LDAP configuration property ldap.user.searchBase (when not empty) makes login
impossible
----------------------------------------------------------------------------------------
Key: JS2-1030
URL: https://issues.apache.org/jira/browse/JS2-1030
Project: Jetspeed 2
Issue Type: Bug
Components: LDAP
Affects Versions: 2.2.0
Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2
(also tested with ApacheDS 1.5.4)
Reporter: Aysegul Aydin Isiktekin
LDAP configuration property ldap.user.searchBase makes login impossible. When
left empty, login is possible. But, when specified as:
ldap.user.searchBase=ou=Peoples
Exception occurs:
----------------------------
WARNING: Login exception authenticating username "admin"
javax.security.auth.login.LoginException: javax.naming.NameNotFoundException:
[LDAP: error code 32 - failed on search operation: ou=Peoples:
SearchRequest
baseDn : 'ou=Peoples'
filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
scope : whole subtree
typesOnly : false
no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName',
'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames',
'objectClass'
:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: ou=Peoples
at
org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
at
org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
at
org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
---- more
----------------------------
>From the exception and the logs of ApacheDS LDAP server, I can deduce the
>baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is
>'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
ldap.user.searchBase=ou=Peoples,o=lbs
Another Exception occurs:
-------------------------
WARNING: Login exception authenticating username "admin"
javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on
search operation: Attempt to search under non-existant entry:
2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
SearchRequest
baseDn : 'ou=Peoples,o=lbs,o=lbs'
filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson)
(0.9.2342.19200300.100.1.1=admin) ) ) '
scope : whole subtree
typesOnly : false
no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes :
:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt
to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
at
org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
at
org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
---more
-------------------------
When debugging code, I figured out getSearchDomain() method of
org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not
working properly. So when specifying the search base without ldap.base
suffixed, search (lookupByUid(String userName) method) fails since ldap.base
(o=lbs) is not added to search domain. But when specifying the search base with
ldap.base added, this time getUser(String userName) method fails, since it adds
ldap.base once more resulting in invalid search string 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
