I’ve recently been adding Groupwise functionality to GADfly which means using COM as that’s the only way to access the Groupwise Admin API, via the Groupwise client. I’ll go over how to do that in a later post but once I’d plumbed the COM functionality into GADfly via my MatrixClient for C#, I started to get a weird error. The basic setup is I register a message handler to deal with GW messages with MatrixClient and when a message arrives on a JMS topic, my durable subscriber gets the message, parses out the info and create a Groupwise account from it. However, the event handler was causing the GW class to barf in a big way:

Unable to cast COM object of type 'AdminTypeLibrary.SystemClass' to interface type 'AdminTypeLibrary.DIADSystem'.
This operation failed because the QueryInterface call on the COM component for the interface with
IID '{35FC2357-811A-11D0-8A96-00805FC16077}' failed due to the following error:
No such interface supported (Exception from HRESULT: 0x80004002 (E_NOINTERFACE)) (more...)

I have a bit of a problem with “cross platform” development at the moment. I’m running Windows XP inside an ActiveDirectory forest using VMware Fusion from OSX. A nasty experience a while ago means writing code on a virtual machine’s hard disk is insanity itself. If something happens to the slice you lose everything. OK, you won’t if it’s in source control but using subversion or git from Windows is a pain. Also, why duplicate backup/vss options on a slice when I’m already using everything just fine from OSX? So instead, I develop via a shared folder. I write all the C# code via VisualStudio which points to the “network” share.

I’ve pretty much finalised the design of GADfly, with a Windows service using a durable consumer to pull messages from a dedicated topic provided by Apache ActiveMQ inside Apache Camel. Just needed to try it out for real, so I knocked up FlyTrap, a small Windows GUI app to send messages to a test topic and consume them, using the GADfly functionality to create and delete accounts and directories in ActiveDirectory.

It’s a very simple app that tells you how long it took to create and delete the accounts and directories, including the messaging time:

I use XMLBeans extensively in Java so I don’t have to work with raw XML, especially SAX, as it’s a real pain to deal with. XMLBeans, given an XSD and xsdconfig will create a load of Java classes that map directly to the XML documents. All very nice but what about C#? When I was doing the C++ version of GADfly I was back into raw XML but there is something quite nice you can use in C# to get much the same effect as XMLBeans. It’s called xsd.exe

If you give it a schema and some params it’ll create classes you can serialize/deserialize to/from XML. Let’s say you have this simple schema: (more…)

Here’s something interesting. Running this in the Active Directory forest resolves to a real user in the domain:

NTAccount adUser = new System.Security.Principal.NTAccount("domain\testuser");

If you pass this NTAccount to the remote filesystem to add as the owner of a directory, as long as the remote system can resolve that user, everything is fine. However, if the remote system cannot resolve the user, it uses the SID instead. Which isn’t good. However, after the next replication, the SID is replaced by the resolved user. That is good!

UPDATE – 7/11/09

Must have been due to replication leaving the test user hanging around. Starting with a completely new user, if the server where the directory is created can’t find the user, it raises a System.Security.Principal.IdentityNotMappedException

I’ve now got a useable message routing service set up but I’m also getting language overload I think. Not to mention trying to remember debugger commands for each IDE and when to add “;” to the end of code lines and when not! All good fun:

• Matrix. Central ESB with routing, Apache Camel with embedded Apache ActiveMQ. Custom handlers for archiving messages are in Java
• Identity Beans. Java classes for working with the identity information.
• GADfly. Active Directory provisioning engine in C#
• GADflyUI. The front end to GADfly. Windows Forms in C#
• Feeder-test. Simple client to drive the provisioning testing. Ruby

I’ve branched off the C++ version of GADfly as it’s just too much to cope with, all that unicode handling that you have to do yourself and rats nests of pointers to pointers, not to mention keeping track of VARIANTs and remembering to free up allocated memory. It works fine but I won’t be developing it further any time soon, unless I hit a major problem with the C# version.

I’ve ported the C++ STOMP code to C# with just a little problem, in that the STOMP support in ActiveMQ NMS doesn’t work. No to worry, the default protocol does. The first thing you need is ActiveMQ NMS (.NET Messaging). I used the 1.1.0 source release downloaded from here. You’ll also need nant to build it. Unzip nms-1.1.0 to NMS_SRC_HOME and make a quick change to nant-common.xml otherwise you’ll get this error:

Unknown function 'platform::is-windows()' (more...)

Initially I didn’t think I had time to delve into C# when writing the ActiveDirectory stuff to manage users programatically, so I stuck with C++/COM as I knew how to work that way, at least once I’d scraped the rust off those parts of my COM brain. Anyway, after the hassle of dealing with XML and JMS topics from C++ I decided to look into it a bit more and after literally half a day of research/coding and while dealing with other major issues at the same time (who says we don’t multitask?!), I ported GADfly to C#. I must say, I am astounded, completely and utterly. Basically, C++/COM has more or less been “updated” with C#/.NET but you can still get to the underlying COM functionality but not in the messy way VB used to let you. C# has native support for ADSI as well as incredibly simple remote IO support. So how do you create a user, their home directory and give them ownership/full rights in ActiveDirectory using C#? Have a gander at this. No VARIANT, allocing, releasing or anything grubby like that. Behold! But remember to run it inside the domain to allow the admin user access to the remote filesystem. (more…)

It’s like the dark ages in here just now. Being so used to working in Java with XMLBeans I’ve been spoiled when it comes to XML handling. I never have to see it. OK, I have to design XML schemata now and then if they don’t exist but it means I can work on XML as domain objects. Now, working in C++ again, it’s back to raw XML. Here’s an example:

<user>
  <id>test</id>
</user>

with Java and XMLBeans I could just do:

userDoc.getUser().getId().getValue();

with C++ I have to do a bit more work: (more…)

Worried about what clients are consuming messages on your broker? Implement a MessageAuthorizationPolicy. Add it to your camel-config:

<broker useJmx="true" persistent="false"
    xmlns="http://activemq.apache.org/schema/core">
  <messageAuthorizationPolicy>
    <bean class="org.funnyfarm.security.MessageGuard"
        xmlns="http://www.springframework.org/schema/beans"/>
  </messageAuthorizationPolicy>

  <transportConnectors>
    <transportConnector uri="tcp://localhost:61616" />
    <transportConnector name="stomp" uri="stomp://localhost:61613"/>
  </transportConnectors>
</broker> (more...)