -Dtest=FortressJUnitTest test -Dfortress.host=localhost -Dfortress.port=32768
+```
- *Tests the APIs against your LDAP server.*
+ More about this step:
+ * Provides the coordinates to the ldap server running inside Docker container.
+ * Replace the 'fortress.port' value with result from ```echo $CONTAINER_PORT```.
+ * if Docker image running on a different machine, replace fortress.host to point to it.
+ * Tests the APIs against your LDAP server.*
3. Verify the tests worked:
- ```
- Tests run: Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 196 sec - in org.apache.directory.fortress.core.impl.FortressJUnitTest
+```
+Tests run: Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 196 sec - in org.apache.directory.fortress.core.impl.FortressJUnitTest
- Results :
+Results :
- Tests run: Failures: 0, Errors: 0, Skipped: 0
+Tests run: Failures: 0, Errors: 0, Skipped: 0
- [INFO]
- [INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
- [INFO] Executing tasks
+[INFO]
+[INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
+[INFO] Executing tasks
- fortress-load:
- [INFO] Executed tasks
- [INFO] ------------------------------------------------------------------------
- [INFO] BUILD SUCCESS
- [INFO] ------------------------------------------------------------------------
- [INFO] Total time: 03:19 min
- [INFO] Finished at: 2016-01-07T09:28:18-06:00
- [INFO] Final Memory: 27M/532M
- [INFO] ------------------------------------------------------------------------
- ```
+fortress-load:
+[INFO] Executed tasks
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 03:19 min
+[INFO] Finished at: 2016-01-07T09:28:18-06:00
+[INFO] Final Memory: 27M/532M
+[INFO] ------------------------------------------------------------------------
+```
4. Rerun the tests to verify teardown APIs work:
- ```
- mvn -Dtest=FortressJUnitTest test
- ```
+```
+mvn -Dtest=FortressJUnitTest test -Dfortress.host=localhost -Dfortress.port=32768
+```
+
+ More about this step:
+ * Again verify fortress.host and fortress.port match your environment.
5. Verify that worked also:
- ```
- Tests run: Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 207.081 sec - in org.apache.directory.fortress.core.impl.FortressJUnitTest
+```
+Tests run: Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 207.081 sec - in org.apache.directory.fortress.core.impl.FortressJUnitTest
- Results :
+Results :
- Tests run: Failures: 0, Errors: 0, Skipped: 0
+Tests run: Failures: 0, Errors: 0, Skipped: 0
- [INFO]
- [INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
- [INFO] Executing tasks
+[INFO]
+[INFO] --- maven-antrun-plugin:1.8:run (default) @ fortress-core ---
+[INFO] Executing tasks
- fortress-load:
- [INFO] Executed tasks
- [INFO] ------------------------------------------------------------------------
- [INFO] BUILD SUCCESS
- [INFO] ------------------------------------------------------------------------
- [INFO] Total time: 03:30 min
- [INFO] Finished at: 2016-01-07T09:33:11-06:00
- [INFO] Final Memory: 27M/531M
- [INFO] ------------------------------------------------------------------------
- ```
+fortress-load:
+[INFO] Executed tasks
+[INFO] ------------------------------------------------------------------------
+[INFO] BUILD SUCCESS
+[INFO] ------------------------------------------------------------------------
+[INFO] Total time: 03:30 min
+[INFO] Finished at: 2016-01-07T09:33:11-06:00
+[INFO] Final Memory: 27M/531M
+[INFO] ------------------------------------------------------------------------
+```
Notice more tests ran this time vs the first time, due to teardown
Test Notes:
@@ -206,44 +213,44 @@
#### Build image
- ```
- docker build -t apachedirectory/openldap-for-apache-fortress-tests -f src/docker/openldap-for-apache-fortress-tests/Dockerfile .
- ```
+```
+docker build -t apachedirectory/openldap-for-apache-fortress-tests -f src/docker/openldap-for-apache-fortress-tests/Dockerfile .
+```
* trailing dot matters
Or just to be sure don't use cached layers:
- ```
- docker build --no-cache=true -t apachedirectory/openldap-for-apache-fortress-tests -f src/docker/openldap-for-apache-fortress-tests/Dockerfile .
- ```
+```
+docker build --no-cache=true -t apachedirectory/openldap-for-apache-fortress-tests -f src/docker/openldap-for-apache-fortress-tests/Dockerfile .
