Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #1253 (closed)

Opened 15 years ago

Closed 12 years ago

Bug: LDAP password checks throws exception

Reported by: jamoore Owned by: jamoore
Priority: major Milestone: OMERO-4.4.4
Component: Configuration Version: 3.0-M1
Keywords: ldap Cc: atarkowska, sylittlewood, bpindelski
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2012-09-11 (4)

Description (last modified by jmoore)

The following was thrown because the omero.ldap.username was an invalid dn. Perhaps this could be checked earlier, and even prevent the server from starting up?

2009-03-19 14:11:45,864 INFO  [        ome.services.util.ServiceHandler] (l.Server-3)  Excp:    org.springframework.ldap.InvalidNameException: [LDAP: error code 34 - i
nvalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
2009-03-19 14:11:45,864 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-3) Exception thrown while checking password for:test
ome.conditions.InternalException:  Wrapped Exception: (org.springframework.ldap.InvalidNameException):
[LDAP: error code 34 - invalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
        at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)
        at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:235)
        at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:107)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:266)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:234)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:583)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:497)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:447)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:468)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:486)
        at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:169)
        at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:446)
        at ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:93)
        at ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42)
        at ome.logic.AdminImpl.checkPassword(AdminImpl.java:915)

Change History (20)

comment:1 Changed 15 years ago by jmoore

  • Description modified (diff)

comment:2 Changed 15 years ago by jmoore

  • Owner changed from jmoore to atarkowska

Could you look into this when you get a chance, Ola?

comment:3 Changed 15 years ago by atarkowska

  • Milestone changed from Unscheduled to OMERO-Beta4.1

comment:4 Changed 15 years ago by atarkowska

  • Milestone changed from OMERO-Beta4.1 to OMERO-Beta4.2

comment:5 Changed 14 years ago by jmoore

  • Type changed from Bug to Task

comment:6 Changed 14 years ago by jmoore

  • Sprint set to 2010-04-16 (7)

comment:7 Changed 14 years ago by cxallan

  • Sprint changed from 2010-04-16 (7) to 2010-04-30 (8)

comment:8 Changed 14 years ago by jmoore

  • Sprint changed from 2010-04-30 (8) to 2010-05-13 (9)

comment:9 Changed 14 years ago by cxallan

  • Sprint changed from 2010-05-13 (9) to 2010-05-27 (10)

comment:10 Changed 14 years ago by jmoore

  • Status changed from new to assigned

comment:11 Changed 14 years ago by cxallan

  • Sprint changed from 2010-05-27 (10) to 2010-06-10 (11)

comment:12 Changed 14 years ago by jburel

  • Sprint changed from 2010-06-10 (11) to 2010-06-24 (12)

comment:13 Changed 14 years ago by jmoore

  • Component changed from General to Configuration
  • Milestone changed from OMERO-Beta4.2 to Unscheduled
  • Priority changed from major to minor
  • Sprint 2010-06-24 (12) deleted

Haven't reproduced. Pushing.

comment:14 Changed 13 years ago by atarkowska

  • Status changed from assigned to new

comment:15 Changed 12 years ago by jmoore

  • Cc sylittlewood added
  • Keywords ldap added
  • Owner atarkowska deleted
  • Priority changed from minor to major
  • Summary changed from LDAP password checks throws exception to Bug: LDAP password checks throws exception

comment:16 Changed 12 years ago by jmoore

  • Cc bpindelski added
  • Milestone changed from Unscheduled to OMERO-4.4.2
  • Sprint set to 2012-08-28 (3)

This should be very doable during the other LDAP work.

comment:17 Changed 12 years ago by jmoore

  • Sprint changed from 2012-08-28 (3) to 2012-09-11 (4)

next sprint will focus on LDAP.

comment:18 Changed 12 years ago by jmoore

  • Owner set to jmoore
  • Remaining Time set to 0.25
  • Status changed from new to accepted

comment:19 Changed 12 years ago by jmoore

In testing, I reproduced with

    <security:ldap-server root="ou=testInit,ou=initGroup"
        ldif="classpath:ome/services/ldapinit/testInit/*.ldif"
        manager-dn="uid=admin,ou=system"
        manager-password="nevergonnaguessit"/>

and got 

org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system:
org.apache.directory.shared.ldap.exception.LdapAuthenticationException: ERR_229 Cannot authenticate user uid=admin,ou=system
	at org.apache.directory.server.core.authn.AuthenticationInterceptor.bind(AuthenticationInterceptor.java:518)
	at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1383)
	at org.apache.directory.server.core.normalization.NormalizationInterceptor.bind(NormalizationInterceptor.java:320)
	at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:779)
	at org.apache.directory.server.core.DefaultOperationManager.bind(DefaultOperationManager.java:286)
	at org.apache.directory.server.ldap.handlers.BindHandler.handleSimpleAuth(BindHandler.java:174)
	at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:603)
	at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:63)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:196)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:60)
	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
	at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:193)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
	at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
	at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
	at java.lang.Thread.run(Thread.java:680)


BindRequest = 
    BindRequest
        Version : '3'
        Name : 'uid=admin,ou=system'
        Simple authentication : 'nevergonnaguessit/0x6E 0x65 0x76 0x65 0x72 0x67 0x6F 0x6E 0x6E 0x61 0x67 0x75 0x65 0x73 0x73 0x69 0x74 '
]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system:
org.apache.directory.shared.ldap.exception.LdapAuthenticationException: ERR_229 Cannot authenticate user uid=admin,ou=system
	at org.apache.directory.server.core.authn.AuthenticationInterceptor.bind(AuthenticationInterceptor.java:518)
	at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1383)
	at org.apache.directory.server.core.normalization.NormalizationInterceptor.bind(NormalizationInterceptor.java:320)
	at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:779)
	at org.apache.directory.server.core.DefaultOperationManager.bind(DefaultOperationManager.java:286)
	at org.apache.directory.server.ldap.handlers.BindHandler.handleSimpleAuth(BindHandler.java:174)
	at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:603)
	at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:63)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:196)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:60)
	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
	at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:193)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
	at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
	at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
	at java.lang.Thread.run(Thread.java:680)


BindRequest = 
    BindRequest
        Version : '3'
        Name : 'uid=admin,ou=system'
        Simple authentication : 'nevergonnaguessit/0x6E 0x65 0x76 0x65 0x72 0x67 0x6F 0x6E 0x6E 0x61 0x67 0x75 0x65 0x73 0x73 0x69 0x74 '
]
	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180)
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
	at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
	at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125)
	at ome.logic.LdapImpl.getBase(LdapImpl.java:559)
	at ome.logic.LdapImpl.getContextMapper(LdapImpl.java:519)
	at ome.logic.LdapImpl.findDN(LdapImpl.java:173)
	at ome.services.ldap.LdapTest.assertPasses(LdapTest.java:209)
	at ome.services.ldap.LdapTest.testLdiffFile(LdapTest.java:125)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:80)
	at org.testng.internal.Invoker.invokeMethod(Invoker.java:691)
	at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:883)
	at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1208)
	at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:127)
	at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111)
	at org.testng.TestRunner.privateRun(TestRunner.java:758)
	at org.testng.TestRunner.run(TestRunner.java:613)
	at org.testng.SuiteRunner.runTest(SuiteRunner.java:334)
	at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329)
	at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291)
	at org.testng.SuiteRunner.run(SuiteRunner.java:240)
	at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:53)
	at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:87)
	at org.testng.TestNG.runSuitesSequentially(TestNG.java:1142)
	at org.testng.TestNG.runSuitesLocally(TestNG.java:1067)
	at org.testng.TestNG.run(TestNG.java:979)
	at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:109)
	at org.testng.remote.RemoteTestNG.initAndRun(RemoteTestNG.java:202)
	at org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:173)
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system:
org.apache.directory.shared.ldap.exception.LdapAuthenticationException: ERR_229 Cannot authenticate user uid=admin,ou=system
	at org.apache.directory.server.core.authn.AuthenticationInterceptor.bind(AuthenticationInterceptor.java:518)
	at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1383)
	at org.apache.directory.server.core.normalization.NormalizationInterceptor.bind(NormalizationInterceptor.java:320)
	at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:779)
	at org.apache.directory.server.core.DefaultOperationManager.bind(DefaultOperationManager.java:286)
	at org.apache.directory.server.ldap.handlers.BindHandler.handleSimpleAuth(BindHandler.java:174)
	at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:603)
	at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:63)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:196)
	at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:60)
	at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232)
	at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:193)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46)
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793)
	at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71)
	at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480)
	at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434)
	at java.lang.Thread.run(Thread.java:680)


BindRequest = 
    BindRequest
        Version : '3'
        Name : 'uid=admin,ou=system'
        Simple authentication : 'nevergonnaguessit/0x6E 0x65 0x76 0x65 0x72 0x67 0x6F 0x6E 0x6E 0x61 0x67 0x75 0x65 0x73 0x73 0x69 0x74 '
]
	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013)
	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815)
	at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729)
	at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
	at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
	at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
	at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66)
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
	at javax.naming.InitialContext.init(InitialContext.java:223)
	at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134)
	at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43)
	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254)
	... 31 more

comment:20 Changed 12 years ago by jmoore

  • Remaining Time changed from 0.25 to 0
  • Resolution set to fixed
  • Status changed from accepted to closed

Pushed to https://github.com/openmicroscopy/openmicroscopy/pull/326 for QA.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.87697 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!