Kiran Ayyagari created DIRSERVER-1910:
-----------------------------------------
Summary: NullPointerException while adding entries when password
policy is disabled
Key: DIRSERVER-1910
URL: https://issues.apache.org/jira/browse/DIRSERVER-1910
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 2.0.0-M15
Reporter: Kiran Ayyagari
Assignee: Kiran Ayyagari
Fix For: 2.0.0-M16
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory
Studio) containing entries that have a pwdPolicySubEntry attribute a null
pointer exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set,
the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk
load users without the policy enabled, then after everyone is in there, enable
the policy.
Thanks!
#!RESULT ERROR
#!CONNECTION ldap://localhost:10389
#!DATE 2013-10-30T15:32:25.999
#!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST
Message ID : 19
Add Request : Entry dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: [email protected]
sn: Test
givenName: Test
pwdPolicySubEntry:
ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77 0x30
0x39 0x4B 0x77 ...'
title: -none-
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test:
null: java.lang.NullPointerException at
org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
at
org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
at
org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
at
org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
at
org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
at
org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Unknown Source) ]
dn: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: [email protected]
sn: Test
givenName: Test
pwdPolicySubEntry:
ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword:: e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
title: -none-
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test
[email protected] <[email protected]> Sat, Nov 2, 2013 at
12:55 AM
Reply-To: [email protected]
To: [email protected]
Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all
the users including the pwdChangedTime and pwdPolicySubEntry attributes.
We they all get imported back in, their password are all set to expire (as
defined in the policy) in 30 days (+/-) the hour
or however long it takes to import. We were looking to preserve the current
period the passwords are valid when uplifting the system.
One idea was to import the pwdChangedTime along with their password policy as
defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby
leaving pwdChangedTime alone)
When we tried this, the null pointer occurs that I sent below the other day.
(that example did not include pwdChangedTime)
We thought this might allow us to restore each user's actual password expiry.
Then Once everyone is imported, we would re-enable the password policies.
Am I going down a trail here? Thanks.
From: Accorsi, Carlo
Sent: Wednesday, October 30, 2013 3:55 PM
To: [email protected]
Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry attribute
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio)
containing entries that have a pwdPolicySubEntry attribute a null pointer
exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set,
the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk
load users without the policy enabled, then after everyone is in there, enable
the policy.
Thanks!
--
This message was sent by Atlassian JIRA
(v6.1#6144)