+```
#### Run container
- ```
- CONTAINER_ID=$(docker run -d -P apachedirectory/openldap-for-apache-fortress-tests)
- CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "389/tcp") 0).HostPort}}' $CONTAINER_ID)
- echo $CONTAINER_PORT
- ```
+```
+CONTAINER_ID=$(docker run -d -P apachedirectory/openldap-for-apache-fortress-tests)
+CONTAINER_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "389/tcp") 0).HostPort}}' $CONTAINER_ID)
+echo $CONTAINER_PORT
+```
#### Go into the container
- ```
- docker exec -it $CONTAINER_ID bash
- ```
+```
+docker exec -it $CONTAINER_ID bash
+```
#### Restart container
- ```
- docker restart $CONTAINER_ID
- ```
+```
+docker restart $CONTAINER_ID
+```
#### Stop and delete container
- ```
- docker stop $CONTAINER_ID
- docker rm $CONTAINER_ID
- ```
+```
+docker stop $CONTAINER_ID
+docker rm $CONTAINER_ID
+```
____________________________________________________________________________________
#### END OF README-QUICKSTART-DOCKER-SLAPD
diff --git a/README-QUICKSTART-SLAPD.md b/README-QUICKSTART-SLAPD.md
index a8072be..7662012 100644
--- a/README-QUICKSTART-SLAPD.md
+++ b/README-QUICKSTART-SLAPD.md
@@ -40,10 +40,6 @@
-------------------------------------------------------------------------------
## SECTION 1. Prerequisites
-Minimum hardware requirements:
- * 2 Cores
- * 4GB RAM
-
Minimum software requirements:
* Centos or Debian Machine
* Java SDK 8++
diff --git a/build-config.xml b/build-config.xml
index 270a24e..ea68140 100644
--- a/build-config.xml
+++ b/build-config.xml
@@ -305,8 +305,8 @@
<replace file="${dst.bootstrap.conf}" token="@ADM_MAX_CONN@" value="${admin.max.conn}"/>
<replace file="${dst.bootstrap.conf}" token="@LOG_ROOT_DN@" value="${log.admin.user}"/>
<replace file="${dst.bootstrap.conf}" token="@CFG_LOG_ROOT_PW@" value="${log.admin.pw}"/>
- <replace file="${dst.bootstrap.conf}" token="@LOG_MIN_CONN@" value="${min.log.conn}"/>
- <replace file="${dst.bootstrap.conf}" token="@LOG_MAX_CONN@" value="${max.log.conn}"/>
+ <replace file="${dst.bootstrap.conf}" token="@LOG_MIN_CONN@" value="${log.min.conn}"/>
+ <replace file="${dst.bootstrap.conf}" token="@LOG_MAX_CONN@" value="${log.max.conn}"/>
<replace file="${dst.bootstrap.conf}" token="@USR_MIN_CONN@" value="${user.min.conn}"/>
<replace file="${dst.bootstrap.conf}" token="@USR_MAX_CONN@" value="${user.max.conn}"/>
<replace file="${dst.bootstrap.conf}" token="@CFG_CRYPTO_PROP@" value="${crypto.prop}"/>
@@ -343,8 +343,8 @@
<replace file="${dst.remote.conf}" token="@LOG_ROOT_DN@" value="${log.admin.user}"/>
<replace file="${dst.remote.conf}" token="@CFG_LOG_ROOT_PW@" value="${log.admin.pw}"/>
<replace file="${dst.remote.conf}" token="@ROLE_OCCUPANTS@" value="${role.occupants}"/>
- <replace file="${dst.remote.conf}" token="@LOG_MIN_CONN@" value="${min.log.conn}"/>
- <replace file="${dst.remote.conf}" token="@LOG_MAX_CONN@" value="${max.log.conn}"/>
+ <replace file="${dst.remote.conf}" token="@LOG_MIN_CONN@" value="${log.min.conn}"/>
+ <replace file="${dst.remote.conf}" token="@LOG_MAX_CONN@" value="${log.max.conn}"/>
<replace file="${dst.remote.conf}" token="@USR_MIN_CONN@" value="${user.min.conn}"/>
<replace file="${dst.remote.conf}" token="@USR_MAX_CONN@" value="${user.max.conn}"/>
<replace file="${dst.remote.conf}" token="@CFG_CRYPTO_PROP@" value="${crypto.prop}"/>
diff --git a/pom.xml b/pom.xml
index 242c8c6..c78d2bf 100644
--- a/pom.xml
+++ b/pom.xml
@@ -33,7 +33,7 @@
<version>2.0.6-SNAPSHOT</version>
<inceptionYear>2007</inceptionYear>
<description>
- Apache Fortress is a standards-based Access Management SDK that implements ANSI RBAC INCITS 359.
