I have an ADLDS instance on a server running James beta2 I had been using to
provide the user repository for James. Previously, I was using the attribute
'uid' for the userIdAttribute in the configuration. When upgrading to beta4,
this no longer works. When attempting to login, I get an 'Unable to retrieve
user from ldap' error, with the following exception showing in the
userrepository log:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr:
DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'OU=Users,DC=SYSTEM,DC=DOMAIN,DC=ORG'
]; remaining name 'uid=cbrown,ou=users,dc=system,dc=domain,dc=org'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
at
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at
org.apache.james.util.retry.naming.directory.RetryingDirContext$24.operation(RetryingDirContext.java:473)
at
org.apache.james.util.retry.ExceptionRetryHandler.perform(ExceptionRetryHandler.java:84)
at
org.apache.james.util.retry.naming.NamingExceptionRetryHandler.perform(NamingExceptionRetryHandler.java:58)
at
org.apache.james.util.retry.naming.directory.RetryingDirContext.search(RetryingDirContext.java:468)
at
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.buildUser(ReadOnlyUsersLDAPRepository.java:575)
at
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.getUserByName(ReadOnlyUsersLDAPRepository.java:648)
at
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.test(ReadOnlyUsersLDAPRepository.java:737)
at
org.apache.james.adapter.mailbox.store.UserRepositoryAuthenticator.isAuthentic(UserRepositoryAuthenticator.java:51)
at
org.apache.james.mailbox.store.StoreMailboxManager.login(StoreMailboxManager.java:269)
at
org.apache.james.mailbox.store.StoreMailboxManager.login(StoreMailboxManager.java:276)
at
org.apache.james.imap.processor.AbstractAuthProcessor.doAuth(AbstractAuthProcessor.java:56)
at
org.apache.james.imap.processor.LoginProcessor.doProcess(LoginProcessor.java:57)
at
org.apache.james.imap.processor.LoginProcessor.doProcess(LoginProcessor.java:37)
at
org.apache.james.imap.processor.AbstractMailboxProcessor.doProcess(AbstractMailboxProcessor.java:100)
at
org.apache.james.imap.processor.AbstractMailboxProcessor.process(AbstractMailboxProcessor.java:89)
at
org.apache.james.imap.processor.AbstractMailboxProcessor.doProcess(AbstractMailboxProcessor.java:83)
at
org.apache.james.imap.processor.AbstractMailboxProcessor.doProcess(AbstractMailboxProcessor.java:66)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:52)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
at
org.apache.james.imapserver.netty.ImapChannelUpstreamHandler.messageReceived(ImapChannelUpstreamHandler.java:181)
at
org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
at
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
at
org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
at
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:327)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:305)
at
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:207)
at
org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
at
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
at
org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
at
org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.run(ChannelUpstreamEventRunnable.java:44)
at
org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor$ChildExecutor.run(OrderedMemoryAwareThreadPoolExecutor.java:312)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:619)
I believe the source of this error comes from the following location:
...
at
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.buildUser(ReadOnlyUsersLDAPRepository.java:575)
at
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.getUserByName(ReadOnlyUsersLDAPRepository.java:648)
...
Looking at the differences in the getUserByName method between beta2 (1) and
beta4 (2), the newer beta4 implementation calls buildUser, but instead of
passing in a user's DN (as called for by the builduser input parameter),
creates a pseudo-dn using the userIdAttribute and the supplied username. i.e. a
proper DN would be of the form "cn=Charlie Brown,
,ou=users,dc=system,dc=domain,dc=org" but getUserByName calls buildUser with
'uid=cbrown,ou=users,dc=system,dc=domain,dc=org'. This leads to a failure in
the LDAP lookup
Changing userIdAttribute to 'cn' and supplying the appropriate login
information does provide correct login, however it should be possible for users
to specify a different attribute for login purposes.
Links to referenced source for comparison:
(1)
http://svn.apache.org/repos/asf/james/server/tags/james-server-3.0-beta2/ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java
(2)
https://svn.apache.org/repos/asf/james/server/tags/james-server-3.0-beta4/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java
Kevin
