directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Carr (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (DIRAPI-173) When using TLS and multiple binds, LdapNetworkConnection attempts to start TLS multiple times
Date Mon, 13 Jan 2014 16:56:51 GMT

     [ https://issues.apache.org/jira/browse/DIRAPI-173?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

David Carr updated DIRAPI-173:
------------------------------

    Attachment: DIRAPI-173.patch

Attached patch appears to fix the issue for me.  It moves the startTls call from bindAsync
(which is called for each bind) to the end of connect (which is only reached if it's actually
necessary to initialize a new connection).

> When using TLS and multiple binds, LdapNetworkConnection attempts to start TLS multiple
times
> ---------------------------------------------------------------------------------------------
>
>                 Key: DIRAPI-173
>                 URL: https://issues.apache.org/jira/browse/DIRAPI-173
>             Project: Directory Client API
>          Issue Type: Bug
>    Affects Versions: 1.0.0-M20
>         Environment: OpenLDAP 2.4.28
>            Reporter: David Carr
>         Attachments: DIRAPI-173.patch
>
>
> As per RFC 4511, it's valid to send multiple bind requests in a session to change authentication.
 However, this doesn't appear to be working for me when connecting to OpenLDAP with TLS enabled.
> http://tools.ietf.org/html/rfc4511#section-4.2.1
> To reproduce, create a LdapConnectionConfig with useTls set to true, create a LdapNetworkConnection
using this config, and bind multiple times.  Each bind will result in startTls being called.
> In my environment, this results in an exception:
> {code}
> ERROR [2014-01-13 16:19:15,132] com.yammer.dropwizard.jersey.LoggingExceptionMapper:
Error handling a request: 9d18293abdadfe2a
> ! org.apache.directory.api.ldap.model.exception.LdapOperationException: TLS already started
> ! at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3678)
~[vault-shadow.jar:0.1.0]
> ! at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1161)
~[vault-shadow.jar:0.1.0]
> ! at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1076)
~[vault-shadow.jar:0.1.0]
> ! at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:121)
~[vault-shadow.jar:0.1.0]
> ! at org.apache.directory.ldap.client.api.LdapConnection$bind.call(Unknown Source) ~[na:na]
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

Mime
View raw message