[
https://issues.apache.org/jira/browse/GERONIMO-6525?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jean-Jacques Parent updated GERONIMO-6525:
------------------------------------------
Description:
Get problem when using such property in a ldap securityrealm:
in the console : userSearchMatching=(&(sAMAccountName={0})(objectclass=user))
in the config.xml :
userSearchMatching=(&(sAMAccountName\={0})(objectclass\=user))
- used to work with geronimo 2
- get error with geronimo 3
javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis;
remaining name 'dc=brucity,dc=be'
at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at
org.apache.aries.jndi.DelegateContext.search(DelegateContext.java:365)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:260)
at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:154)
- think tha tthe problem is &. works fine in G3 with (sAMAccountName={0})
One question: in LDAPLoginModule.authenticate(). What is the purpose of this
code : if (results.hasMore()) {} ?
This make the authentication fail. Need to comment it out to get it work...
javax.naming.PartialResultException [Root exception is
javax.naming.NotContextException: Cannot create context for:
ldap://DomainDnsZones.brucity.be/DC=DomainDnsZones,DC=brucity,DC=be; remaining
name 'dc=brucity,dc=be']
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:264)
at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:155)
at
org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at
org.apache.geronimo.security.ContextManager.login(ContextManager.java:98)
at
org.apache.geronimo.security.jaspi.impl.GeronimoLoginService.login(GeronimoLoginService.java:61)
at
org.apache.geronimo.security.jaspi.impl.GeronimoLoginService.login(GeronimoLoginService.java:52)
at
org.apache.geronimo.tomcat.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:143)
at
org.apache.geronimo.tomcat.security.SecurityValve.invoke(SecurityValve.java:69)
at
org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve.invoke(JACCSecurityValve.java:54)
at
org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:731)
at
org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:48)
at
org.apache.geronimo.tomcat.valve.ProtectedTargetValve.invoke(ProtectedTargetValve.java:53)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:267)
at
org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:397)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.naming.NotContextException: Cannot create context for:
ldap://DomainDnsZones.brucity.be/DC=DomainDnsZones,DC=brucity,DC=be; remaining
name 'dc=brucity,dc=be'
at
com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:141)
at
com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357)
at
com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226)
... 37 more
was:
Get problem when using such property in a ldap securityrealm:
in the console : userSearchMatching=(&(sAMAccountName={0})(objectclass=user))
in the config.xml :
userSearchMatching=(&(sAMAccountName\={0})(objectclass\=user))
- used to work with geronimo 2
- get error with geronimo 3
javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis;
remaining name 'dc=brucity,dc=be'
at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
at
org.apache.aries.jndi.DelegateContext.search(DelegateContext.java:365)
at
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:260)
at
org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:154)
- think tha tthe problem is &. works fine in G3 with (sAMAccountName={0})
One question: in LDAPLoginModule.authenticate(). What is the purpose of this
code : if (results.hasMore()) {} ?
This make the authentication fail. Need to comment it out to get it work...
> LDAP realm userSearchMatching filter
> ------------------------------------
>
> Key: GERONIMO-6525
> URL: https://issues.apache.org/jira/browse/GERONIMO-6525
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security
> Affects Versions: 3.0.1
> Environment: Windows server 2003
> JDK1.7.0_60
> Reporter: Jean-Jacques Parent
> Priority: Minor
>
> Get problem when using such property in a ldap securityrealm:
> in the console : userSearchMatching=(&(sAMAccountName={0})(objectclass=user))
> in the config.xml :
> userSearchMatching=(&(sAMAccountName\={0})(objectclass\=user))
> - used to work with geronimo 2
> - get error with geronimo 3
> javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis;
> remaining name 'dc=brucity,dc=be'
> at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
> at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
> at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
> at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
> at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
> at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
> at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
> at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
> at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
> at
> com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
> at
> com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
> at
> org.apache.aries.jndi.DelegateContext.search(DelegateContext.java:365)
> at
> javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> at
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:260)
> at
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:154)
> - think tha tthe problem is &. works fine in G3 with (sAMAccountName={0})
> One question: in LDAPLoginModule.authenticate(). What is the purpose of this
> code : if (results.hasMore()) {} ?
> This make the authentication fail. Need to comment it out to get it work...
> javax.naming.PartialResultException [Root exception is
> javax.naming.NotContextException: Cannot create context for:
> ldap://DomainDnsZones.brucity.be/DC=DomainDnsZones,DC=brucity,DC=be;
> remaining name 'dc=brucity,dc=be']
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:242)
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMore(LdapNamingEnumeration.java:189)
> at
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:264)
> at
> org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:155)
> at
> org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:606)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
> at
> org.apache.geronimo.security.ContextManager.login(ContextManager.java:98)
> at
> org.apache.geronimo.security.jaspi.impl.GeronimoLoginService.login(GeronimoLoginService.java:61)
> at
> org.apache.geronimo.security.jaspi.impl.GeronimoLoginService.login(GeronimoLoginService.java:52)
> at
> org.apache.geronimo.tomcat.security.authentication.FormAuthenticator.validateRequest(FormAuthenticator.java:143)
> at
> org.apache.geronimo.tomcat.security.SecurityValve.invoke(SecurityValve.java:69)
> at
> org.apache.geronimo.tomcat.security.jacc.JACCSecurityValve.invoke(JACCSecurityValve.java:54)
> at
> org.apache.geronimo.tomcat.GeronimoStandardContext$SystemMethodValve.invoke(GeronimoStandardContext.java:731)
> at
> org.apache.geronimo.tomcat.valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java:48)
> at
> org.apache.geronimo.tomcat.valve.ProtectedTargetValve.invoke(ProtectedTargetValve.java:53)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
> at
> org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
> at
> org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
> at
> org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
> at org.apache.geronimo.pool.ThreadPool$1.run(ThreadPool.java:267)
> at
> org.apache.geronimo.pool.ThreadPool$ContextClassLoaderRunnable.run(ThreadPool.java:397)
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: javax.naming.NotContextException: Cannot create context for:
> ldap://DomainDnsZones.brucity.be/DC=DomainDnsZones,DC=brucity,DC=be;
> remaining name 'dc=brucity,dc=be'
> at
> com.sun.jndi.ldap.LdapReferralContext.<init>(LdapReferralContext.java:141)
> at
> com.sun.jndi.ldap.LdapReferralException.getReferralContext(LdapReferralException.java:150)
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreReferrals(LdapNamingEnumeration.java:357)
> at
> com.sun.jndi.ldap.LdapNamingEnumeration.hasMoreImpl(LdapNamingEnumeration.java:226)
> ... 37 more
--
This message was sent by Atlassian JIRA
(v6.2#6252)
