[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705279#comment-17705279
]
Emmanuel Lécharny commented on DIRAPI-387:
--
FTR, I'm going to cut a release (2.1.3) quite soon (in the coming days or a
couple of weeks).
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705250#comment-17705250
]
Natan Abolafya commented on DIRAPI-387:
---
Awesome! Thank you very much.
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705248#comment-17705248
]
Emmanuel Lécharny commented on DIRAPI-387:
--
Ok, committed (954301913).
The {{PasswordException}} should now contain the Diagnostic message.
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705245#comment-17705245
]
Emmanuel Lécharny commented on DIRAPI-387:
--
The {{AbstractPasswordPolicyResponder.fail}} method should look like:
{code}
protected PasswordException fail( ResultResponse resultResponse,
PasswordPolicyResponse passwordPolicyResponse, ResultCodeEnum
resultCode )
{
PasswordException exception = new PasswordException(
resultResponse.getLdapResult().getDiagnosticMessage() );
exception.setResultCode( resultCode );
...
{code}
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705243#comment-17705243
]
Emmanuel Lécharny commented on DIRAPI-387:
--
No, it's just the LDAP response sent by the remote server. I now understand
what you mean.
Actually, the PasswordException does not include the diagnostic message because
it's not in a {{LdapException}}, but in the {{ResultResponse}}, and we don't
use it.
I'll see how we can inject the info in the {{PasswordException}}
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705236#comment-17705236
]
Natan Abolafya commented on DIRAPI-387:
---
When I run the test, I can see this message in the logs however.
Message ID : 7
BindResponse
Ldap Result
Result code : (INVALID_CREDENTIALS) invalidCredentials
Matched Dn : ''
Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
AcceptSecurityContext error, data 533, v4563 ')
Could it be that this message is received in the wrong thread/scope or
something like that?
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705224#comment-17705224
]
Emmanuel Lécharny commented on DIRAPI-387:
--
Thanks !
Yep, in this very case, we don't have any {{LdapExcveption}} to propagate:
{code}
LdapConnectionTemplate.java:212:
...return authenticateConnection( connection, userDn, password );
{code}
{code}
LdapConnectionTemplate.java:228:
private PasswordWarning authenticateConnection( final LdapConnection
connection,
final Dn userDn, final char[] password ) throws PasswordException
{
return passwordPolicyResponder.process(
new PasswordPolicyOperation()
{
@Override
public ResultResponse process() throws LdapException
{
...
}
} );
}
{code}
{code}
AbstractPasswordPolicyResponder.java:121:
/**
* {@inheritDoc}
*/
@Override
public final PasswordWarning process( PasswordPolicyOperation operation )
throws PasswordException
{
try
{
ResultResponse response = operation.process();
PasswordPolicyResponse passwordPolicyResponse = getPasswordPolicy(
response );
ResultCodeEnum resultCode =
response.getLdapResult().getResultCode();
if ( resultCode == ResultCodeEnum.SUCCESS )
{
return success( passwordPolicyResponse );
}
else
{
throw fail( response, passwordPolicyResponse, resultCode );
<<
}
}
{code}
{code}
AbstractPasswordPolicyResponder.java:80:
protected PasswordException fail( ResultResponse resultResponse,
PasswordPolicyResponse passwordPolicyResponse, ResultCodeEnum
resultCode )
{
PasswordException exception = new PasswordException();
exception.setResultCode( resultCode );
if ( passwordPolicyResponse != null
&& passwordPolicyResponse.getPasswordPolicyError() != null )
{
exception.setPasswordPolicyError(
passwordPolicyResponse.getPasswordPolicyError() );
}
return exception;
}
{code}
So bottom line: we return the information we get from the server...
