[
https://issues.apache.org/jira/browse/DIRAPI-227?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lecharny resolved DIRAPI-227.
--------------------------------------
Resolution: Fixed
Fix Version/s: 1.0.0-RC3
I mark it as solved, as we have switched to a version of MINA which solves the
issue.
> Bind user dn and password sent in clear after receiving PROTOCOL_ERROR during
> ldaps connection
> ----------------------------------------------------------------------------------------------
>
> Key: DIRAPI-227
> URL: https://issues.apache.org/jira/browse/DIRAPI-227
> Project: Directory Client API
> Issue Type: Bug
> Affects Versions: 1.0.0-M28
> Reporter: Scott Tustison
> Fix For: 1.0.0-RC3
>
>
> I was attempting to use M28 and was having issues getting LDAPS to work
> (startTLS appeared to work just fine). After several repeated bind and unbind
> operations, the LDAPS connection would eventually fail with a PROTOCOL_ERROR
> and never bind again. However, when it was attempting to bind after receiving
> that error, it would then send the bind user and password in the clear. This
> was confirmed by looking in the LDAP server logs and also by Wireshark.
> I ran with debug turned on and this is what it receives during a failure
> (which is after a long string of successes, by the way). I omitted my
> project's code from the trace for clarity:
> 14:53:55,447 | DEBUG | tp1920834220-484 |
> ry.ldap.client.api.LdapNetworkConnection 1028 | ts-ldapclaimshandler | Bind
> request
> 14:53:55,450 | DEBUG | tp1920834220-484 |
> ry.ldap.client.api.LdapNetworkConnection 1270 | ts-ldapclaimshandler |
> Sending request
> MessageType : BIND_REQUEST
> Message ID : 1
> BindRequest
> Version : '3'
> Name : 'cn=admin'
> Simple authentication : '(omitted-for-safety)'
> 14:53:55,450 | DEBUG | tp1920834220-484 |
> ry.ldap.client.api.LdapNetworkConnection 280 | ts-ldapclaimshandler | Adding
> <1, org.apache.directory.ldap.client.api.future.BindFuture>
> 14:53:55,654 | DEBUG | NioProcessor-3 |
> .ldap.client.api.LdapNetworkConnection$1 660 | ts-ldapclaimshandler |
> received a NoD, closing everything
> 14:53:55,654 | DEBUG | NioProcessor-3 |
> .ldap.client.api.LdapNetworkConnection$1 665 | ts-ldapclaimshandler |
> closing BindFuture[msgId : 1, size : 0, Canceled :false]
> 14:53:55,656 | DEBUG | tp1920834220-484 |
> ry.ldap.client.api.LdapNetworkConnection 1201 | ts-ldapclaimshandler | Bind
> failed : MessageType : BIND_RESPONSE
> Message ID : -1
> BindResponse
> Ldap Result
> Result code : (PROTOCOL_ERROR) protocolError
> Matched Dn : 'null'
> Diagnostic message : 'PROTOCOL_ERROR: The server will disconnect!'
> 14:53:55,656 | ERROR | tp1920834220-484 |
> rity.sts.claimsHandler.RoleClaimsHandler 238 | ts-ldapclaimshandler | Unable
> to set role claims.
> org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException:
> PROTOCOL_ERROR: The server will disconnect!
> at
> org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2163)
> at
> org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1035)
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
