InMemoryDirectoryServer allows to have to 2 users with the same username. How to fix it?

About

Asked 27/7, 2023 at 11:11 Answered 27/7, 2023 at 11:11

kotlin testing ldap in-memory-database unboundid-ldap-sdk

For testing purposes I started to use in-memory ldap server

val config = InMemoryDirectoryServerConfig(baseDn)
config.addAdditionalBindCredentials("cn=$LOGIN", PASSWORD)
config.schema = null
val server = InMemoryDirectoryServer(config)
val importFromLDIF = server .importFromLDIF(
    true,
    ResourceUtils.getFile("classpath:dump.ldif"),
)
ds.startListening()

I wanted to test the case when I change userPrincipalName with userPrincipalName which already in use by another user.

Expected result - server will respond with error
Actual result - userPrincipalName was successfully changed

On real server I get an error. Is there way to make the same behaviour on in-memory ldap server ?

Marquardt answered 27/7, 2023 at 11:11 Comment(18)

Why do you set config.schema = null ? There is a mechanism for validating entries against the (default if not specified otherwise) schema. Also, is the expected error "entryAlreadyExists (68)" (ie. dn already exists) or do you need a specific constraint on the cn attribute regardless of the full dn ? – Mezzotint 1/8, 2023 at 14:10

1. I set config.schema = null because I want to import some data from my existing samba server. More context could be found here: #76739606 Without this line - import fails and I don't understand what should I put instead of null. Is there way to export schema from existing samba server? 2. "entryAlreadyExists (68)" will be fine although I see a different issue if I try to change userPrincipalName(it was a typo in a topic - edited): – Marquardt 1/8, 2023 at 15:0

error_image – Marquardt 1/8, 2023 at 15:1

So your server uses an AD schema (which is not standard) so yes you would need to export it and import it in the InMemoryDirectoryServer config (though I never tried that but I guess it should be the way to go). I saw in another post that you were using Apache LDAP Browser, I think you can use it to export the schema as an ldif entry. – Mezzotint 1/8, 2023 at 15:30

@Mezzotint could you please share a bit more details how can I get AD schema which I can use in InMemoryDirectoryServerConfig ? – Marquardt 1/8, 2023 at 15:40

In this post you are using an LDAP browser, why not using it to connect to your AD and explore the schema entry, which you can export just like any other entry. Once you have a schema.ldif file, you can use ldapsdk ldif tools to load it and set it as your schema, ie. see how the default schema is loaded here – Mezzotint 1/8, 2023 at 15:52

@Mezzotint sorry but I didn't get how can I get(export) schema.ldif file from LDAP browser ? could you provide step by step explanation ? – Marquardt 3/8, 2023 at 16:54

So I just tried and must admit it's not that simple, you may have found another way in the meantime but for the record : 1. From the Root DSE entry read the subschemaSubentry's dn, 2. Expose the subschema in the DIT, so that you can then 3. Export it as LDIF via the context menu (in the dialog check both user and operational attributes, and set the scope to 'Object'). – Mezzotint 5/8, 2023 at 14:18

You could do the same (step 1 and 3) with ldapsearch : ldapsearch ... -LLL -s base -b '' 'subschemaSubentry', then ldapsearch ... -LLL -s base -b <dnFromStep1> '*' '+' > schema.ldif. In fact, the most straightforward way would be to connect to your AD and read the schema using ldap-sdk directly (why didn't I think about that in the first place is another question.. though I haven't tested) : ds.getSchema().getSchemaEntry().toLDIFString(). – Mezzotint 5/8, 2023 at 14:27

@Mezzotint I was able to follow step 1 but I don't understand where should I click to expose the schema – Marquardt 9/8, 2023 at 16:24

i.sstatic.net/PPmxP.jpg – Marquardt 9/8, 2023 at 16:32

On my side it's a down arrow but on yours it's should be the 3 vertical dots, see your screenshot right above the dropdown "CN=Aggregate,CN=...". – Mezzotint 9/8, 2023 at 16:46

Oh, thanks - I was able to make ldif export. But I've got very short file, Is it expected ? i.sstatic.net/d83km.jpg – Marquardt 9/8, 2023 at 18:56

I would say no, but it depends what very short means. Do you have any other subschemaSubentry ? – Mezzotint 9/8, 2023 at 19:5

As short as on my screenshot. – Marquardt 10/8, 2023 at 6:32

About your question. Do you have any other subschemaSubentry ? I am not sure how to check it but I can provide couple of screenshots. Hope it will answer the question – Marquardt 10/8, 2023 at 9:23

i.sstatic.net/jZGLP.jpg – Marquardt 10/8, 2023 at 9:26

i.sstatic.net/fTxSX.jpg – Marquardt 10/8, 2023 at 9:28

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags