I've added a new user to AD using JNDI LDAP. And I've enable the account programmatically as well. However if I attempt to add the user to an AD Group I get and error that indicates that an Entry Already exists. See Results below for exception thrown.
"Domain Admins" is the group name but it appears that its complaining that I'm trying to re-add the group. Here is my code.
Any example that I've found on forums does it similarly.
public void addUserToGroup() throws NamingException {
String groupDN = "CN=Domain Admins,CN=Users,DC=mydomain,DC=org";
// Create the objectclass
Attribute objClasses = new BasicAttribute("objectClass");
objClasses.add("top");
objClasses.add("group");
// Create a entry set of attributes
Attributes attrs = new BasicAttributes();
Attribute member = new BasicAttribute("member", getUserDN("jdoe"));
// Add these to the container
attrs.put(objClasses);
attrs.put(member);
try {
context.modifyAttributes(groupDN, DirContext.ADD_ATTRIBUTE, attrs);
} catch (Exception e) {
LOGGER.severe("Failed to Add User to Domain Admins -- ");
}
}
public String getUserDN(String aUsername) {
return "CN=" + aUsername + ",CN=" + "Users,DC=mydomain,DC=org";
}
This is the resulting exception thrown...
javax.naming.NameAlreadyBoundException: [LDAP: error code 68 - 00000562: UpdErr: DSID-031A11E2, problem 6005 (ENTRY_EXISTS), data 0
]; remaining name 'CN=Domain Admins,CN=Users,DC=mydomain,DC=org'
You are adding an attribute with values that already exist on the object: objectClass.
When you use DirContext.ADD_ATTRIBUTE the LDAP server assumes new values, not replacing existing values.
Why are you adding that to the modification? Just adding the member attribute is enough.
Try without the objectClass attribute and it should work.
It's been a while since I've worked w/JNDI (which is a 20 year old library BTW), but I still have something to offer here.
LDAP errors generally mean what they say, so I don't doubt the error means exactly what it says (entry already exists). This of course contradicts your code, which appears to only want to do an ldapmodify operation.
I would want to see what happens "on the wire", so how about grabbing the LDAP protocol using tcpdump or wireshark, and check to see if it's actually sending a MOD or an ADD operation? In theory this error 68 should only come from an ADD, so let's see those packets and find out what really happened.
Related
When I am adding an entry
var objectEntity = new ObjectStaging();
objectEntity .CreatedBy = ClaimsPrincipal.Current.Identity.Name;
objectEntity .ModifiedBy = ClaimsPrincipal.Current.Identity.Name;
objectEntity .Set(ObjectInfo);
database.ObjectStaging.Add(objectEntity);
database.SaveChanges();
For some reason, my objectEntity is not being added to my database given the following code. When using the debugger, it moves through database.ObjectStaging.Add(objectEntity); but does not continue after calling SaveChanges(). Is there a way to know why it is failing to add the entry to the database?
Exception Thrown:
Exception thrown:
'System.Data.Entity.Validation.DbEntityValidationException' in
VCC.BrokerPortal.DAO.dll Validation failed for one or more entities.
See 'EntityValidationErrors' property for more details.
Is there a way to know what specifically did not validate?
Also, I tested the state of the entity using the following lines of code,
database.ObjectStaging.Add(objectEntity);
var state= brokerPortalDB.Entry(objectEntity).State;
state currently shows the value of 'added'.
Thank you!
I ended up looking into the exception thrown and it appears it was related to one of the properties not having proper validation. In this instance I had a [MaxLength] attribute assigned to a field and I was trying to add a value longer than that length allowed.
Problem
I am creating a web app in asp.net core with ef core using with Repository pattern. Ii am trying to insert an entity it works fine when i trying to check whether it is already exist in db or then if yes than update the same entity in same api it gives me this error.
System.InvalidOperationException: 'The instance of entity type 'Consultation' cannot be tracked because another instance of this type with the same key is already being tracked. When adding new entities, for most key types a unique temporary key value will be created if no key is set (i.e. if the key property is assigned the default value for its type). If you are explicitly setting key values for new entities, ensure they do not collide with existing entities or temporary values generated for other new entities. When attaching existing entities, ensure that only one entity instance with a given key value is attached to the context.'
Image
code
insert api
[HttpPost]
public ApiResponse InsertConsultation([FromBody] Consultation consultation)
{
if (!ModelState.IsValid)
{
return new ApiResponse(StatusCodes.Status400BadRequest, error: "error");
}
var consult = _consultationService.GetConsultationById(consultation.Id);
if (consult !=null)
{
_consultationService.UpdateConsultation(consultation);
return new ApiResponse(StatusCodes.Status200OK, success: "isSuccess");
}
_consultationService.InsertConsultation(consultation);
return new ApiResponse(StatusCodes.Status201Created, success: "isSuccess");
}
The update process is
1- Retrieve the object which is consult in your code:
var consult = _consultationService.GetConsultationById(consultation.Id);
2- make change to the retrieval object (copy content from consultation to consult) you don't have it.
3- update the object consult
4- save change.
Maybe try this for the line before SaveChanges().
_context.AddOrUpdate(entity);
This needs the System.Data.Entity.Migrations namespace.
Your question might already be answered here:
Update Row if it Exists Else Insert Logic with Entity Framework
I'm facing some strange issues when I try to fetch(Connect PHP API)/searchContent(Knowledge Foundation API) following the tutorials/documentations.
Behaviour and output
Following the documentation, we initialize the API. The function error_get_last() (called after the fetch) states that the core read-only file (we are not allowed to modify it) contains an error:
Array ( [type] => 8 [message] => Undefined index: REDIRECT_URL [file] => /cgi-bin/${interface_name}.cfg/scripts/cp/core/framework/3.2.4/init.php [line] => 246 )
After initialization, we call the fetch function to retrieve an account. If we give a wrong ID, it returns an error:
Invalid ID: No such Account with ID = 32
Otherwise, furnishing a correct ID returns an Account object with all fields populated as NULL:
object(RightNow\Connect\v1_2\Account)#22 (25) {
["ID"]=>
NULL
["LookupName"]=>
NULL
["CreatedTime"]=>
NULL
["UpdatedTime"]=>
NULL
["AccountHierarchy"]=>
NULL
["Attributes"]=>
NULL
["Country"]=>
NULL
["CustomFields"]=>
NULL
["DisplayName"]=>
NULL
["DisplayOrder"]=>
NULL
["EmailNotification"]=>
NULL
["Emails"]=>
NULL
["Login"]=>
NULL
/* [...] */
["StaffGroup"]=>
NULL
}
Attempts, workaround and troubleshooting information
Configuration: The account used using the InitConnectAPI() has the permissions
Initialization: Call to InitConnectAPI() not throwing any exception(added a try - catch block)
Call to the fetch function: As said above, the call to RNCPHP\Account::fetch($act_id) finds the account (invalid_id => error) but doesn't manage to populate the fields
No exception is thrown on the RNCPHP::fetch($correct_id) call
The behaviour is the same when I try to retrieve an answer following a sample example from the Knowledge Foundation API : $token = \RNCK::StartInteraction(...) ; \RNCK::searchContent($token, 'lorem ipsum');
Using PHP's SoapClient, I manage to retrieve populated objects. However, It's not part of the standard and a self-call-local-WebService is not a good practice.
Code reproducing the issue
error_reporting(E_ALL);
require_once(get_cfg_var('doc_root') . '/include/ConnectPHP/Connect_init.phph');
InitConnectAPI();
use RightNow\Connect\v1_2 as RNCPHP;
/* [...] */
try
{
$fetched_acct = RNCPHP\Account::fetch($correct_usr_id);
} catch ( \Exception $e)
{
echo ($e->getMessage());
}
// Dump part
echo ("<pre>");
var_dump($fetched_acct);
echo ("</pre>");
// The core's error on which I have no control
print_r(error_get_last());
Questions:
Have any of you face the same issue ? What is the workaround/fix which would help me solve it ?
According to the RNCPHP\Account::fetch($correct_usr_id) function behaviour, we can surmise that the issue comes from the 'fields populating' step which might be part of the core (on which I have no power). How am I supposed to deal with this (fetch is static and account doesn't seem abstract) ?
I tried to use the debug_backtrace() function in order to have some visibility on what may go wrong but it doesn't output relevant information. Is there any way I can get more debug information ?
Thanks in advance,
Oracle Service Cloud uses lazy loading to populate the object variables from queried data using Connect for PHP APIs. When you output the result of an object, it will appear as each variable is empty, per your example. However, if you access the parameter, then it becomes available. This is only an issue when you try to print your object, like this example. Accessing the data should be immediate.
To print your object, like in your example, you would need to iterate through the object variables and access each one first. You could build a helper class to do that through reflection. But, to illustrate with a single field, do the following:
$acct = RNCPHP\Account::fetch($correctId);
$acct->ID;
print_r($acct); // Will now "show" ID, but none of the other fields have been loaded.
In the real world, you probably just want to operate on the data. So, even though you cannot "see" the data in the object, it's there. In the example below, we're accessing the updated time of the account and then performing an action on the object if it meets a condition.
//Set to disabled if last updated < 90 days ago
$acct = RNCPHP\Account::fetch($correctId);
$chkDate = time() - 7776000;
if($acct->UpdatedTime < $chkDate){
$acct->Attributes->PermanentlyDisabled = true;
$acct->save(RNCPHP\RNObject::SuppressAll);
}
If you were to print_r the object after the if condition, then you would see the UpdatedTime variable data because it was loaded at the condition check.
I have a completely empty RavenHQ database that's linked to my Appharbor application. The amount of space the database is currently using is 1.1mb out of an available 25mb for my bronze account. The database previously had records in it, but I have deleted them using "delete collection" in the management studio.
The very first time I call session.Store(myobject), and BEFORE I call .SaveChanges(), I get the following error.
