Task #1253 (closed)
Opened 15 years ago
Closed 12 years ago
Bug: LDAP password checks throws exception
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-4.4.4 |
Component: | Configuration | Version: | 3.0-M1 |
Keywords: | ldap | Cc: | atarkowska, sylittlewood, bpindelski |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2012-09-11 (4) |
Description (last modified by jmoore)
The following was thrown because the omero.ldap.username was an invalid dn. Perhaps this could be checked earlier, and even prevent the server from starting up?
2009-03-19 14:11:45,864 INFO [ ome.services.util.ServiceHandler] (l.Server-3) Excp: org.springframework.ldap.InvalidNameException: [LDAP: error code 34 - i nvalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] 2009-03-19 14:11:45,864 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-3) Exception thrown while checking password for:test ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.InvalidNameException): [LDAP: error code 34 - invalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:235) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:107) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:266) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:234) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:583) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:497) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:447) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:468) at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:486) at ome.logic.LdapImpl.findExperimenter(LdapImpl.java:169) at ome.logic.LdapImpl.createUserFromLdap(LdapImpl.java:446) at ome.security.auth.LdapPasswordProvider.checkPassword(LdapPasswordProvider.java:93) at ome.security.auth.PasswordProviders.checkPassword(PasswordProviders.java:42) at ome.logic.AdminImpl.checkPassword(AdminImpl.java:915)
Change History (20)
comment:1 Changed 15 years ago by jmoore
- Description modified (diff)
comment:2 Changed 15 years ago by jmoore
- Owner changed from jmoore to atarkowska
comment:3 Changed 15 years ago by atarkowska
- Milestone changed from Unscheduled to OMERO-Beta4.1
comment:4 Changed 15 years ago by atarkowska
- Milestone changed from OMERO-Beta4.1 to OMERO-Beta4.2
comment:5 Changed 14 years ago by jmoore
- Type changed from Bug to Task
comment:6 Changed 14 years ago by jmoore
- Sprint set to 2010-04-16 (7)
comment:7 Changed 14 years ago by cxallan
- Sprint changed from 2010-04-16 (7) to 2010-04-30 (8)
comment:8 Changed 14 years ago by jmoore
- Sprint changed from 2010-04-30 (8) to 2010-05-13 (9)
comment:9 Changed 14 years ago by cxallan
- Sprint changed from 2010-05-13 (9) to 2010-05-27 (10)
comment:10 Changed 14 years ago by jmoore
- Status changed from new to assigned
comment:11 Changed 14 years ago by cxallan
- Sprint changed from 2010-05-27 (10) to 2010-06-10 (11)
comment:12 Changed 14 years ago by jburel
- Sprint changed from 2010-06-10 (11) to 2010-06-24 (12)
comment:13 Changed 14 years ago by jmoore
- Component changed from General to Configuration
- Milestone changed from OMERO-Beta4.2 to Unscheduled
- Priority changed from major to minor
- Sprint 2010-06-24 (12) deleted
Haven't reproduced. Pushing.
comment:14 Changed 13 years ago by atarkowska
- Status changed from assigned to new
comment:15 Changed 13 years ago by jmoore
- Cc sylittlewood added
- Keywords ldap added
- Owner atarkowska deleted
- Priority changed from minor to major
- Summary changed from LDAP password checks throws exception to Bug: LDAP password checks throws exception
comment:16 Changed 12 years ago by jmoore
- Cc bpindelski added
- Milestone changed from Unscheduled to OMERO-4.4.2
- Sprint set to 2012-08-28 (3)
This should be very doable during the other LDAP work.
comment:17 Changed 12 years ago by jmoore
- Sprint changed from 2012-08-28 (3) to 2012-09-11 (4)
next sprint will focus on LDAP.
