karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Charles Moulliard (JIRA)" <j...@apache.org>
Subject [jira] Commented: (KARAF-310) Add LDAP JAAS module
Date Wed, 08 Dec 2010 14:12:01 GMT

    [ https://issues.apache.org/jira/browse/KARAF-310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12969319#action_12969319
] 

Charles Moulliard commented on KARAF-310:
-----------------------------------------

Additional point :

When a LDAP error occurs during communication with the server, the error message received
is not propagated back to the authenticate method (authenticate(String username, String password))
of the LDAP login module and so it does not allow to see what happens. Instead, a generic
LDAP exception is generated and it is really difficult to see if the error comes from an issue
with username/password or role or syntax used to search in LDAP server

{code}
javax.security.auth.login.LoginException: LDAP Error
	at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:119)
	at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_22]
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_22]
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_22]
	at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_22]
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_22]
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_22]
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)[:1.6.0_22]
	at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_22]
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_22]
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_22]
	at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[88:org.eclipse.jetty.plus:7.1.6.v20100715]
	at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:75)[68:org.eclipse.jetty.security:7.1.6.v20100715]
	at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:416)[68:org.eclipse.jetty.security:7.1.6.v20100715]
	at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
	at org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
	at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
	at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
	at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
	at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
	at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
	at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
	at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
	at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
Caused by: javax.security.auth.login.FailedLoginException
	at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:114)

{code}


So it is not possible to log this info by example -->

{code}
[LDAP: error code 80 - OTHER: failed for     SearchRequest
        baseDn : 'ou=groups,ou=system'
        filter : '(2.5.4.31-false-EXTENSIBLE-null-'0x75 0x69 0x64 0x3D 0x6A 0x64 0x6F 0x65
':[9223372036854775807])'
        scope : whole subtree
        typesOnly : false
        Size Limit : no limit
        Time Limit : no limit
        Deref Aliases : deref Always
        attributes : 
: N O T   I M P L E M E N T E D   Y E T !]
{code}

This should be improved



> Add LDAP JAAS module
> --------------------
>
>                 Key: KARAF-310
>                 URL: https://issues.apache.org/jira/browse/KARAF-310
>             Project: Karaf
>          Issue Type: New Feature
>            Reporter: Charles Moulliard
>             Fix For: 2.2.0
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message