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705220#comment-17705220
]
Natan Abolafya commented on DIRAPI-387:
---
{code:java}
org.apache.directory.ldap.client.template.exception.PasswordException
at
org.apache.directory.ldap.client.template.AbstractPasswordPolicyResponder.fail(AbstractPasswordPolicyResponder.java:80)
at
org.apache.directory.ldap.client.template.AbstractPasswordPolicyResponder.process(AbstractPasswordPolicyResponder.java:121)
at
org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticateConnection(LdapConnectionTemplate.java:228)
at
org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticate(LdapConnectionTemplate.java:212)
at
org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticate(LdapConnectionTemplate.java:198)
at
org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticate(LdapConnectionTemplate.java:171)
..our code
{code}
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705217#comment-17705217
]
Emmanuel Lécharny commented on DIRAPI-387:
--
Do you have the stack trace?
One of the reason we don't have the {{LdapException}} set would be that we
don't add it, like in:
{code}
/**
* {@inheritDoc}
*/
@Override
public PasswordWarning authenticate( SearchRequest searchRequest, char[]
password ) throws PasswordException
{
Dn userDn = searchFirst( searchRequest, DN_ENTRY_MAPPER );
if ( userDn == null )
{
throw new PasswordException().setResultCode(
ResultCodeEnum.INVALID_CREDENTIALS );
}
return authenticate( userDn, password );
}
{code}
Note that in this very case, we don't have the root cause. I'd like to know if
we are using this piece of code (in {{LdapConnectionTemplate}})
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705209#comment-17705209
]
Natan Abolafya commented on DIRAPI-387:
---
Hi! Thanks Emmanuel.
Yes, that's normally the case when we get an *LdapException* but not the case
in {*}PasswordException{*}. It has an *ldapException* field but it is null. At
least as far as I can see. Check the debug screenshot I have attached on the
issue.
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705201#comment-17705201
]
Emmanuel Lécharny commented on DIRAPI-387:
--
Hi ! Sorry for the mate comment...
The way it works is that we store whatever the LDAP server returns in the
Diagnostic message:
```
/**
* The action used to set the LdapResult error message.
*
*
* LDAPResult ::= SEQUENCE {
* ...
* errorMessage LDAPString,
* ...
*
* @author mailto:dev@directory.apache.org;>Apache Directory
Project
*/
public class StoreErrorMessage extends
GrammarAction>
{
/** The logger */
private static final Logger LOG = LoggerFactory.getLogger(
StoreErrorMessage.class );
/**
* Instantiates a new error message action.
*/
public StoreErrorMessage()
{
super( "Store error message" );
}
/**
* {@inheritDoc}
*/
@Override
public void action( LdapMessageContainer container )
{
// Get the Value and store it in the BindResponse
TLV tlv = container.getCurrentTLV();
String errorMessage;
// We have to handle the special case of a 0 length error
// message
if ( tlv.getLength() == 0 )
{
errorMessage = "";
}
else
{
errorMessage = Strings.utf8ToString( tlv.getValue().getData() );
}
LdapResult ldapResult = container.getLdapResult();
ldapResult.setDiagnosticMessage( errorMessage );
```
so we can't provide more than what the remote server gives...
The ```LdapException``` is just encapsulating the result and is thrown, it
won't bring anything more.
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[
https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17651219#comment-17651219
]
Natan Abolafya commented on DIRAPI-387:
---
I am either really bad at Jira or I don't have edit rights. I just realized the
issue lacks this context:
The PasswordException in this case is triggered by
*LdapConnectionTemplate.authenticate* call.
> More info on PasswordException
> --
>
> Key: DIRAPI-387
> URL: https://issues.apache.org/jira/browse/DIRAPI-387
> Project: Directory Client API
> Issue Type: Improvement
>Reporter: Natan Abolafya
>Priority: Minor
> Attachments: debug.png
>
>
> It would be nice to get more info on PasswordException.
> Here is a response coming from Active Directory.
>
> {code:java}
> Message ID : 7
> BindResponse
> Ldap Result
> Result code : (INVALID_CREDENTIALS) invalidCredentials
> Matched Dn : ''
> Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment:
> AcceptSecurityContext error, data 533, v4563 '
> ){code}
>
>
> The information in Diagnostic message can be quite useful sometimes. In this
> case, the "data 533" means the account is disabled which would be quite
> useful information for diagnostics. I am attaching how the exception looks
> like on debugger also.
>
> Normal LdapExceptions have this information but not the PasswordException. It
> would be really nice to add it.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org