+ Apache Fortress is an authorization platform that implements ANSI INCITS 359 Role-Based Access Control (RBAC).
</description>
<url>https://directory.apache.org/fortress/</url>
@@ -529,16 +529,12 @@
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<argLine>-Xmx1024m</argLine>
- <systemProperties>
- <systemProperty>
- <key>version</key>
- <value>${project.version}</value>
- </systemProperty>
- <systemProperty>
- <key>tenant</key>
- <value>${tenant}</value>
- </systemProperty>
- </systemProperties>
+
+ <systemPropertyVariables>
+ <version>${project.version}</version>
+ <tenant>${tenant}</tenant>
+ </systemPropertyVariables>
+
<excludes>
<exclude>${exclude.tests}</exclude>
</excludes>
@@ -712,9 +708,10 @@
<execution>
<phase>test</phase>
<configuration>
+ <!--<target name="stop-slapd-win-if-present" depends="slapd.dir.check" if="slapd.dir.exists">-->
<target name="fortress-load" if="load.file" description="Loads fortress policy into ldap">
<echo message="############### Run Fortress Ant script to load policy ###############" />
- <java classname="org.apache.tools.ant.launch.Launcher" fork="true" failonerror="true" dir="${basedir}" timeout="4000000" taskname="startAnt">
+ <java classname="org.apache.tools.ant.launch.Launcher" fork="true" clonevm="true" failonerror="true" dir="${basedir}" timeout="600000" taskname="startAnt">
<classpath>
<!-- use config/bootstrap folder for config because the config ldap node isn't (might not be) inserted: -->
<pathelement location="./config/bootstrap/" />
@@ -770,9 +767,9 @@
<!-- If JDK11++ pull in the JAXB API dependency. -->
<profile>
- <id>java-11</id>
+ <id>jdk-11+</id>
<activation>
- <jdk>11</jdk>
+ <jdk>[11,]</jdk>
</activation>
<dependencies>
<dependency>
@@ -783,7 +780,6 @@
</dependencies>
</profile>
-
<!-- This profile starts the Fortress Console App -->
<!-- To execute: mvn -Pconsole test -->
<profile>
diff --git a/slapd.properties.example b/slapd.properties.example
index ea42f7e..d2afc05 100644
--- a/slapd.properties.example
+++ b/slapd.properties.example
@@ -69,8 +69,8 @@
user.max.conn=10
# Used for slapd logger connection pool. Leave zeros when using apacheds:
-min.log.conn=1
-max.log.conn=3
+log.min.conn=1
+log.max.conn=3
#These are passwords used for LDAP audit log service accounts:
# Audit Pool:
diff --git a/src/docker/apacheds-for-apache-fortress-tests/Dockerfile b/src/docker/apacheds-for-apache-fortress-tests/Dockerfile
index d943071..34e20b4 100644
--- a/src/docker/apacheds-for-apache-fortress-tests/Dockerfile
+++ b/src/docker/apacheds-for-apache-fortress-tests/Dockerfile
@@ -32,7 +32,7 @@
# Install ApacheDS
RUN \
- wget http://archive.apache.org/dist//directory/apacheds/dist/${APACHEDS_VERSION}/apacheds-${APACHEDS_VERSION}-amd64.deb -q -O /tmp/apacheds.deb && \
+ wget http://archive.apache.org/dist/directory/apacheds/dist/${APACHEDS_VERSION}/apacheds-${APACHEDS_VERSION}-amd64.deb -q -O /tmp/apacheds.deb && \
dpkg -i /tmp/apacheds.deb && \
rm /tmp/apacheds.deb
diff --git a/src/docker/apacheds-for-apache-fortress-tests/README.md b/src/docker/apacheds-for-apache-fortress-tests/README.md
index 271702b..24cd953 100644
--- a/src/docker/apacheds-for-apache-fortress-tests/README.md
+++ b/src/docker/apacheds-for-apache-fortress-tests/README.md
@@ -36,3 +36,11 @@
docker push apachedirectory/apacheds-for-apache-fortress-tests
```
+Note: Login
+
+```groovy
+docker login
+Login with your Docker ID to push and pull images from Docker Hub. If you don't have a Docker ID, head over to https://hub.docker.com to create one.
