Paul Bayliss created DIRSERVER-1743:
---------------------------------------
Summary: ReplicationConsumerImpl fails to connect when startTLS is
enabled
Key: DIRSERVER-1743
URL: https://issues.apache.org/jira/browse/DIRSERVER-1743
Project: Directory ApacheDS
Issue Type: Bug
Components: ldap
Affects Versions: 2.0.0-M7
Environment: All
Reporter: Paul Bayliss
When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled
the first connection attempt fails with the the exception below. This occurs
because there is no TCP connection established when the LDAP Start TLS extended
request is attempted.
16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to bind
with the given bindDN and credentials
org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
Cannot connect on the server, the connection is null
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at
org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at
org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]
Subsequent connection attempts fail if confidentiality is enabled as the
ReplicationConsumerImpl connect() code bypasses the startTLS if the
LdapNetworkConnection has already been created. This results in the following
exception.
16:42:09,452 | WARN | Thread-24 | ReplicationConsumerImpl[244]
org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException:
Confidentiality (TLS secured connection) is required.
at
org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12]
at
org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at
org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at
org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at
org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]
A fix to both exceptions is to ensure that the LDAPNetworkConnection startTls()
call is preceeded with a call to LDAPNetworkConnection connect() and and also
ensure that if startTLS is enabled, the calls to connect() and startTls() are
made for each ReplicationConsumerImpl connection attempt.
I will attach an svn diff of the fix that works within my development
environment.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
