You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by tr...@apache.org on 2015/10/02 21:23:35 UTC
svn commit: r1706476 - in /jackrabbit/oak/branches/1.0/oak-auth-ldap/src:
main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/
test/java/org/apache/jackrabbit/oak/security/authentication/ldap/
test/resources/org/apache/jackrabbit/oak/...
Author: tripod
Date: Fri Oct 2 19:23:35 2015
New Revision: 1706476
URL: http://svn.apache.org/viewvc?rev=1706476&view=rev
Log:
OAK-3396 NPE during syncAllExternalUsers in LdapIdentityProvider.createUser
Added:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif
Modified:
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
Modified: jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1706476&r1=1706475&r2=1706476&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/branches/1.0/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Fri Oct 2 19:23:35 2015
@@ -664,7 +664,13 @@ public class LdapIdentityProvider implem
throws LdapInvalidAttributeValueException {
ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
if (id == null) {
- id = entry.get(config.getUserConfig().getIdAttribute()).getString();
+ String idAttribute = config.getUserConfig().getIdAttribute();
+ Attribute attr = entry.get(idAttribute);
+ if (attr == null) {
+ throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
+ "no value found for attribute '" + idAttribute + "' for entry " + entry);
+ }
+ id = attr.getString();
}
String path = config.getUserConfig().makeDnPath()
? createDNPath(entry.getDn())
@@ -684,7 +690,13 @@ public class LdapIdentityProvider implem
throws LdapInvalidAttributeValueException {
ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
if (name == null) {
- name = entry.get(config.getGroupConfig().getIdAttribute()).getString();
+ String idAttribute = config.getGroupConfig().getIdAttribute();
+ Attribute attr = entry.get(idAttribute);
+ if (attr == null) {
+ throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
+ "no value found for attribute '" + idAttribute + "' for entry " + entry);
+ }
+ name = attr.getString();
}
String path = config.getGroupConfig().makeDnPath()
? createDNPath(entry.getDn())
Modified: jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1706476&r1=1706475&r2=1706476&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Fri Oct 2 19:23:35 2015
@@ -20,6 +20,7 @@ package org.apache.jackrabbit.oak.securi
import java.io.InputStream;
import java.util.Arrays;
import java.util.Collections;
+import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
@@ -55,6 +56,8 @@ public class LdapProviderTest {
private static final String TUTORIAL_LDIF = "apache-ds-tutorial.ldif";
+ private static final String ERRONEOUS_LDIF = "erroneous.ldif";
+
public static final String IDP_NAME = "ldap";
protected LdapIdentityProvider idp;
@@ -157,6 +160,25 @@ public class LdapProviderTest {
assertTrue("User instance", id instanceof ExternalUser);
assertEquals("User ID", TEST_USER1_UID, id.getId());
}
+
+ /**
+ * Test case to reproduce OAK-3396 where an ldap user entry
+ * without a uid caused a NullpointerException in LdapIdentityProvider.createUser
+ */
+ @Test
+ public void testListUsersWithMissingUid() throws Exception {
+ // the ERRONEOUS_LDIF contains an entry without uid
+ InputStream erroneousDIF = LdapProviderTest.class.getResourceAsStream(ERRONEOUS_LDIF);
+ LDAP_SERVER.loadLdif(erroneousDIF);
+ Iterator<ExternalUser> users = idp.listUsers();
+ // without the LdapInvalidAttributeValueException a NPE would result here:
+ while(users.hasNext()) {
+ ExternalUser user = users.next();
+ // the 'Faulty Entry' of the ERRONEOUS_LDIF should be filtered out
+ // (by LdapIdentityProvider.listUsers.getNext())
+ assertTrue(!user.getPrincipalName().startsWith("cn=Faulty Entry"));
+ }
+ }
@Test
public void testGetUserByUserId() throws Exception {
Added: jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif?rev=1706476&view=auto
==============================================================================
--- jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif (added)
+++ jackrabbit/oak/branches/1.0/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif Fri Oct 2 19:23:35 2015
@@ -0,0 +1,40 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Sample LDIF data containing a faulty entry (without uid)
+#
+version: 1
+
+dn: ou=faulty,ou=groups,ou=system
+objectclass: organizationalUnit
+objectclass: top
+description: Contains a faulty entry
+ou: faulty
+
+# Faulty entry without uid
+# ---------
+dn: cn=Faulty Entry,ou=users,ou=system
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: top
+cn: Faulty Entry
+description: Example erroneous entry
+givenname: Faulty
+sn: Entry
+mail: no-reply@no.reply
+userpassword: foobar