Re: LDAP User Repository only works when userIdAttribute is 'cn'

Wed, 21 Mar 2012 07:12:46 -0700 

Hi Kevin,

Thx for reporting and testing.

You can view the history of on [1] and make diffs (example [2]).
You can see https://issues.apache.org/jira/browse/JAMES-1313 in the commit log. Is this related to the issue you have?
Do you have any idea on how to fix this for you taking into account previous patches? 

Thx,
Eric
[1] http://svn.apache.org/viewvc/james/server/trunk/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java?view=log
[2] http://svn.apache.org/viewvc/james/server/trunk/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java?r1=1088681&r2=1179514&diff_format=h 


On 21/03/12 14:38, Dion, Kevin wrote:

I have an ADLDS instance on a server running James beta2 I had been using to 
provide the user repository for James. Previously, I was using the attribute 
'uid' for the userIdAttribute in the configuration. When upgrading to beta4, 
this no longer works. When attempting to login, I get an 'Unable to retrieve 
user from ldap' error, with the following exception showing in the 
userrepository log:

javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: 
DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
                 'OU=Users,DC=SYSTEM,DC=DOMAIN,DC=ORG'
]; remaining name 'uid=cbrown,ou=users,dc=system,dc=domain,dc=org'
                 at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3066)
                 at 
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
                 at 
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
                 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1826)
                 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1749)
                 at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:368)
                 at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:338)
                 at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:321)
                 at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
                 at 
org.apache.james.util.retry.naming.directory.RetryingDirContext$24.operation(RetryingDirContext.java:473)
                 at 
org.apache.james.util.retry.ExceptionRetryHandler.perform(ExceptionRetryHandler.java:84)
                 at 
org.apache.james.util.retry.naming.NamingExceptionRetryHandler.perform(NamingExceptionRetryHandler.java:58)
                 at 
org.apache.james.util.retry.naming.directory.RetryingDirContext.search(RetryingDirContext.java:468)
                 at 
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.buildUser(ReadOnlyUsersLDAPRepository.java:575)
                 at 
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.getUserByName(ReadOnlyUsersLDAPRepository.java:648)
                 at 
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.test(ReadOnlyUsersLDAPRepository.java:737)
                 at 
org.apache.james.adapter.mailbox.store.UserRepositoryAuthenticator.isAuthentic(UserRepositoryAuthenticator.java:51)
                 at 
org.apache.james.mailbox.store.StoreMailboxManager.login(StoreMailboxManager.java:269)
                 at 
org.apache.james.mailbox.store.StoreMailboxManager.login(StoreMailboxManager.java:276)
                 at 
org.apache.james.imap.processor.AbstractAuthProcessor.doAuth(AbstractAuthProcessor.java:56)
                 at 
org.apache.james.imap.processor.LoginProcessor.doProcess(LoginProcessor.java:57)
                 at 
org.apache.james.imap.processor.LoginProcessor.doProcess(LoginProcessor.java:37)
                 at 
org.apache.james.imap.processor.AbstractMailboxProcessor.doProcess(AbstractMailboxProcessor.java:100)
                 at 
org.apache.james.imap.processor.AbstractMailboxProcessor.process(AbstractMailboxProcessor.java:89)
                 at 
org.apache.james.imap.processor.AbstractMailboxProcessor.doProcess(AbstractMailboxProcessor.java:83)
                 at 
org.apache.james.imap.processor.AbstractMailboxProcessor.doProcess(AbstractMailboxProcessor.java:66)
at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:52)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imap.processor.base.AbstractChainedProcessor.process(AbstractChainedProcessor.java:54)
                 at 
org.apache.james.imapserver.netty.ImapChannelUpstreamHandler.messageReceived(ImapChannelUpstreamHandler.java:181)
                 at 
org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
                 at 
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
                 at 
org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
                 at 
org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:296)
                 at 
org.jboss.netty.handler.codec.frame.FrameDecoder.unfoldAndFireMessageReceived(FrameDecoder.java:327)
                 at 
org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:305)
                 at 
org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:207)
                 at 
org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:75)
                 at 
org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:558)
                 at 
org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:777)
                 at 
org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.run(ChannelUpstreamEventRunnable.java:44)
                 at 
org.jboss.netty.handler.execution.OrderedMemoryAwareThreadPoolExecutor$ChildExecutor.run(OrderedMemoryAwareThreadPoolExecutor.java:312)
                 at 
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
                 at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
                 at java.lang.Thread.run(Thread.java:619)

I believe the source of this error comes from the following location:

                 ...
                 at 
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.buildUser(ReadOnlyUsersLDAPRepository.java:575)
                 at 
org.apache.james.user.ldap.ReadOnlyUsersLDAPRepository.getUserByName(ReadOnlyUsersLDAPRepository.java:648)
                 ...


Looking at the differences in the getUserByName method between beta2 (1) and beta4 (2), 
the newer beta4 implementation calls buildUser, but instead of passing in a user's DN (as 
called for by the builduser input parameter), creates a pseudo-dn using the 
userIdAttribute and the supplied username. i.e. a proper DN would be of the form 
"cn=Charlie Brown, ,ou=users,dc=system,dc=domain,dc=org" but getUserByName 
calls buildUser with 'uid=cbrown,ou=users,dc=system,dc=domain,dc=org'. This leads to a 
failure in the LDAP lookup

Changing userIdAttribute to 'cn' and supplying the appropriate login 
information does provide correct login, however it should be possible for users 
to specify a different attribute for login purposes.

Links to referenced source for comparison:

(1)    
http://svn.apache.org/repos/asf/james/server/tags/james-server-3.0-beta2/ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java

(2)    
https://svn.apache.org/repos/asf/james/server/tags/james-server-3.0-beta4/data-ldap/src/main/java/org/apache/james/user/ldap/ReadOnlyUsersLDAPRepository.java



Kevin




--
eric | http://about.echarles.net | @echarles

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to