directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Bayliss (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRSERVER-1743) ReplicationConsumerImpl fails to connect when startTLS is enabled
Date Thu, 16 Aug 2012 20:55:38 GMT
Paul Bayliss created DIRSERVER-1743:
---------------------------------------

             Summary: ReplicationConsumerImpl fails to connect when startTLS is enabled
                 Key: DIRSERVER-1743
                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1743
             Project: Directory ApacheDS
          Issue Type: Bug
          Components: ldap
    Affects Versions: 2.0.0-M7
         Environment: All
            Reporter: Paul Bayliss


When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled the first connection
attempt fails with the the exception below. This occurs because there is no TCP connection
established when the LDAP Start TLS extended request is attempted.

16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to bind with the given
bindDN and credentials
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: Cannot connect
on the server, the connection is null
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
	at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
	at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]

Subsequent connection attempts fail if confidentiality is enabled as the ReplicationConsumerImpl
connect() code bypasses the startTLS if the LdapNetworkConnection has already been created.
This results in the following exception.

16:42:09,452 | WARN  | Thread-24 | ReplicationConsumerImpl[244] 
org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException:
Confidentiality (TLS secured connection) is required.
	at org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12]
	at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
	at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
	at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
	at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]

A fix to both exceptions is to ensure that the LDAPNetworkConnection startTls() call is preceeded
with a call to LDAPNetworkConnection connect() and and also ensure that if startTLS  is enabled,
the calls to connect() and startTls() are made for each ReplicationConsumerImpl connection
attempt.

I will attach an svn diff of the fix that works within my development environment.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message