[ https://issues.apache.org/jira/browse/DIRSERVER-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-1743: ----------------------------------------- Fix Version/s: (was: 2.0.0-M9) 2.0.0-M10 > ReplicationConsumerImpl fails to connect when startTLS is enabled > ----------------------------------------------------------------- > > Key: DIRSERVER-1743 > URL: https://issues.apache.org/jira/browse/DIRSERVER-1743 > Project: Directory ApacheDS > Issue Type: Bug > Components: ldap > Affects Versions: 2.0.0-M7 > Environment: All > Reporter: Paul Bayliss > Labels: patch > Fix For: 2.0.0-M10 > > Attachments: ReplicationConsumerImpl.diff > > > When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled > the first connection attempt fails with the the exception below. This occurs > because there is no TCP connection established when the LDAP Start TLS > extended request is attempted. > 16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to > bind with the given bindDN and credentials > org.apache.directory.ldap.client.api.exception.InvalidConnectionException: > Cannot connect on the server, the connection is null > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at > org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at > org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at > org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at > org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at java.lang.Thread.run(Thread.java:680)[:1.6.0_33] > Subsequent connection attempts fail if confidentiality is enabled as the > ReplicationConsumerImpl connect() code bypasses the startTLS if the > LdapNetworkConnection has already been created. This results in the following > exception. > 16:42:09,452 | WARN | Thread-24 | ReplicationConsumerImpl[244] > org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException: > Confidentiality (TLS secured connection) is required. > at > org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12] > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at > org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12] > at > org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at > org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at > org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7] > at java.lang.Thread.run(Thread.java:680)[:1.6.0_33] > A fix to both exceptions is to ensure that the LDAPNetworkConnection > startTls() call is preceeded with a call to LDAPNetworkConnection connect() > and and also ensure that if startTLS is enabled, the calls to connect() and > startTls() are made for each ReplicationConsumerImpl connection attempt. > I will attach an svn diff of the fix that works within my development > environment. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira