You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Emmanuel Lecharny (JIRA)" <ji...@apache.org> on 2019/06/15 22:55:00 UTC

[jira] [Updated] (DIRSERVER-1910) NullPointerException while adding entries when password policy is disabled

     [ https://issues.apache.org/jira/browse/DIRSERVER-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lecharny updated DIRSERVER-1910:
-----------------------------------------
    Component/s: ppolicy

> NullPointerException while adding entries when password policy is disabled
> --------------------------------------------------------------------------
>
>                 Key: DIRSERVER-1910
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-1910
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: ppolicy
>    Affects Versions: 2.0.0-M15
>            Reporter: Kiran Ayyagari
>            Assignee: Kiran Ayyagari
>            Priority: Major
>             Fix For: 2.0.0-M16
>
>
>  Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio) containing entries that have a pwdPolicySubEntry attribute a null pointer exception occurs.
> The policy defined in the in attribute exists and when ads-enabled=TRUE is set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
> Maybe this is the expected behavior? We would in some situations like to bulk load users without the policy enabled, then after everyone is in there, enable the policy.
> Thanks!
> #!RESULT ERROR
> #!CONNECTION ldap://localhost:10389
> #!DATE 2013-10-30T15:32:25.999
> #!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 19
> Add Request : Entry     dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> uid: 1336598819633
> mail: test@test.com
> sn: Test
> givenName: Test
> pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77 0x30 0x39 0x4B 0x77 ...'
> title: -none-
> employeeNumber: Test.Test
> cn: Test, Test
> displayName: Test, Test:
> null: java.lang.NullPointerException        at org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
> at org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
> at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
> at org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
> at org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
> at org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
> at org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
> at org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
> at org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
> at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
> at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
> at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
> at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
> at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
> at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
> at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
> at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
> at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
> at java.lang.Thread.run(Unknown Source)  ]
> dn: uid=1336598819633,ou=users,ou=int,o=cpro
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: inetOrgPerson
> uid: 1336598819633
> mail: test@test.com
> sn: Test
> givenName: Test
> pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
> userPassword:: e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
> title: -none-
> employeeNumber: Test.Test
> cn: Test, Test
> displayName: Test, Test
> Carlo.Accorsi@ibs-ag.com <Ca...@ibs-ag.com> 	Sat, Nov 2, 2013 at 12:55 AM
> Reply-To: users@directory.apache.org
> To: users@directory.apache.org
> Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all the users including the  pwdChangedTime and pwdPolicySubEntry attributes.
> We they all get imported back in, their password are all set to expire (as defined in the policy) in 30 days (+/-) the hour
> or however long it takes to import.  We were looking to preserve the current period the passwords are valid when uplifting the system.
> One idea was to import the pwdChangedTime along with their password policy as defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby leaving pwdChangedTime alone)
> When we tried this, the null pointer occurs that I sent below the other day.  (that example did not include pwdChangedTime)
> We thought this might allow us to restore each user's actual password expiry. Then Once everyone is imported, we would re-enable the password policies.
> Am I going down a trail here? Thanks.
> From: Accorsi, Carlo
> Sent: Wednesday, October 30, 2013 3:55 PM
> To: users@directory.apache.org
> Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry attribute
> Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio) containing entries that have a pwdPolicySubEntry attribute a null pointer exception occurs.
> The policy defined in the in attribute exists and when ads-enabled=TRUE is set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
> Maybe this is the expected behavior? We would in some situations like to bulk load users without the policy enabled, then after everyone is in there, enable the policy.
> Thanks!



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org