System.InvalidOperationException: Url: "/docs/Raven/Hilo/AccItems"
Raven.Database.Exceptions.OperationVetoedException: PUT vetoed by Raven.Bundles.Quotas.Triggers.DatabaseSizeQoutaForDocumetsPutTrigger because: Database size is 45,347 KB, which is over the allowed quota of 25,600 KB. No more documents are allowed in.
Now, the document is definitely not that big, so I don't know what this error can mean, especially as I don't think I've even hit the database at that point since I haven't closed the session by calling SaveChanges(). Any ideas? Here's the code itself.
XDocument doc = XDocument.Parse(rawXml);
var accItems = ExtractItemsFromFeed(doc);
using (IDocumentSession session = _store.OpenSession())
{
var dbItems = session.Query<AccItem>().ToList();
foreach (var item in accItems)
{
var existingRecord = dbItems.SingleOrDefault(x => x.Source == x.SourceId == cottage.SourceId);
if (existingRecord == null)
{
session.Store(item);
_logger.Info("Saved new item {0}.", item.ShortName);
}
else
{
existingRecord.ShortName = item.ShortName;
_logger.Info("Updated item {0}.", item.ShortName);
}
session.SaveChanges();
}
}
Any other comments about the style of this code would be most welcome, as I was unsure of the best way to approach the "update existing item or create if it isn't there" scenario.
The answer here was as follows.
RavenHQ support found that the database was indeed oversized, but it seemed that the size reported in the Appharbor-branded RavenHQ control panel was incorrect. I had filled up the database way over the limit with a previous faulty version of the code posted above, so the error message I received was actually correct.
Fixing this problem without paying to upgrade the database wasn't straightforward, as it's not possible to shrink the database. As I also wasn't able to delete my single Appharbor/RavenHQ database or create another one that left me with the choice of creating an entirely new Appharbor application, or registering directly with RavenHQ for a new account. I chose the latter. The RavenHQ-branded control panel is slightly different to the Appharbor one, in that it has the ability to create and delete databases.
So to summarize: there doesn't seem to be any benefit to using RavenHQ as an add-on to Appharbor - you might as well go and get a proper free RavenHQ account.
I'm building a C# application which uses plug-ins. The application must guarantee to the user that plug-ins will not do whatever they want on the user machine, and will have less privileges that the application itself (for example, the application can access its own log files, whereas plug-ins cannot).
I considered three alternatives.
Using System.AddIn. I tried this alternative first, because it seamed much powerful, but I'm really disappointed by the need of modifying the same code seven times in seven different projects each time I want to modify something. Besides, there is a huge number of problems to solve even for a simple Hello World application.
Using System.Activator.CreateInstance(assemblyName, typeName). This is what I used in the preceding version of the application. I can't use it nevermore, because it does not provide a way to restrict permissions.
Using System.Activator.CreateInstance(AppDomain domain, [...]). That's what I'm trying to implement now, but it seems that the only way to do that is to pass through ObjectHandle, which requires serialization for every used class. Although plug-ins contain WPF UserControls, which are not serializable.
So is there a way to create plug-ins containing UserControls or other non serializable objects and to execute those plug-ins with a custom PermissionSet ?
One thing you could do is set the current AppDomain's policy level to a restricted permission set and add evidence markers to restrict based on strong name or location. The easiest would probably be to require plugins are in a specific directory and give them a restrictive policy.
e.g.
public static void SetRestrictedLevel(Uri path)
{
PolicyLevel appDomainLevel = PolicyLevel.CreateAppDomainLevel();
// Create simple root policy normally with FullTrust
PolicyStatement fullPolicy = new PolicyStatement(appDomainLevel.GetNamedPermissionSet("FullTrust"));
UnionCodeGroup policyRoot = new UnionCodeGroup(new AllMembershipCondition(), fullPolicy);
// Build restrictred permission set
PermissionSet permSet = new PermissionSet(PermissionState.None);
permSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
PolicyStatement permissions = new PolicyStatement(permSet, PolicyStatementAttribute.Exclusive);
policyRoot.AddChild(new UnionCodeGroup(new UrlMembershipCondition(path.ToString()), permissions));
appDomainLevel.RootCodeGroup = policyRoot;
AppDomain.CurrentDomain.SetAppDomainPolicy(appDomainLevel);
}
static void RunPlugin()
{
try
{
SetRestrictedLevel(new Uri("file:///c:/plugins/*"));
Assembly a = Assembly.LoadFrom("file:///c:/plugins/ClassLibrary.dll");
Type t = a.GetType("ClassLibrary.TestClass");
/* Will throw an exception */
t.InvokeMember("DoSomething", BindingFlags.InvokeMethod | BindingFlags.Public | BindingFlags.Static,
null, null, null);
}
catch (Exception e)
{
Console.WriteLine(e.ToString());
}
}
Of course this isn't rigorously tested and CAS policy is notoriously complex so there is always a risk that this code might allow some things to bypass the policy, YMMV :)