ldapapacheds

Can someone tell me how to use move method of LdapNetworkConnection correctly in Apache LDAP API or it's a bug in their API?


I am using Apache LDAP API to help our clients connect to their LDAP server and do what they want through our program.But I can't make it when I use the mothod public void move( String entryDn, String newSuperiorDn ) throws LdapException in LdapNetworkConnection。 Here is my user.ldif:

version: 1
dn: dc=myorg,dc=com
objectClass: domain
objectClass: top
dc: myorg

dn: ou=Users,dc=myorg,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Users

dn: ou=Groups,dc=myorg,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Groups

dn: cn=LdapTester1,ou=Users,dc=myorg,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: Test1 Ldap
sn: Ldap
uid: ldaptest1
userPassword: 12345

dn: cn=elecharny,ou=system
objectClass: top
objectClass: person
objectClass: extensibleObject
sn:: RW1tYW51ZWwgTMOpY2hhcm55
cn: elecharny
givenName: Ele
userPassword:: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKbHnLFs5N2PHk0gkyI/g3XeIdjxnWOAW5RVap4zWZuNY4gNGH1MhfHPVHcy6WEMoo+zaxU0Xh+Iv6BzrIa70IUCAwEAAQ== })

I want to move the entry cn=elecharny,ou=system and expect it be cn=elecharny,ou=Users,dc=myorg,dc=com. When running the code, all the asserts before the move operation is ok. It means the entry ou=Users,dc=myorg,dc=com exists. But I got the following exception:

org.apache.directory.api.ldap.model.exception.LdapOperationErrorException: OPERATIONS_ERROR: failed for MessageType : MODIFYDN_REQUEST
Message ID : 4
    ModifyDN Response
        Entry : 'cn=elecharny,ou=system'
        Delete old Rdn : false
        New superior : 'ou=Users,dc=myorg,dc=com'
org.apache.directory.api.ldap.model.message.ModifyDnRequestImpl@bb289011: ERR_256_NO_SUCH_OBJECT Entry ou=Users,dc=myorg,dc=com does not exist!:
org.apache.directory.api.ldap.model.exception.LdapOperationErrorException: ERR_256_NO_SUCH_OBJECT Entry ou=Users,dc=myorg,dc=com does not exist!

It's so confusing. I have tried to sovle this for a few days. Unfortunately, I haven't found the solution. Can someone help me ?

    // Define the DirectoryService
@CreateDS(name = "myDS",
        partitions = {
                @CreatePartition(name = "test", suffix = "dc=myorg,dc=com")
        })
// Define the LDAP protocol layer
@CreateLdapServer(
        transports = {
                @CreateTransport(protocol = "LDAP"),
                @CreateTransport(protocol = "LDAPS")
        },
        allowAnonymousAccess = true,
        extendedOpHandlers = {StartTlsHandler.class}
)
// Inject a file containing entries
@ApplyLdifFiles({"users.ldif"})
public class LdapConnectTest{
    @Test
    public void testMove() throws Exception {
        LdapConnectionConfig connectionConfig = new LdapConnectionConfig();
        connectionConfig.setLdapHost(Network.LOOPBACK_HOSTNAME);
        connectionConfig.setLdapPort(ldapServer.getPort());
        connectionConfig.setName("cn=LdapTester1,ou=Users,dc=myorg,dc=com");
        connectionConfig.setCredentials("12345");
        try(LdapNetworkConnection ldapNetworkConnection = new LdapNetworkConnection(connectionConfig)) {
            ldapNetworkConnection.connect();
            ldapNetworkConnection.bind();
            assertTrue(ldapNetworkConnection.isConnected());
            assertTrue(ldapNetworkConnection.isAuthenticated());

            assertTrue(ldapNetworkConnection.exists("cn=elecharny,ou=system"));
            assertTrue(ldapNetworkConnection.exists("ou=Users,dc=myorg,dc=com"));
            ldapNetworkConnection.move("cn=elecharny,ou=system", "ou=Users,dc=myorg,dc=com");
            assertTrue(ldapNetworkConnection.exists("cn=elecharny,ou=Users,dc=myorg,dc=com"));

