C.J. Collier created RANGER-3179:
------------------------------------
Summary: ranger-ugsync-site.xml parser XMLUtils::loadConfig unable
to cope with special characters in passwords
Key: RANGER-3179
URL: https://issues.apache.org/jira/browse/RANGER-3179
Project: Ranger
Issue Type: Improvement
Components: Ranger
Affects Versions: 1.2.0
Reporter: C.J. Collier
Customer is using a password with an & character in their ldapbindpassword from
ranger-ugsync-site.xml
Attempts to escape with & or by wrapping the password in a <![CDATA[...]]>
element failed with different errors.
Solution could be to account for CDATA wrapper in loadConfig
Log examples follow. First with & escaped as &:
12 Feb 2021 00:03:21 ERROR LdapDeltaUserGroupBuilder [UnixUserSyncThread] -
LdapDeltaUserGroupBuilder.getGroups() failed with exception:
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr:
DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580];
remaining name 'DC=caremarkrx,DC=net'
And another example with the raw password, unescaped:
12 Feb 2021 00:49:37 ERROR XMLUtils [main] - Error loading :
org.xml.sax.SAXParseException; lineNumber: 52; columnNumber: 21; The reference
to entity "I4F" must end with the ';' delimiter. at
[com.sun.org|http://com.sun.org/].apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:257)
at
[com.sun.org|http://com.sun.org/].apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:339)
at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:121) at
org.apache.ranger.plugin.u
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
