Return-Path: X-Original-To: apmail-directory-dev-archive@www.apache.org Delivered-To: apmail-directory-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3E45EE2A8 for ; Sun, 3 Mar 2013 05:51:19 +0000 (UTC) Received: (qmail 53588 invoked by uid 500); 3 Mar 2013 05:51:17 -0000 Delivered-To: apmail-directory-dev-archive@directory.apache.org Received: (qmail 53400 invoked by uid 500); 3 Mar 2013 05:51:17 -0000 Mailing-List: contact dev-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Apache Directory Developers List" Delivered-To: mailing list dev@directory.apache.org Received: (qmail 52408 invoked by uid 99); 3 Mar 2013 05:51:16 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 03 Mar 2013 05:51:16 +0000 Date: Sun, 3 Mar 2013 05:51:16 +0000 (UTC) From: "Emmanuel Lecharny (JIRA)" To: dev@directory.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (DIRSERVER-1743) ReplicationConsumerImpl fails to connect when startTLS is enabled MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/DIRSERVER-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Emmanuel Lecharny updated DIRSERVER-1743: ----------------------------------------- Fix Version/s: (was: 2.0.0-M11) 2.0.0-M12 > ReplicationConsumerImpl fails to connect when startTLS is enabled > ----------------------------------------------------------------- > > Key: DIRSERVER-1743 > URL: https://issues.apache.org/jira/browse/DIRSERVER-1743 > Project: Directory ApacheDS > Issue Type: Bug > Components: ldap > Affects Versions: 2.0.0-M7 > Environment: All > Reporter: Paul Bayliss > Labels: patch > Fix For: 2.0.0-M12 > > Attachments: ReplicationConsumerImpl.diff > > > When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled the first connection attempt fails with the the exception below. This occurs because there is no TCP connection established when the LDAP Start TLS extended request is attempted. > 16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to bind with the given bindDN and credentials > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: Cannot connect on the server, the connection is null > at org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at java.lang.Thread.run(Thread.java:680)[:1.6.0_33] > Subsequent connection attempts fail if confidentiality is enabled as the ReplicationConsumerImpl connect() code bypasses the startTLS if the LdapNetworkConnection has already been created. This results in the following exception. > 16:42:09,452 | WARN | Thread-24 | ReplicationConsumerImpl[244] > org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException: Confidentiality (TLS secured connection) is required. > at org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12] > at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at java.lang.Thread.run(Thread.java:680)[:1.6.0_33] > A fix to both exceptions is to ensure that the LDAPNetworkConnection startTls() call is preceeded with a call to LDAPNetworkConnection connect() and and also ensure that if startTLS is enabled, the calls to connect() and startTls() are made for each ReplicationConsumerImpl connection attempt. > I will attach an svn diff of the fix that works within my development environment. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira