ConfX created HADOOP-19340:
------------------------------
Summary: Unrecognized SSL message error in LDAPGroupMappings
Key: HADOOP-19340
URL: https://issues.apache.org/jira/browse/HADOOP-19340
Project: Hadoop Common
Issue Type: Bug
Components: common
Affects Versions: 3.4.1
Reporter: ConfX
Assignee: ConfX
h3. What Happened:
Got an unrecognized SSL message error instead of the expected LDAP response
read timeout when hadoop.security.group.mapping.ldap.ssl is set to true.
h3. Buggy Code:
{code:java}
try (ServerSocket serverSock = new ServerSocket(0)) { // -> ServerSocket is not
configured to accept SSL communication.
final CountDownLatch finLatch = new CountDownLatch(1);
final Thread ldapServer = new Thread(new Runnable() {
@Override
public void run() {
try {
try (Socket clientSock = serverSock.accept()) {
IOUtils.skipFully(clientSock.getInputStream(), 1);
clientSock.getOutputStream().write(AUTHENTICATE_SUCCESS_MSG);
finLatch.await();
}
} catch (Exception e) {
e.printStackTrace();
}
}
});
ldapServer.start(); {code}
h3. Stack Trace:
{code:java}
Expected to find 'LDAP response read timed out, timeout used' but got
unexpected exception: javax.naming.CommunicationException: localhost:36143
[Root exception is javax.net.ssl.SSLException: Unsupported or unrecognized SSL
message]
at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:250)
at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
at
java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1616)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266)
at
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
at
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284)
at
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
at
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
at
java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
at
java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at
java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
at
org.apache.hadoop.security.TestLdapGroupsMappingBase$DummyLdapCtxFactory.getInitialContext(TestLdapGroupsMappingBase.java:241)
{code}
h3. How to Reproduce:
(1) Set hadoop.security.group.mapping.ldap.ssl to true
(2) Run test:
org.apache.hadoop.security.TestLdapGroupsMapping#testLdapReadTimeout
h3. Notes:
I don't have a patch/fix for this yet, I am working on it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
