[
https://issues.apache.org/jira/browse/DIRSERVER-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emmanuel Lécharny updated DIRSERVER-1910:
-----------------------------------------
Description:
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory
Studio) containing entries that have a pwdPolicySubEntry attribute a null
pointer exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set,
the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk
load users without the policy enabled, then after everyone is in there, enable
the policy.
Thanks!
{quote}#!RESULT ERROR
#!CONNECTION ldap://localhost:10389
#!DATE 2013-10-30T15:32:25.999
#!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST
Message ID : 19
Add Request : Entry dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: [email protected]
sn: Test
givenName: Test
pwdPolicySubEntry:
ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77 0x30
0x39 0x4B 0x77 ...'
title: -none-
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test:
null: java.lang.NullPointerException at
org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
at
org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
at
org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
at
org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
at
org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
at
org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Unknown Source) ]
dn: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: [email protected]
sn: Test
givenName: Test
pwdPolicySubEntry:
ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword:: e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
title: -none-
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test
{quote}
[email protected] <[email protected]> Sat, Nov 2, 2013 at
12:55 AM
Reply-To: [email protected]
To: [email protected]
Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all
the users including the pwdChangedTime and pwdPolicySubEntry attributes.
We they all get imported back in, their password are all set to expire (as
defined in the policy) in 30 days (+/-) the hour
or however long it takes to import. We were looking to preserve the current
period the passwords are valid when uplifting the system.
One idea was to import the pwdChangedTime along with their password policy as
defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby
leaving pwdChangedTime alone)
When we tried this, the null pointer occurs that I sent below the other day.
(that example did not include pwdChangedTime)
We thought this might allow us to restore each user's actual password expiry.
Then Once everyone is imported, we would re-enable the password policies.
Am I going down a trail here? Thanks.
From: Accorsi, Carlo
Sent: Wednesday, October 30, 2013 3:55 PM
To: [email protected]
Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry attribute
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio)
containing entries that have a pwdPolicySubEntry attribute a null pointer
exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set,
the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk
load users without the policy enabled, then after everyone is in there, enable
the policy.
Thanks!
was:
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory
Studio) containing entries that have a pwdPolicySubEntry attribute a null
pointer exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set,
the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk
load users without the policy enabled, then after everyone is in there, enable
the policy.
Thanks!
#!RESULT ERROR
#!CONNECTION ldap://localhost:10389
#!DATE 2013-10-30T15:32:25.999
#!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST
Message ID : 19
Add Request : Entry dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: [email protected]
sn: Test
givenName: Test
pwdPolicySubEntry:
ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77 0x30
0x39 0x4B 0x77 ...'
title: -none-
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test:
null: java.lang.NullPointerException at
org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
at
org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
at
org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
at
org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
at
org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
at
org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
at
org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
at
org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
at
org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at
org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at
org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at
org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at
org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at
org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Unknown Source) ]
dn: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: [email protected]
sn: Test
givenName: Test
pwdPolicySubEntry:
ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword:: e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
title: -none-
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test
[email protected] <[email protected]> Sat, Nov 2, 2013 at
12:55 AM
Reply-To: [email protected]
To: [email protected]
Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all
the users including the pwdChangedTime and pwdPolicySubEntry attributes.
We they all get imported back in, their password are all set to expire (as
defined in the policy) in 30 days (+/-) the hour
or however long it takes to import. We were looking to preserve the current
period the passwords are valid when uplifting the system.
One idea was to import the pwdChangedTime along with their password policy as
defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby
leaving pwdChangedTime alone)
When we tried this, the null pointer occurs that I sent below the other day.
(that example did not include pwdChangedTime)
We thought this might allow us to restore each user's actual password expiry.
Then Once everyone is imported, we would re-enable the password policies.
Am I going down a trail here? Thanks.
From: Accorsi, Carlo
Sent: Wednesday, October 30, 2013 3:55 PM
To: [email protected]
Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry attribute
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio)
containing entries that have a pwdPolicySubEntry attribute a null pointer
exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set,
the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk
load users without the policy enabled, then after everyone is in there, enable
the policy.
Thanks!
> NullPointerException while adding entries when password policy is disabled
> --------------------------------------------------------------------------
>
> Key: DIRSERVER-1910
> URL: https://issues.apache.org/jira/browse/DIRSERVER-1910
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: ppolicy
> Affects Versions: 2.0.0-M15
> Reporter: Kiran Ayyagari
> Assignee: Kiran Ayyagari
> Priority: Major
> Fix For: 2.0.0-M16
>
>
> Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory
> Studio) containing entries that have a pwdPolicySubEntry attribute a null
> pointer exception occurs.
> The policy defined in the in attribute exists and when ads-enabled=TRUE is
> set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
> Maybe this is the expected behavior? We would in some situations like to bulk
> load users without the policy enabled, then after everyone is in there,
> enable the policy.
> Thanks!
> {quote}#!RESULT ERROR
> #!CONNECTION ldap://localhost:10389
> #!DATE 2013-10-30T15:32:25.999
> #!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST
> Message ID : 19
> Add Request : Entry dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> uid: 1336598819633
> mail: [email protected]
> sn: Test
> givenName: Test
> pwdPolicySubEntry:
> ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77
> 0x30 0x39 0x4B 0x77 ...'
> title: -none-
> employeeNumber: Test.Test
> cn: Test, Test
> displayName: Test, Test:
> null: java.lang.NullPointerException at
> org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
> at
> org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
> at
> org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
> at
> org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
> at
> org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
> at
> org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
> at
> org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
> at
> org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
> at
> org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
> at
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
> at
> org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> at
> org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> at
> org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> at
> org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> at
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> at
> org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> at java.lang.Thread.run(Unknown Source) ]
> dn: uid=1336598819633,ou=users,ou=int,o=cpro
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> uid: 1336598819633
> mail: [email protected]
> sn: Test
> givenName: Test
> pwdPolicySubEntry:
> ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> userPassword::
> e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
> title: -none-
> employeeNumber: Test.Test
> cn: Test, Test
> displayName: Test, Test
> {quote}
> [email protected] <[email protected]> Sat, Nov 2, 2013 at
> 12:55 AM
> Reply-To: [email protected]
> To: [email protected]
> Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all
> the users including the pwdChangedTime and pwdPolicySubEntry attributes.
> We they all get imported back in, their password are all set to expire (as
> defined in the policy) in 30 days (+/-) the hour
> or however long it takes to import. We were looking to preserve the current
> period the passwords are valid when uplifting the system.
> One idea was to import the pwdChangedTime along with their password policy as
> defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby
> leaving pwdChangedTime alone)
> When we tried this, the null pointer occurs that I sent below the other day.
> (that example did not include pwdChangedTime)
> We thought this might allow us to restore each user's actual password expiry.
> Then Once everyone is imported, we would re-enable the password policies.
> Am I going down a trail here? Thanks.
> From: Accorsi, Carlo
> Sent: Wednesday, October 30, 2013 3:55 PM
> To: [email protected]
> Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry
> attribute
> Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory
> Studio) containing entries that have a pwdPolicySubEntry attribute a null
> pointer exception occurs.
> The policy defined in the in attribute exists and when ads-enabled=TRUE is
> set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
> Maybe this is the expected behavior? We would in some situations like to bulk
> load users without the policy enabled, then after everyone is in there,
> enable the policy.
> Thanks!
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
