directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRSERVER-1743) ReplicationConsumerImpl fails to connect when startTLS is enabled
Date Wed, 26 Dec 2012 21:38:16 GMT

     [ https://issues.apache.org/jira/browse/DIRSERVER-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Emmanuel Lecharny updated DIRSERVER-1743:
-----------------------------------------

    Fix Version/s:     (was: 2.0.0-M9)
                   2.0.0-M10
    
> ReplicationConsumerImpl fails to connect when startTLS is enabled
> -----------------------------------------------------------------
>
>                 Key: DIRSERVER-1743
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1743
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: 2.0.0-M7
>         Environment: All
>            Reporter: Paul Bayliss
>              Labels: patch
>             Fix For: 2.0.0-M10
>
>         Attachments: ReplicationConsumerImpl.diff
>
>
> When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled the first
connection attempt fails with the the exception below. This occurs because there is no TCP
connection established when the LDAP Start TLS extended request is attempted.
> 16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to bind with the
given bindDN and credentials
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: Cannot connect
on the server, the connection is null
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> 	at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> 	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> 	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> 	at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> 	at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]
> Subsequent connection attempts fail if confidentiality is enabled as the ReplicationConsumerImpl
connect() code bypasses the startTLS if the LdapNetworkConnection has already been created.
This results in the following exception.
> 16:42:09,452 | WARN  | Thread-24 | ReplicationConsumerImpl[244] 
> org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException:
Confidentiality (TLS secured connection) is required.
> 	at org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12]
> 	at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> 	at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> 	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> 	at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> 	at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> 	at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]
> A fix to both exceptions is to ensure that the LDAPNetworkConnection startTls() call
is preceeded with a call to LDAPNetworkConnection connect() and and also ensure that if startTLS
 is enabled, the calls to connect() and startTls() are made for each ReplicationConsumerImpl
connection attempt.
> I will attach an svn diff of the fix that works within my development environment.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message