portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Updated: (JS2-1030) LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
Date Wed, 24 Feb 2010 16:30:28 GMT

     [ https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Ate Douma updated JS2-1030:
---------------------------

    Fix Version/s: 2.2.1

> LDAP configuration property ldap.user.searchBase (when not empty) makes login impossible
> ----------------------------------------------------------------------------------------
>
>                 Key: JS2-1030
>                 URL: https://issues.apache.org/jira/browse/JS2-1030
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: LDAP
>    Affects Versions: 2.2.0
>         Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2 (also tested
with ApacheDS 1.5.4)
>            Reporter: Aysegul Aydin Isiktekin
>            Assignee: Ate Douma
>             Fix For: 2.2.1
>
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When left empty,
login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException: [LDAP:
error code 32 - failed on search operation: ou=Peoples:
>     SearchRequest
>         baseDn : 'ou=Peoples'
>         filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
>         scope : whole subtree
>         typesOnly : false
> no limit
>         Time Limit : no limit
>         Deref Aliases : deref Always
>         attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName', 'javaSerializedData',
'javaRemoteLocation', 'javaFactory', 'javaClassNames', 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
> 	at org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> 	at org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> 	at org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the baseDn='ou=Peoples'
cannot be found. It makes sense since the entry's dn is 'ou=Peoples,o=lbs' not 'ou=Peoples'.
 When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on search operation:
Attempt to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
>     SearchRequest
>         baseDn : 'ou=Peoples,o=lbs,o=lbs'
>         filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson) (0.9.2342.19200300.100.1.1=admin)
) ) '
>         scope : whole subtree
>         typesOnly : false
> no limit
>         Time Limit : no limit
>         Deref Aliases : deref Always
>         attributes : 
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt to search
under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> 	at org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> 	at org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of org.apache.jetspeed.security.impl.LdapAuthenticationProvider
class is not working properly. So when specifying the search base without ldap.base suffixed,
search (lookupByUid(String userName) method) fails since ldap.base (o=lbs) is not added to
search domain. But when specifying the search base with ldap.base added, this time getUser(String
userName) method fails, since it adds ldap.base once more resulting in invalid search string
'ou=Peoples,o=lbs,o=lbs'.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message