+Username: whatever
+Password: *****
+```
diff --git a/src/docker/openldap-for-apache-fortress-tests/slapd.conf b/src/docker/openldap-for-apache-fortress-tests/slapd.conf
new file mode 100644
index 0000000..9348a0c
--- /dev/null
+++ b/src/docker/openldap-for-apache-fortress-tests/slapd.conf
@@ -0,0 +1,149 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+#
+# Fortress slapd.conf default settings.
+
+include /etc/ldap/schema/core.schema
+include /etc/ldap/schema/ppolicy.schema
+include /etc/ldap/schema/cosine.schema
+include /etc/ldap/schema/inetorgperson.schema
+include /etc/ldap/schema/nis.schema
+include /etc/ldap/schema/openldap.schema
+include /etc/ldap/schema/fortress.schema
+include /etc/ldap/schema/rbac.schema
+
+disallow bind_anon
+idletimeout 0
+sizelimit 5000
+timelimit 60
+threads 4
+loglevel 32768
+gentlehup on
+sortvals roleOccupant
+
+pidfile /var/run/slapd/slapd.pid
+argsfile /var/run/slapd/slapd.args
+
+modulepath /usr/lib/ldap
+moduleload back_mdb.la
+moduleload ppolicy.la
+moduleload accesslog.la
+moduleload dds.la
+moduleload back_monitor.la
+
+# Global ACLS:
+# RootDSE is always readable
+access to dn.base="" by * read
+
+# For tooling:
+access to dn.base="cn=subschema"
+ by * read
+
+password-hash {SSHA}
+
+#######################################################################
+# History DB Settings
+#######################################################################
+database mdb
+maxreaders 64
+maxsize 1000000000
+suffix "cn=log"
+rootdn "cn=Manager,cn=log"
+rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+index objectClass,reqDN,reqAuthzID,reqStart,reqAttr eq
+directory "/var/lib/ldap/hist"
+access to *
+ by dn.base="cn=Manager,cn=log" write
+dbnosync
+checkpoint 64 5
+
+# Accesslog is readable by replicator and fortress:
+access to dn.subtree="cn=log"
+ by dn.exact="cn=replicator,dc=admin,dc=example,dc=com" read
+ by dn.exact="cn=fortress-admin,dc=admin,dc=example,dc=com" read
+ by * break
+
+#######################################################################
+# Default DB Settings
+#######################################################################
+database mdb
+maxreaders 64
+maxsize 1000000000
+suffix "dc=example,dc=com"
+rootdn "cn=Manager,dc=example,dc=com"
+rootpw "{SSHA}pSOV2TpCxj2NMACijkcMko4fGrFopctU"
+
+index uidNumber,gidNumber,objectclass eq
+index cn,sn,ftObjNm,ftOpNm,ftRoleName,uid,ou eq,sub
+index ftId,ftPermName,ftRoles,ftUsers,ftRA,ftARA eq
+index roleOccupant eq
+
+directory "/var/lib/ldap/dflt"
+overlay accesslog
+logdb "cn=log"
+dbnosync
+checkpoint 64 5
+
+# The fortress admin needs write access to the whole DIT
+access to dn.subtree="dc=example,dc=com"
+ by dn.exact="cn=fortress-admin,dc=admin,dc=example,dc=com" write
+ by * break
+
+# Accesslog is readable by replicator and fortress:
+access to dn.subtree="cn=log"
+ by dn.exact="cn=replicator,dc=admin,dc=example,dc=com" read
+ by dn.exact="cn=fortress-admin,dc=admin,dc=example,dc=com" read
+ by * break
+
+# Allow anonymous ability to bind:
+access to dn.subtree="dc=example,dc=com" attrs=userPassword
+ by anonymous auth
+ by * break
+
+# For audit trail:
+# Allow users access to modify their own pw & fortress audit attrs.
+access to dn.subtree="dc=example,dc=com" attrs=userPassword,ftModifier,ftModCode,ftModId
+ by self =wx
+ by * none
+
+# Allow users compare access to a fortress perm op name:
+access to dn.subtree="dc=example,dc=com" attrs=ftOpNm
+ by users compare
+
+#######################################################################
+# Audit Log Settings
+#######################################################################
+logops bind writes compare
+logoldattr ftModifier ftModCode ftModId ftRC ftRA ftARC ftARA ftCstr ftId ftPermName ftObjNm ftOpNm ftObjId ftGroups ftRoles ftUsers ftType
+logpurge 5+00:00 1+00:00
+
+#######################################################################
+# PW Policy Settings
+#######################################################################
+# Enable the Password Policy overlay to enforce password policies on this database.
