incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ilya musayev (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CLOUDSTACK-1142) Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter
Date Fri, 01 Feb 2013 23:44:12 GMT
ilya musayev created CLOUDSTACK-1142:
----------------------------------------

             Summary: Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter
                 Key: CLOUDSTACK-1142
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1142
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.1.0
         Environment: CentOS 6.3 with CloudStack 4.1 from git on 02/01/2013
            Reporter: ilya musayev
            Priority: Critical


While attempting to test the LdapConfig command, i was unable to succesefully execute the
API command due to 

{ "ldapconfigresponse" : {"errorcode":431,"cserrorcode":9999,"errortext":"queryfilter could
not be decoded, received value (sAMAccountName=%u) which contains illegal characters eg.%"}
}

This command i'm executing has worked successfully on 4.0, however its broken in latest 4.1
from git. Everything has been encoded properly and i use 8096 to bypass auth mechanism.

Is there a reason why "%" became an illegal character when i ran this command? Please update
the documentation if its no longer required to use "%" as in (sAMAccountName=%u) in query
filter with alternate solution.

If i alter the query filter and make it such that  (sAMAccountName=u)  is no longer there
- it works.

In my attempt to login with user that is on AD LDAP - i get this error:

java.lang.NullPointerException
	at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
	at com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:263)
	at com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:254)
	at com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:202)
	at com.cloud.server.auth.LDAPUserAuthenticator.authenticate(LDAPUserAuthenticator.java:117)
	at com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:1901)
	at com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1772)
	at com.cloud.api.ApiServer.loginUser(ApiServer.java:763)
	at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:218)
	at com.cloud.api.ApiServlet.doPost(ApiServlet.java:76)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
	at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
	at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
	at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
	at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
	at org.mortbay.jetty.Server.handle(Server.java:326)
	at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
	at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
	at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
	at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
	at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
	at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
	at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)

Thanks
ilya

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message