I'm working with Oracle to troubleshoot a bug we've encountered with their
JDK (1.8u231+) and LDAP errors. According to their analysis, they're
claiming that the problem lies with the ldaptive library being used by this
old (I know) version of CAS. More specifically that the subsequent JDKs
adhere to spec, and the ldaptive library appears to be testing for
unspecified behaviour. They are recommending I try a newer version of the
ldaptive library which does not appear to have the same code.
I added the following to our pom.xml:
<dependency>
<groupId>org.ldaptive</groupId>
<artifactId>ldaptive</artifactId>
<version>2.0.1</version>
</dependency>
When I ran "mvn clean package" I think it looked like it was including the
2.0.1 version of ldaptive in the build. However, it seems like I'm still
seeing LDAP problems. When I try to login, it will often result in the
errors such as the following being logged:
2021-01-27 12:10:56,974 DEBUG
[org.apereo.cas.authentication.LdapAuthenticationHandler] - <Attempting
LDAP authentication for baron>
2021-01-27 12:10:56,986 WARN [org.ldaptive.pool.BlockingConnectionPool] -
<connection failed check out validation:
org.ldaptive.pool.AbstractConnectionPool$DefaultPooledConnectionProxy@4b6106ff
>
2021-01-27 12:10:56,989 ERROR
[org.apereo.cas.authentication.PolicyBasedAuthenticationManager] -
<LdapAuthenticationHandler: Unexpected LDAP error (Details: Validation of
connection failed)>
Eventually the validation succeeds, then so does the authentication.
How can I verify which version of ldaptive is being used by CAS? I don't
think I saw anything indicating this in the logs. If I search for ldaptive
in my overlay work directory I find the following:
=====
$ grep -ilr ldaptive .
./target/cas.war
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/classes/log4j2.xml
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-1.2.0.jar
./target/war/work/org.apereo.cas/cas-server-webapp/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/classes/log4j2.xml
./target/cas/WEB-INF/lib/person-directory-impl-1.8.4.jar
./target/cas/WEB-INF/lib/ldaptive-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-1.2.0.jar
./target/cas/WEB-INF/lib/ldaptive-beans-2.0.1.jar
./target/cas/WEB-INF/lib/ldaptive-2.0.1.jar
./pom.xml
./etc/cas/config/log4j2.xml
=====
I see an ldaptive-2.0.1.jar and ldaptive-beans-2.0.1.jar, but
also ldaptive-1.2.0.jar and ldaptive-beans-1.2.0.jar. The 1.2.0 versions
are always present after the build even if I delete them first, so
something must be re-including them. How can I ensure that the new ldaptive
is used in place of the old one?
Unrelated, but I'm also seeing the following errors in the build now that
weren't present when I originally built this long ago:
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from
https://repo.spring.io/libs-snapshot was cached in the local repository,
resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error:
Could not transfer metadata
com.github.duosecurity:duo_client_java:-SNAPSHOT/maven-metadata.xml from/to
spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from https://repo.spring.io/libs-snapshot was cached in the local
repository, resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error:
Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-example-admin/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
[WARNING] Failure to transfer
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from https://repo.spring.io/libs-snapshot was cached in the local
repository, resolution will not be reattempted until the update interval of
spring-libs-snapshots has elapsed or updates are forced. Original error:
Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-example-admin:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
Downloading:
https://repo.spring.io/libs-snapshot/com/github/duosecurity/duo_client_java/duo-client-all/-SNAPSHOT/maven-metadata.xml
[WARNING] Could not transfer metadata
com.github.duosecurity.duo_client_java:duo-client-all:-SNAPSHOT/maven-metadata.xml
from/to spring-libs-snapshots (https://repo.spring.io/libs-snapshot): Not
authorized , ReasonPhrase:Unauthorized.
It seems prudent to resolve these build errors as well.
--
Baron Fujimoto <[email protected]> :: UH Information Technology Services
minutas cantorum, minutas balorum, minutas carboratum desendus pantorum
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL20VkUPAgFORD_Jb-nNaoNK_EiZb3uc_BfN8KF8gSyThg%40mail.gmail.com.