            ldapNetworkConnection.unBind();
            assertFalse(ldapNetworkConnection.isConnected());
            assertFalse(ldapNetworkConnection.isAuthenticated());
        }
    }
}
org.apache.directory.api.ldap.model.exception.LdapOperationErrorException: OPERATIONS_ERROR: failed for MessageType : MODIFYDN_REQUEST
Message ID : 4
    ModifyDN Response
        Entry : 'cn=elecharny,ou=system'
        Delete old Rdn : false
        New superior : 'ou=Users,dc=myorg,dc=com'
org.apache.directory.api.ldap.model.message.ModifyDnRequestImpl@bb289011: ERR_256_NO_SUCH_OBJECT Entry ou=Users,dc=myorg,dc=com does not exist!:
org.apache.directory.api.ldap.model.exception.LdapOperationErrorException: ERR_256_NO_SUCH_OBJECT Entry ou=Users,dc=myorg,dc=com does not exist!
    at org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition.move(AbstractBTreePartition.java:1922)
    at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.move(DefaultPartitionNexus.java:509)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.move(BaseInterceptor.java:179)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.journal.JournalInterceptor.move(JournalInterceptor.java:276)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.changelog.ChangeLogInterceptor.move(ChangeLogInterceptor.java:283)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.trigger.TriggerInterceptor.move(TriggerInterceptor.java:448)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.event.EventInterceptor.move(EventInterceptor.java:347)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.subtree.SubentryInterceptor.move(SubentryInterceptor.java:1404)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.operational.OperationalAttributeInterceptor.move(OperationalAttributeInterceptor.java:486)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.exception.ExceptionInterceptor.move(ExceptionInterceptor.java:279)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.admin.AdministrativePointInterceptor.move(AdministrativePointInterceptor.java:1479)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.authz.DefaultAuthorizationInterceptor.move(DefaultAuthorizationInterceptor.java:309)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.authz.AciAuthorizationInterceptor.move(AciAuthorizationInterceptor.java:998)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.referral.ReferralInterceptor.move(ReferralInterceptor.java:374)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.authn.AuthenticationInterceptor.move(AuthenticationInterceptor.java:1339)
    at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:531)
    at org.apache.directory.server.core.normalization.NormalizationInterceptor.move(NormalizationInterceptor.java:303)
    at org.apache.directory.server.core.DefaultOperationManager.move(DefaultOperationManager.java:1269)
    at org.apache.directory.server.core.shared.DefaultCoreSession.move(DefaultCoreSession.java:1072)
    at org.apache.directory.server.core.shared.DefaultCoreSession.move(DefaultCoreSession.java:1054)
    at org.apache.directory.server.ldap.handlers.request.ModifyDnRequestHandler.handle(ModifyDnRequestHandler.java:101)
    at org.apache.directory.server.ldap.handlers.request.ModifyDnRequestHandler.handle(ModifyDnRequestHandler.java:40)
    at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
    at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
    at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:243)
    at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:223)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:1019)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:650)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:49)
    at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1141)
    at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:87)
    at org.apache.mina.core.session.IoEvent.run(IoEvent.java:88)
    at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:541)
    at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:493)
    at java.base/java.lang.Thread.run(Thread.java:835)
Caused by: org.apache.directory.api.ldap.model.exception.LdapEntryAlreadyExistsException: ERR_256_NO_SUCH_OBJECT Entry ou=Users,dc=myorg,dc=com does not exist!
    at org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition.move(AbstractBTreePartition.java:1941)
    at org.apache.directory.server.core.partition.impl.btree.AbstractBTreePartition.move(AbstractBTreePartition.java:1917)
    ... 46 more

Solution

  • If there is a bug somewhere it's in the error logging : the ERR_256_NO_SUCH_OBJECT error refers probably to the entry dn: cn=elecharny,ou=system that does not exist - it can't, it's DN is invalid - rather than ou=Users,dc=myorg,dc=com.

    You need to create the system organizational unit if you haven't already (not present in your ldif), and add the entry you thought was to be moved :

    dn: ou=system,dc=myorg,dc=com
    objectClass: organizationalUnit
    objectClass: top
    ou: system
    
    dn: cn=elecharny,ou=system,dc=myorg,dc=com
    objectClass: top
    objectClass: person
    objectClass: extensibleObject
    sn:: RW1tYW51ZWwgTMOpY2hhcm55
    cn: elecharny
    givenName: Ele
    userPassword:: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKbHnLFs5N2PHk0gkyI/g3XeIdjxnWOAW5RVap4zWZuNY4gNGH1MhfHPVHcy6WEMoo+zaxU0Xh+Iv6BzrIa70IUCAwEAAQ== })
    

    Create a new ldif file with the missing entries and use ldapadd -f new_ldif.