[
https://issues.apache.org/jira/browse/JS2-1030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ate Douma reassigned JS2-1030:
------------------------------
Assignee: Ate Douma (was: Vivek Kumar)
> LDAP configuration property ldap.user.searchBase (when not empty) makes login
> impossible
> ----------------------------------------------------------------------------------------
>
> Key: JS2-1030
> URL: https://issues.apache.org/jira/browse/JS2-1030
> Project: Jetspeed 2
> Issue Type: Bug
> Components: LDAP
> Affects Versions: 2.2.0
> Environment: Windows XP, JRE 1.6.0.11, Tomcat 6.0.18, Apache DS 1.0.2
> (also tested with ApacheDS 1.5.4)
> Reporter: Aysegul Aydin Isiktekin
> Assignee: Ate Douma
>
> LDAP configuration property ldap.user.searchBase makes login impossible. When
> left empty, login is possible. But, when specified as:
> ldap.user.searchBase=ou=Peoples
> Exception occurs:
> ----------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: javax.naming.NameNotFoundException:
> [LDAP: error code 32 - failed on search operation: ou=Peoples:
> SearchRequest
> baseDn : 'ou=Peoples'
> filter : '(& (2.5.4.3=admin) (2.5.4.0=person) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes : 'javaCodeBase', 'javaReferenceAddress', 'javaClassName',
> 'javaSerializedData', 'javaRemoteLocation', 'javaFactory', 'javaClassNames',
> 'objectClass'
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException:
> ou=Peoples
> at
> org.apache.directory.server.core.partition.DefaultPartitionNexus.getBackend(DefaultPartitionNexus.java:987)
> at
> org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:920)
> at
> org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:157)
> ---- more
> ----------------------------
> From the exception and the logs of ApacheDS LDAP server, I can deduce the
> baseDn='ou=Peoples' cannot be found. It makes sense since the entry's dn is
> 'ou=Peoples,o=lbs' not 'ou=Peoples'. When specified as:
> ldap.user.searchBase=ou=Peoples,o=lbs
> Another Exception occurs:
> -------------------------
> WARNING: Login exception authenticating username "admin"
> javax.security.auth.login.LoginException: [LDAP: error code 32 - failed on
> search operation: Attempt to search under non-existant entry:
> 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs:
> SearchRequest
> baseDn : 'ou=Peoples,o=lbs,o=lbs'
> filter : '(& (2.5.4.0=inetorgperson) (& (2.5.4.0=inetorgperson)
> (0.9.2342.19200300.100.1.1=admin) ) ) '
> scope : whole subtree
> typesOnly : false
> no limit
> Time Limit : no limit
> Deref Aliases : deref Always
> attributes :
> :
> org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Attempt
> to search under non-existant entry: 2.5.4.11=peoples,2.5.4.10=lbs,2.5.4.10=lbs
> at
> org.apache.directory.server.core.exception.ExceptionService.assertHasEntry(ExceptionService.java:416)
> at
> org.apache.directory.server.core.exception.ExceptionService.search(ExceptionService.java:392)
> ---more
> -------------------------
> When debugging code, I figured out getSearchDomain() method of
> org.apache.jetspeed.security.impl.LdapAuthenticationProvider class is not
> working properly. So when specifying the search base without ldap.base
> suffixed, search (lookupByUid(String userName) method) fails since ldap.base
> (o=lbs) is not added to search domain. But when specifying the search base
> with ldap.base added, this time getUser(String userName) method fails, since
> it adds ldap.base once more resulting in invalid search string
> 'ou=Peoples,o=lbs,o=lbs'.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
