directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: bind response is too detailed
Date Wed, 01 Apr 2015 07:23:11 GMT
On Mon, Mar 30, 2015 at 7:32 PM, Kiran Ayyagari <kayyagari@apache.org>
wrote:

> Hi John,
>
> On Fri, Mar 27, 2015 at 7:07 PM, John Strockmeyer <
> john.strockmeyer@gmail.com> wrote:
>
>> Hello. I have had this dilemma for some time now. The problem is that the
>> response following an unsuccessful bind contains too much information, and
>> there does not seem to be a way to break it down into individual parts. I
>> am using ApacheDS 2.0.0-M18, and its response consists of three parts that
>> I am interested in:
>> 1) The very first line of a diagnostic message, which may look something
>> like this:
>>        *Diagnostic message : 'INVALID_CREDENTIALS: Bind failed: account
>> was
>> permanently locked*
>> 2) The exception stack that follows immediately after the line in 1.
>> 3) Bind request, which is at the tail end of the response.
>>
>> Here are my issues.
>> 1) There is no way to isolate the first line, which should really be
>> equivalent to Exception.getMessage(). For instance, if some remote
>> web-based client fails to login into my web application, there is no way
>> to
>> specifically notify him about the problem, as I am forced to send him the
>> entire three-part response, which is too much to display in a popup.
>>
> looks like the server is running with DEBUG log level on, in this case
server appends the stacktrace to the above mentioned single diagnostic
message line.

> 2) The exception stack should be retrieved the same way that all stacks are
>> instead of being part of the actual message.
>>
> the exception produced on the server cannot be filled into the exception
on the client side,
client will always have a different stacktrace

> 3) The bind request portion at the end of the response contains a password
>> in cleartext. Typically I would not mind it. But since there is no way to
>> break down the response, I am forced to send this back to the client along
>> with the other two response parts, creating a possible security problem.
>>
>> this was already fixed[1] a while ago and released with M24.

you may consider upgrading to the latest version, 1.0.0-M29, which was
recently released,

[1] https://issues.apache.org/jira/browse/DIRAPI-197

> My question is if there is a way to retrieve individual portions of the
>> response? I have looked through the API and could not figure it out. If
>> there is no way, is there perhaps an intention in the future releases to
>> break the response down into the parts I mentioned earlier?
>>
>  I am going to look into this during the next weekend
>
>>
>> Thank you.
>>
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>



-- 
Kiran Ayyagari
http://keydap.com

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message