directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-1830) when ads-pwdMaxIdle > 0 no more authentication possible
Date Tue, 07 May 2013 16:55:16 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-1830?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13651047#comment-13651047
] 

Emmanuel Lecharny commented on DIRSERVER-1830:
----------------------------------------------

The check is done when we try to authenticate a user. At this time, the PwdLastSuccess attrubute
is not yet set. We set it later.

What I don't get is that we have a unit test that checks this use case ;

    /**
     * Check the maxIdle : if the user does not bind for more than this delay,
     * the password is locked.
     */
    @Test
    public void testPwMaxIdle() throws Exception
    {
        policyConfig.setPwdMaxIdle( 5 );

        Dn userDn = new Dn( "cn=userLockout4,ou=system" );
        LdapConnection adminConnection = getAdminNetworkConnection( getLdapServer() );

        addUser( adminConnection, "userLockout4", "12345" );

        // We should succeed
        checkBindSuccess( userDn, "12345" );

        // Wait 5 seconds now
        Thread.sleep( 5000 );

        // We shpuld not be able to succeed now
        checkBindFailure( userDn, "12345" );

        adminConnection.close();
    }


I can assure you that you can successfully bind, then when there is no bind for 5 seconds,
the bind fails.

Pierre-Arnaud suggested that it might be an issue with the pool of connection. Can you try
to do the same test, but with a connection you create, not one you pull from the pool ?
                
> when ads-pwdMaxIdle > 0 no more authentication possible
> -------------------------------------------------------
>
>                 Key: DIRSERVER-1830
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1830
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ldap
>    Affects Versions: 2.0.0-M11
>         Environment: CentOS
>            Reporter: Michael Witzel
>
> when I configure ads-pwdMaxIdle > 0 no authentication is possible, neither with admin,
nor with other users
> Eclipse Studio:
> Fehler beim Öffnen der Verbindung
>  - [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate
user uid=admin,ou=system]
> java.lang.Exception: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229
Cannot authenticate user uid=admin,ou=system]
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.checkResponse(DirectoryApiConnectionWrapper.java:1279)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.access$600(DirectoryApiConnectionWrapper.java:109)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:450)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1174)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:459)
> 	at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:307)
> 	at org.apache.directory.studio.connection.core.jobs.OpenConnectionsRunnable.run(OpenConnectionsRunnable.java:114)
> 	at org.apache.directory.studio.connection.core.jobs.StudioConnectionJob.run(StudioConnectionJob.java:109)
> 	at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
> [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate
user uid=admin,ou=system]
> wrapper.log
> INFO   | jvm 1    | 2013/04/18 14:24:06 | [14:24:06] ERROR 
> [org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler] - ERR_169 failed
to unbind session properly
> INFO   | jvm 1    | 2013/04/18 14:24:06 | org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException:
ERR_268 Cannot find a partition for 
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:927)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.unbind(DefaultPartitionNexus.java:794)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1159)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> INFO   | jvm 1    | 2013/04/18 14:24:06 |       at java.lang.Thread.run(Thread.java:662)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message