comment:18 Changed 12 years ago by jmoore
- Owner set to jmoore
- Remaining Time set to 0.25
- Status changed from new to accepted
comment:19 Changed 12 years ago by jmoore
In testing, I reproduced with
<security:ldap-server root="ou=testInit,ou=initGroup" ldif="classpath:ome/services/ldapinit/testInit/*.ldif" manager-dn="uid=admin,ou=system" manager-password="nevergonnaguessit"/>
and got
org.springframework.ldap.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system: org.apache.directory.shared.ldap.exception.LdapAuthenticationException: ERR_229 Cannot authenticate user uid=admin,ou=system at org.apache.directory.server.core.authn.AuthenticationInterceptor.bind(AuthenticationInterceptor.java:518) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1383) at org.apache.directory.server.core.normalization.NormalizationInterceptor.bind(NormalizationInterceptor.java:320) at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:779) at org.apache.directory.server.core.DefaultOperationManager.bind(DefaultOperationManager.java:286) at org.apache.directory.server.ldap.handlers.BindHandler.handleSimpleAuth(BindHandler.java:174) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:603) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:63) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:196) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:60) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:193) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434) at java.lang.Thread.run(Thread.java:680) BindRequest = BindRequest Version : '3' Name : 'uid=admin,ou=system' Simple authentication : 'nevergonnaguessit/0x6E 0x65 0x76 0x65 0x72 0x67 0x6F 0x6E 0x6E 0x61 0x67 0x75 0x65 0x73 0x73 0x69 0x74 ' ]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system: org.apache.directory.shared.ldap.exception.LdapAuthenticationException: ERR_229 Cannot authenticate user uid=admin,ou=system at org.apache.directory.server.core.authn.AuthenticationInterceptor.bind(AuthenticationInterceptor.java:518) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1383) at org.apache.directory.server.core.normalization.NormalizationInterceptor.bind(NormalizationInterceptor.java:320) at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:779) at org.apache.directory.server.core.DefaultOperationManager.bind(DefaultOperationManager.java:286) at org.apache.directory.server.ldap.handlers.BindHandler.handleSimpleAuth(BindHandler.java:174) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:603) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:63) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:196) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:60) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:193) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434) at java.lang.Thread.run(Thread.java:680) BindRequest = BindRequest Version : '3' Name : 'uid=admin,ou=system' Simple authentication : 'nevergonnaguessit/0x6E 0x65 0x76 0x65 0x72 0x67 0x6F 0x6E 0x6E 0x61 0x67 0x75 0x65 0x73 0x73 0x69 0x74 ' ] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:180) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266) at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:125) at ome.logic.LdapImpl.getBase(LdapImpl.java:559) at ome.logic.LdapImpl.getContextMapper(LdapImpl.java:519) at ome.logic.LdapImpl.findDN(LdapImpl.java:173) at ome.services.ldap.LdapTest.assertPasses(LdapTest.java:209) at ome.services.ldap.LdapTest.testLdiffFile(LdapTest.java:125) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.testng.internal.MethodInvocationHelper.invokeMethod(MethodInvocationHelper.java:80) at org.testng.internal.Invoker.invokeMethod(Invoker.java:691) at org.testng.internal.Invoker.invokeTestMethod(Invoker.java:883) at org.testng.internal.Invoker.invokeTestMethods(Invoker.java:1208) at org.testng.internal.TestMethodWorker.invokeTestMethods(TestMethodWorker.java:127) at org.testng.internal.TestMethodWorker.run(TestMethodWorker.java:111) at org.testng.TestRunner.privateRun(TestRunner.java:758) at org.testng.TestRunner.run(TestRunner.java:613) at org.testng.SuiteRunner.runTest(SuiteRunner.java:334) at org.testng.SuiteRunner.runSequentially(SuiteRunner.java:329) at org.testng.SuiteRunner.privateRun(SuiteRunner.java:291) at org.testng.SuiteRunner.run(SuiteRunner.java:240) at org.testng.SuiteRunnerWorker.runSuite(SuiteRunnerWorker.java:53) at org.testng.SuiteRunnerWorker.run(SuiteRunnerWorker.java:87) at org.testng.TestNG.runSuitesSequentially(TestNG.java:1142) at org.testng.TestNG.runSuitesLocally(TestNG.java:1067) at org.testng.TestNG.run(TestNG.java:979) at org.testng.remote.RemoteTestNG.run(RemoteTestNG.java:109) at org.testng.remote.RemoteTestNG.initAndRun(RemoteTestNG.java:202) at org.testng.remote.RemoteTestNG.main(RemoteTestNG.java:173) Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - INVALID_CREDENTIALS: Bind failed: ERR_229 Cannot authenticate user uid=admin,ou=system: org.apache.directory.shared.ldap.exception.LdapAuthenticationException: ERR_229 Cannot authenticate user uid=admin,ou=system at org.apache.directory.server.core.authn.AuthenticationInterceptor.bind(AuthenticationInterceptor.java:518) at org.apache.directory.server.core.interceptor.InterceptorChain$Entry$1.bind(InterceptorChain.java:1383) at org.apache.directory.server.core.normalization.NormalizationInterceptor.bind(NormalizationInterceptor.java:320) at org.apache.directory.server.core.interceptor.InterceptorChain.bind(InterceptorChain.java:779) at org.apache.directory.server.core.DefaultOperationManager.bind(DefaultOperationManager.java:286) at org.apache.directory.server.ldap.handlers.BindHandler.handleSimpleAuth(BindHandler.java:174) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:603) at org.apache.directory.server.ldap.handlers.BindHandler.handle(BindHandler.java:63) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:196) at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:60) at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232) at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:193) at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:713) at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:434) at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:46) at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:793) at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:71) at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:480) at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:434) at java.lang.Thread.run(Thread.java:680) BindRequest = BindRequest Version : '3' Name : 'uid=admin,ou=system' Simple authentication : 'nevergonnaguessit/0x6E 0x65 0x76 0x65 0x72 0x67 0x6F 0x6E 0x6E 0x61 0x67 0x75 0x65 0x73 0x73 0x69 0x74 ' ] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3067) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3013) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2815) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2729) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:296) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:43) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:254) ... 31 more
comment:20 Changed 12 years ago by jmoore
- Remaining Time changed from 0.25 to 0
- Resolution set to fixed
- Status changed from accepted to closed
Pushed to https://github.com/openmicroscopy/openmicroscopy/pull/326 for QA.
Could you look into this when you get a chance, Ola?