[jira] Commented: (KARAF-310) Add LDAP JAAS module

Wed, 08 Dec 2010 06:12:26 -0800 

    [ 
https://issues.apache.org/jira/browse/KARAF-310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12969319#action_12969319
 ] 

Charles Moulliard commented on KARAF-310:
-----------------------------------------

Additional point :

When a LDAP error occurs during communication with the server, the error 
message received is not propagated back to the authenticate method 
(authenticate(String username, String password)) of the LDAP login module and 
so it does not allow to see what happens. Instead, a generic LDAP exception is 
generated and it is really difficult to see if the error comes from an issue 
with username/password or role or syntax used to search in LDAP server

{code}
javax.security.auth.login.LoginException: LDAP Error
        at 
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:119)
        at 
org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native 
Method)[:1.6.0_22]
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_22]
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_22]
        at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_22]
        at 
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_22]
        at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_22]
        at 
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)[:1.6.0_22]
        at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_22]
        at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_22]
        at 
javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_22]
        at 
org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[88:org.eclipse.jetty.plus:7.1.6.v20100715]
        at 
org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:75)[68:org.eclipse.jetty.security:7.1.6.v20100715]
        at 
org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:416)[68:org.eclipse.jetty.security:7.1.6.v20100715]
        at 
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
        at 
org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
        at 
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
        at 
org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
        at 
org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
        at 
org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
        at 
org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
        at 
org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
        at 
org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
        at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
Caused by: javax.security.auth.login.FailedLoginException
        at 
org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:114)

{code}


So it is not possible to log this info by example -->

{code}
[LDAP: error code 80 - OTHER: failed for     SearchRequest
        baseDn : 'ou=groups,ou=system'
        filter : '(2.5.4.31-false-EXTENSIBLE-null-'0x75 0x69 0x64 0x3D 0x6A 
0x64 0x6F 0x65 ':[9223372036854775807])'
        scope : whole subtree
        typesOnly : false
        Size Limit : no limit
        Time Limit : no limit
        Deref Aliases : deref Always
        attributes : 
: N O T   I M P L E M E N T E D   Y E T !]
{code}

This should be improved



> Add LDAP JAAS module
> --------------------
>
>                 Key: KARAF-310
>                 URL: https://issues.apache.org/jira/browse/KARAF-310
>             Project: Karaf
>          Issue Type: New Feature
>            Reporter: Charles Moulliard
>             Fix For: 2.2.0
>
>


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to