+overlay ppolicy
+ppolicy_default "cn=PasswordPolicy,ou=Policies,dc=example,dc=com"
+ppolicy_use_lockout
+ppolicy_hash_cleartext
+
+#######################################################################
+# Monitor database
+#######################################################################
+database monitor
+
diff --git a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
index 1a35b98..4db5e9f 100755
--- a/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
+++ b/src/main/java/org/apache/directory/fortress/core/impl/ConfigDAO.java
@@ -87,7 +87,6 @@
public static final String GID_NUMBER_SEQUENCE = "ftGidNumber";
public static final String UID_NUMBER_SEQUENCE = "ftUidNumber";
-
private final String[] CONFIG_OBJ_CLASS =
{
SchemaConstants.DEVICE_OC, GlobalIds.PROPS_AUX_OBJECT_CLASS_NAME, GlobalIds.FT_CONFIG_AUX_OBJECT_CLASS_NAME
@@ -101,7 +100,6 @@
SchemaConstants.CN_AT, GlobalIds.PROPS, GID_NUMBER_SEQUENCE, UID_NUMBER_SEQUENCE
};
-
/**
* Package private default constructor.
*/
@@ -331,7 +329,7 @@
Configuration configuration = new Configuration();
LdapConnection ld = null;
String dn = getDn( name );
- LOG.debug( "getConfig dn [{}]", dn );
+ LOG.info( "getConfig dn [{}]", dn );
try
{
ld = getAdminConnection();
@@ -404,6 +402,6 @@
*/
private String getDn( String name )
{
- return SchemaConstants.CN_AT + "=" + name + "," + CONFIG_ROOT_DN;
+ return SchemaConstants.CN_AT + "=" + name + "," + Config.getInstance().getProperty( GlobalIds.CONFIG_ROOT_PARAM );
}
}
\ No newline at end of file
diff --git a/src/main/java/org/apache/directory/fortress/core/util/Config.java b/src/main/java/org/apache/directory/fortress/core/util/Config.java
index 8b96bf9..3b64e89 100755
--- a/src/main/java/org/apache/directory/fortress/core/util/Config.java
+++ b/src/main/java/org/apache/directory/fortress/core/util/Config.java
@@ -76,6 +76,7 @@
private static final String EXT_TRUST_STORE_ONCLASSPATH = "fortress.trust.store.onclasspath";
private static final String EXT_CONFIG_REALM = "fortress.config.realm";
private static final String EXT_CONFIG_ROOT_DN = "fortress.config.root";
+ private static final String EXT_CONFIG_SUFFIX = "fortress.suffix";
private static final String EXT_SERVER_TYPE = "fortress.ldap.server.type";
private static final String EXT_IS_ARBAC02 = "fortress.is.arbac02";
@@ -677,6 +678,15 @@
LOG.info( PREFIX, GlobalIds.TRUST_STORE_ON_CLASSPATH, szValue );
}
+ // Check to see if the suffix has been overridden by a system property:
+ szValue = System.getProperty( EXT_CONFIG_SUFFIX );
+ if( StringUtils.isNotEmpty( szValue ))
+ {
+ config.setProperty( GlobalIds.SUFFIX, szValue );
+ LOG.info( PREFIX, GlobalIds.SUFFIX, szValue );
+
+ }
+
// Check to see if the config realm name has been overridden by a system property:
szValue = System.getProperty( EXT_CONFIG_REALM );
if( StringUtils.isNotEmpty( szValue ))
@@ -685,7 +695,7 @@
LOG.info( PREFIX, GlobalIds.CONFIG_REALM, szValue );
}
- // Check to see if the config realm name has been overridden by a system property:
+ // Check to see if the config node dn has been overridden by a system property:
szValue = System.getProperty( EXT_CONFIG_ROOT_DN );
if( StringUtils.isNotEmpty( szValue ))
{
@@ -703,11 +713,9 @@
// Check to see if ARBAC02 checking enforced in service layer:
szValue = System.getProperty( EXT_IS_ARBAC02 );
- LOG.info( PREFIX, GlobalIds.IS_ARBAC02, szValue );
-
if( StringUtils.isNotEmpty( szValue ))
{
- Boolean isArbac02 = new Boolean(szValue);
+ Boolean isArbac02 = Boolean. valueOf( szValue );
config.setProperty( GlobalIds.IS_ARBAC02, isArbac02.booleanValue() );
LOG.info( PREFIX, GlobalIds.IS_ARBAC02, isArbac02.booleanValue() );
}
