[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705279#comment-17705279 ] Emmanuel Lécharny commented on DIRAPI-387: -- FTR, I'm going to cut a release (2.1.3) quite soon (in the coming days or a couple of weeks). > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705250#comment-17705250 ] Natan Abolafya commented on DIRAPI-387: --- Awesome! Thank you very much. > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705248#comment-17705248 ] Emmanuel Lécharny commented on DIRAPI-387: -- Ok, committed (954301913). The {{PasswordException}} should now contain the Diagnostic message. > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705245#comment-17705245 ] Emmanuel Lécharny commented on DIRAPI-387: -- The {{AbstractPasswordPolicyResponder.fail}} method should look like: {code} protected PasswordException fail( ResultResponse resultResponse, PasswordPolicyResponse passwordPolicyResponse, ResultCodeEnum resultCode ) { PasswordException exception = new PasswordException( resultResponse.getLdapResult().getDiagnosticMessage() ); exception.setResultCode( resultCode ); ... {code} > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705243#comment-17705243 ] Emmanuel Lécharny commented on DIRAPI-387: -- No, it's just the LDAP response sent by the remote server. I now understand what you mean. Actually, the PasswordException does not include the diagnostic message because it's not in a {{LdapException}}, but in the {{ResultResponse}}, and we don't use it. I'll see how we can inject the info in the {{PasswordException}} > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705236#comment-17705236 ] Natan Abolafya commented on DIRAPI-387: --- When I run the test, I can see this message in the logs however. Message ID : 7 BindResponse Ldap Result Result code : (INVALID_CREDENTIALS) invalidCredentials Matched Dn : '' Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 533, v4563 ') Could it be that this message is received in the wrong thread/scope or something like that? > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705224#comment-17705224 ] Emmanuel Lécharny commented on DIRAPI-387: -- Thanks ! Yep, in this very case, we don't have any {{LdapExcveption}} to propagate: {code} LdapConnectionTemplate.java:212: ...return authenticateConnection( connection, userDn, password ); {code} {code} LdapConnectionTemplate.java:228: private PasswordWarning authenticateConnection( final LdapConnection connection, final Dn userDn, final char[] password ) throws PasswordException { return passwordPolicyResponder.process( new PasswordPolicyOperation() { @Override public ResultResponse process() throws LdapException { ... } } ); } {code} {code} AbstractPasswordPolicyResponder.java:121: /** * {@inheritDoc} */ @Override public final PasswordWarning process( PasswordPolicyOperation operation ) throws PasswordException { try { ResultResponse response = operation.process(); PasswordPolicyResponse passwordPolicyResponse = getPasswordPolicy( response ); ResultCodeEnum resultCode = response.getLdapResult().getResultCode(); if ( resultCode == ResultCodeEnum.SUCCESS ) { return success( passwordPolicyResponse ); } else { throw fail( response, passwordPolicyResponse, resultCode ); << } } {code} {code} AbstractPasswordPolicyResponder.java:80: protected PasswordException fail( ResultResponse resultResponse, PasswordPolicyResponse passwordPolicyResponse, ResultCodeEnum resultCode ) { PasswordException exception = new PasswordException(); exception.setResultCode( resultCode ); if ( passwordPolicyResponse != null && passwordPolicyResponse.getPasswordPolicyError() != null ) { exception.setPasswordPolicyError( passwordPolicyResponse.getPasswordPolicyError() ); } return exception; } {code} So bottom line: we return the information we get from the server... > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705220#comment-17705220 ] Natan Abolafya commented on DIRAPI-387: --- {code:java} org.apache.directory.ldap.client.template.exception.PasswordException at org.apache.directory.ldap.client.template.AbstractPasswordPolicyResponder.fail(AbstractPasswordPolicyResponder.java:80) at org.apache.directory.ldap.client.template.AbstractPasswordPolicyResponder.process(AbstractPasswordPolicyResponder.java:121) at org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticateConnection(LdapConnectionTemplate.java:228) at