directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <>
Subject Re: bind response is too detailed
Date Wed, 01 Apr 2015 07:23:11 GMT
On Mon, Mar 30, 2015 at 7:32 PM, Kiran Ayyagari <>

> Hi John,
> On Fri, Mar 27, 2015 at 7:07 PM, John Strockmeyer <
>> wrote:
>> Hello. I have had this dilemma for some time now. The problem is that the
>> response following an unsuccessful bind contains too much information, and
>> there does not seem to be a way to break it down into individual parts. I
>> am using ApacheDS 2.0.0-M18, and its response consists of three parts that
>> I am interested in:
>> 1) The very first line of a diagnostic message, which may look something
>> like this:
>>        *Diagnostic message : 'INVALID_CREDENTIALS: Bind failed: account
>> was
>> permanently locked*
>> 2) The exception stack that follows immediately after the line in 1.
>> 3) Bind request, which is at the tail end of the response.
>> Here are my issues.
>> 1) There is no way to isolate the first line, which should really be
>> equivalent to Exception.getMessage(). For instance, if some remote
>> web-based client fails to login into my web application, there is no way
>> to
>> specifically notify him about the problem, as I am forced to send him the
>> entire three-part response, which is too much to display in a popup.
> looks like the server is running with DEBUG log level on, in this case
server appends the stacktrace to the above mentioned single diagnostic
message line.

> 2) The exception stack should be retrieved the same way that all stacks are
>> instead of being part of the actual message.
> the exception produced on the server cannot be filled into the exception
on the client side,
client will always have a different stacktrace

> 3) The bind request portion at the end of the response contains a password
>> in cleartext. Typically I would not mind it. But since there is no way to
>> break down the response, I am forced to send this back to the client along
>> with the other two response parts, creating a possible security problem.
>> this was already fixed[1] a while ago and released with M24.

you may consider upgrading to the latest version, 1.0.0-M29, which was
recently released,


> My question is if there is a way to retrieve individual portions of the
>> response? I have looked through the API and could not figure it out. If
>> there is no way, is there perhaps an intention in the future releases to
>> break the response down into the parts I mentioned earlier?
>  I am going to look into this during the next weekend
>> Thank you.
> --
> Kiran Ayyagari

Kiran Ayyagari

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message