[
https://issues.apache.org/jira/browse/DIRSERVER-1743?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny updated DIRSERVER-1743:
-----------------------------------------
Fix Version/s: (was: 2.0.0-M12)
2.0.0-RC1
> ReplicationConsumerImpl fails to connect when startTLS is enabled
> -----------------------------------------------------------------
>
> Key: DIRSERVER-1743
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1743
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ldap
> Affects Versions: 2.0.0-M7
> Environment: All
> Reporter: Paul Bayliss
> Labels: patch
> Fix For: 2.0.0-RC1
>
> Attachments: ReplicationConsumerImpl.diff
>
>
> When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled
> the first connection attempt fails with the the exception below. This occurs
> because there is no TCP connection established when the LDAP Start TLS
> extended request is attempted.
> 16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to
> bind with the given bindDN and credentials
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException:
> Cannot connect on the server, the connection is null
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> at
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> at
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> at
> org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]
> Subsequent connection attempts fail if confidentiality is enabled as the
> ReplicationConsumerImpl connect() code bypasses the startTLS if the
> LdapNetworkConnection has already been created. This results in the following
> exception.
> 16:42:09,452 | WARN | Thread-24 | ReplicationConsumerImpl[244]
> org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException:
> Confidentiality (TLS secured connection) is required.
> at
> org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12]
> at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> at
> org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
> at
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> at
> org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> at
> org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
> at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]
> A fix to both exceptions is to ensure that the LDAPNetworkConnection
> startTls() call is preceeded with a call to LDAPNetworkConnection connect()
> and and also ensure that if startTLS is enabled, the calls to connect() and
> startTls() are made for each ReplicationConsumerImpl connection attempt.
> I will attach an svn diff of the fix that works within my development
> environment.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
