[ 
https://issues.apache.org/jira/browse/KNOX-1094?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16241777#comment-16241777
 ] 

Alberto Bortolan edited comment on KNOX-1094 at 11/7/17 10:20 AM:
------------------------------------------------------------------

Hello [~moresandeep]

I've originally reported this issue to [~pbhag...@hortonworks.com] . The 
message was:

java.lang.IllegalArgumentException: Hit NamingException: {color:#14892c}simple 
bind failed: myldapserver.mycompany.com:636{color}
   at 
org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.getUserDn(KnoxLdapRealm.java:733)
   at 
org.apache.shiro.realm.ldap.JndiLdapRealm.getLdapPrincipal(JndiLdapRealm.java:342)
   at 
org.apache.shiro.realm.ldap.JndiLdapRealm.queryForAuthenticationInfo(JndiLdapRealm.java:371)
   (...)

This was caused by the LDAPS-connection not being trusted,  impossible to 
figure out in this case, since the NamingException completely hides any 
LDAP-exceptions. “Simple bind failed” can be caused by any number of underlying 
Exceptions.


was (Author: alibe):
Hello [~moresandeep]

I've originally reported this issue to [~pbhag...@hortonworks.com] . The 
message was:

{{java.lang.IllegalArgumentException: Hit NamingException:{color:#205081} 
simple bind failed: myldapserver.mycompany.com:636{color}
        at 
org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm.getUserDn(KnoxLdapRealm.java:733)
        at 
org.apache.shiro.realm.ldap.JndiLdapRealm.getLdapPrincipal(JndiLdapRealm.java:342)
        at 
org.apache.shiro.realm.ldap.JndiLdapRealm.queryForAuthenticationInfo(JndiLdapRealm.java:371)
        at 
org.apache.shiro.realm.ldap.JndiLdapRealm.doGetAuthenticationInfo(JndiLdapRealm.java:295)
                (...)}}

This was caused by the LDAPS-connection not being trusted,  impossible to 
figure out in this case, since the NamingException completely hides any 
LDAP-exceptions. “Simple bind failed” can be caused by any number of underlying 
Exceptions.

> Knox loses inner exception in IllegalArgumentException issues during AD 
> authentications
> ---------------------------------------------------------------------------------------
>
>                 Key: KNOX-1094
>                 URL: https://issues.apache.org/jira/browse/KNOX-1094
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>    Affects Versions: 0.12.0
>            Reporter: Pravin Bhagade
>             Fix For: 0.15.0
>
>
> Knox to use their Active Directory and noted that when 
> IllegalArgumentException exceptions are raised from a specific point in the 
> code, the inner exception is lost and make it difficult to diagnose the 
> issue. 
> {code:java}
> The exception is the one at line 733 of 
> https://github.com/hortonworks/knox-release/blob/HDP-2.6.2.17-tag/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
>  
> } catch (NamingException e) { 
> throw new IllegalArgumentException("Hit NamingException: " + e.getMessage()); 
> {code}
> Is it possible to change the code to preserve the inner exception ( set the 
> Throwable argument )?



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to