[jira] [Created] (DIRAPI-227) Bind user dn and password sent in clear after receiving PROTOCOL_ERROR during ldaps connection

Wed, 18 Mar 2015 08:25:05 -0700 

Scott Tustison created DIRAPI-227:
-------------------------------------

             Summary: Bind user dn and password sent in clear after receiving 
PROTOCOL_ERROR during ldaps connection
                 Key: DIRAPI-227
                 URL: https://issues.apache.org/jira/browse/DIRAPI-227
             Project: Directory Client API
          Issue Type: Bug
    Affects Versions: 1.0.0-M28
            Reporter: Scott Tustison


I was attempting to use M28 and was having issues getting LDAPS to work 
(startTLS appeared to work just fine). After several repeated bind and unbind 
operations, the LDAPS connection would eventually fail with a PROTOCOL_ERROR 
and never bind again. However, when it was attempting to bind after receiving 
that error, it would then send the bind user and password in the clear. This 
was confirmed by looking in the LDAP server logs and also by Wireshark.

I ran with debug turned on and this is what it receives during a failure (which 
is after a long string of successes, by the way). I omitted my project's code 
from the trace for clarity:

14:53:55,447 | DEBUG | tp1920834220-484 | 
ry.ldap.client.api.LdapNetworkConnection 1028 | ts-ldapclaimshandler | Bind 
request
14:53:55,450 | DEBUG | tp1920834220-484 | 
ry.ldap.client.api.LdapNetworkConnection 1270 | ts-ldapclaimshandler | Sending 
request 
MessageType : BIND_REQUEST
Message ID : 1
    BindRequest
        Version : '3'
        Name : 'cn=admin'
        Simple authentication : '(omitted-for-safety)'

14:53:55,450 | DEBUG | tp1920834220-484 | 
ry.ldap.client.api.LdapNetworkConnection  280 | ts-ldapclaimshandler | Adding 
<1, org.apache.directory.ldap.client.api.future.BindFuture>
14:53:55,654 | DEBUG | NioProcessor-3   | 
.ldap.client.api.LdapNetworkConnection$1  660 | ts-ldapclaimshandler | received 
a NoD, closing everything
14:53:55,654 | DEBUG | NioProcessor-3   | 
.ldap.client.api.LdapNetworkConnection$1  665 | ts-ldapclaimshandler | closing 
BindFuture[msgId : 1, size : 0, Canceled :false]
14:53:55,656 | DEBUG | tp1920834220-484 | 
ry.ldap.client.api.LdapNetworkConnection 1201 | ts-ldapclaimshandler | Bind 
failed : MessageType : BIND_RESPONSE
Message ID : -1
    BindResponse
        Ldap Result
            Result code : (PROTOCOL_ERROR) protocolError
            Matched Dn : 'null'
            Diagnostic message : 'PROTOCOL_ERROR: The server will disconnect!'

14:53:55,656 | ERROR | tp1920834220-484 | 
rity.sts.claimsHandler.RoleClaimsHandler  238 | ts-ldapclaimshandler | Unable 
to set role claims.
org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException: 
PROTOCOL_ERROR: The server will disconnect!
        at 
org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2163)
        at 
org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1035)




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to