org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticate(LdapConnectionTemplate.java:212) at org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticate(LdapConnectionTemplate.java:198) at org.apache.directory.ldap.client.template.LdapConnectionTemplate.authenticate(LdapConnectionTemplate.java:171) ..our code {code} > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705217#comment-17705217 ] Emmanuel Lécharny commented on DIRAPI-387: -- Do you have the stack trace? One of the reason we don't have the {{LdapException}} set would be that we don't add it, like in: {code} /** * {@inheritDoc} */ @Override public PasswordWarning authenticate( SearchRequest searchRequest, char[] password ) throws PasswordException { Dn userDn = searchFirst( searchRequest, DN_ENTRY_MAPPER ); if ( userDn == null ) { throw new PasswordException().setResultCode( ResultCodeEnum.INVALID_CREDENTIALS ); } return authenticate( userDn, password ); } {code} Note that in this very case, we don't have the root cause. I'd like to know if we are using this piece of code (in {{LdapConnectionTemplate}}) > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705209#comment-17705209 ] Natan Abolafya commented on DIRAPI-387: --- Hi! Thanks Emmanuel. Yes, that's normally the case when we get an *LdapException* but not the case in {*}PasswordException{*}. It has an *ldapException* field but it is null. At least as far as I can see. Check the debug screenshot I have attached on the issue. > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17705201#comment-17705201 ] Emmanuel Lécharny commented on DIRAPI-387: -- Hi ! Sorry for the mate comment... The way it works is that we store whatever the LDAP server returns in the Diagnostic message: ``` /** * The action used to set the LdapResult error message. * * * LDAPResult ::= SEQUENCE { * ... * errorMessage LDAPString, * ... * * @author mailto:dev@directory.apache.org;>Apache Directory Project */ public class StoreErrorMessage extends GrammarAction> { /** The logger */ private static final Logger LOG = LoggerFactory.getLogger( StoreErrorMessage.class ); /** * Instantiates a new error message action. */ public StoreErrorMessage() { super( "Store error message" ); } /** * {@inheritDoc} */ @Override public void action( LdapMessageContainer container ) { // Get the Value and store it in the BindResponse TLV tlv = container.getCurrentTLV(); String errorMessage; // We have to handle the special case of a 0 length error // message if ( tlv.getLength() == 0 ) { errorMessage = ""; } else { errorMessage = Strings.utf8ToString( tlv.getValue().getData() ); } LdapResult ldapResult = container.getLdapResult(); ldapResult.setDiagnosticMessage( errorMessage ); ``` so we can't provide more than what the remote server gives... The ```LdapException``` is just encapsulating the result and is thrown, it won't bring anything more. > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org
[jira] [Commented] (DIRAPI-387) More info on PasswordException
[ https://issues.apache.org/jira/browse/DIRAPI-387?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17651219#comment-17651219 ] Natan Abolafya commented on DIRAPI-387: --- I am either really bad at Jira or I don't have edit rights. I just realized the issue lacks this context: The PasswordException in this case is triggered by *LdapConnectionTemplate.authenticate* call. > More info on PasswordException > -- > > Key: DIRAPI-387 > URL: https://issues.apache.org/jira/browse/DIRAPI-387 > Project: Directory Client API > Issue Type: Improvement >Reporter: Natan Abolafya >Priority: Minor > Attachments: debug.png > > > It would be nice to get more info on PasswordException. > Here is a response coming from Active Directory. > > {code:java} > Message ID : 7 > BindResponse > Ldap Result > Result code : (INVALID_CREDENTIALS) invalidCredentials > Matched Dn : '' > Diagnostic message : '80090308: LdapErr: DSID-0C090446, comment: > AcceptSecurityContext error, data 533, v4563 ' > ){code} > > > The information in Diagnostic message can be quite useful sometimes. In this > case, the "data 533" means the account is disabled which would be quite > useful information for diagnostics. I am attaching how the exception looks > like on debugger also. > > Normal LdapExceptions have this information but not the PasswordException. It > would be really nice to add it. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org