You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Charles Moulliard (JIRA)" <ji...@apache.org> on 2010/12/08 15:12:01 UTC
[jira] Commented: (KARAF-310) Add LDAP JAAS module
[ https://issues.apache.org/jira/browse/KARAF-310?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12969319#action_12969319 ]
Charles Moulliard commented on KARAF-310:
-----------------------------------------
Additional point :
When a LDAP error occurs during communication with the server, the error message received is not propagated back to the authenticate method (authenticate(String username, String password)) of the LDAP login module and so it does not allow to see what happens. Instead, a generic LDAP exception is generated and it is really difficult to see if the error comes from an issue with username/password or role or syntax used to search in LDAP server
{code}
javax.security.auth.login.LoginException: LDAP Error
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:119)
at org.apache.karaf.jaas.boot.ProxyLoginModule.login(ProxyLoginModule.java:83)[karaf-jaas-boot.jar:]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)[:1.6.0_22]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)[:1.6.0_22]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)[:1.6.0_22]
at java.lang.reflect.Method.invoke(Method.java:597)[:1.6.0_22]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)[:1.6.0_22]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)[:1.6.0_22]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)[:1.6.0_22]
at java.security.AccessController.doPrivileged(Native Method)[:1.6.0_22]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)[:1.6.0_22]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)[:1.6.0_22]
at org.eclipse.jetty.plus.jaas.JAASLoginService.login(JAASLoginService.java:203)[88:org.eclipse.jetty.plus:7.1.6.v20100715]
at org.eclipse.jetty.security.authentication.BasicAuthenticator.validateRequest(BasicAuthenticator.java:75)[68:org.eclipse.jetty.security:7.1.6.v20100715]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:416)[68:org.eclipse.jetty.security:7.1.6.v20100715]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:113)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at org.eclipse.jetty.server.Server.handle(Server.java:347)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:594)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at org.eclipse.jetty.server.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:1042)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:549)[63:org.eclipse.jetty.http:7.1.6.v20100715]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:211)[63:org.eclipse.jetty.http:7.1.6.v20100715]
at org.eclipse.jetty.server.HttpConnection.handle(HttpConnection.java:424)[67:org.eclipse.jetty.server:7.1.6.v20100715]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:506)[62:org.eclipse.jetty.io:7.1.6.v20100715]
at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:436)[61:org.eclipse.jetty.util:7.1.6.v20100715]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_22]
Caused by: javax.security.auth.login.FailedLoginException
at org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.login(LDAPLoginModule.java:114)
{code}
So it is not possible to log this info by example -->
{code}
[LDAP: error code 80 - OTHER: failed for SearchRequest
baseDn : 'ou=groups,ou=system'
filter : '(2.5.4.31-false-EXTENSIBLE-null-'0x75 0x69 0x64 0x3D 0x6A 0x64 0x6F 0x65 ':[9223372036854775807])'
scope : whole subtree
typesOnly : false
Size Limit : no limit
Time Limit : no limit
Deref Aliases : deref Always
attributes :
: N O T I M P L E M E N T E D Y E T !]
{code}
This should be improved
> Add LDAP JAAS module
> --------------------
>
> Key: KARAF-310
> URL: https://issues.apache.org/jira/browse/KARAF-310
> Project: Karaf
> Issue Type: New Feature
> Reporter: Charles Moulliard
> Fix For: 2.2.0
>
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.