You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@manifoldcf.apache.org by kw...@apache.org on 2016/08/13 21:48:09 UTC
svn commit: r1756296 -
/manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
Author: kwright
Date: Sat Aug 13 21:48:09 2016
New Revision: 1756296
URL: http://svn.apache.org/viewvc?rev=1756296&view=rev
Log:
Fix for CONNECTORS-1333.
Modified:
manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
Modified: manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java
URL: http://svn.apache.org/viewvc/manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java?rev=1756296&r1=1756295&r2=1756296&view=diff
==============================================================================
--- manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java (original)
+++ manifoldcf/trunk/connectors/activedirectory/connector/src/main/java/org/apache/manifoldcf/authorities/authorities/activedirectory/ActiveDirectoryAuthority.java Sat Aug 13 21:48:09 2016
@@ -324,6 +324,7 @@ public class ActiveDirectoryAuthority ex
if (domainController == null)
{
// No domain controller found for the user, so return "user not found".
+ Logging.authorityConnectors.info("User not found: " + userName);
return RESPONSE_USERNOTFOUND;
}
@@ -332,6 +333,7 @@ public class ActiveDirectoryAuthority ex
if (dcParams == null)
{
// No domain controller, even though it's mentioned in a rule
+ Logging.authorityConnectors.info("User not found: " + userName);
return RESPONSE_USERNOTFOUND;
}
@@ -366,8 +368,10 @@ public class ActiveDirectoryAuthority ex
//Get DistinguishedName (for this method we are using DomainPart as a searchBase ie: DC=qa-ad-76,DC=metacarta,DC=com")
String searchBase = getDistinguishedName(ctx, userPart, domainsb.toString(), userACLsUsername);
- if (searchBase == null)
+ if (searchBase == null) {
+ Logging.authorityConnectors.info("User not found: " + userName);
return RESPONSE_USERNOTFOUND;
+ }
//specify the LDAP search filter
String searchFilter = "(objectClass=user)";
@@ -411,15 +415,18 @@ public class ActiveDirectoryAuthority ex
}
catch (NamingException e)
{
+ Logging.authorityConnectors.error("Naming exception: " + e.getMessage(), e);
throw new ManifoldCFException(e.getMessage(),e);
}
}
}
- if (theGroups.size() == 0)
+ if (theGroups.size() == 0) {
+ Logging.authorityConnectors.info("User not found: " + userName);
return RESPONSE_USERNOTFOUND;
-
+ }
+
// All users get certain well-known groups
theGroups.add("S-1-1-0");
@@ -437,11 +444,13 @@ public class ActiveDirectoryAuthority ex
catch (NameNotFoundException e)
{
// This means that the user doesn't exist
+ Logging.authorityConnectors.error("User not found: " + userName + " Exception: " + e.getMessage(), e);
return RESPONSE_USERNOTFOUND;
}
catch (NamingException e)
{
// Unreachable
+ Logging.authorityConnectors.error("Response Unreachable: " + e.getMessage(), e);
return RESPONSE_UNREACHABLE;
}
}
@@ -710,6 +719,7 @@ public class ActiveDirectoryAuthority ex
}
catch (NumberFormatException e)
{
+ Logging.authorityConnectors.error("Cache lifetime or Cache LRU size must be an integer: " + e.getMessage(), e);
throw new ManifoldCFException("Cache lifetime or Cache LRU size must be an integer: "+e.getMessage(),e);
}
hasSessionParameters = true;
@@ -752,6 +762,7 @@ public class ActiveDirectoryAuthority ex
}
catch (NamingException e)
{
+ Logging.authorityConnectors.error("Naming exception: " + e.getMessage(), e);
throw new ManifoldCFException(e.getMessage(),e);
}
}
@@ -851,6 +862,7 @@ public class ActiveDirectoryAuthority ex
// Now, try the connection...
try
{
+ Logging.authorityConnectors.info("LDAP Context environment properties: " + printLdapContextEnvironment(env));
ctx = new InitialLdapContext(env,null);
// If successful, break
break;
@@ -858,15 +870,18 @@ public class ActiveDirectoryAuthority ex
catch (AuthenticationException e)
{
// This means we couldn't authenticate!
+ Logging.authorityConnectors.error("Authentication problem authenticating admin user '"+userName+"': "+e.getMessage(),e);
throw new ManifoldCFException("Authentication problem authenticating admin user '"+userName+"': "+e.getMessage(),e);
}
catch (CommunicationException e)
{
// This means we couldn't connect, most likely
+ Logging.authorityConnectors.error("Couldn't communicate with domain controller '"+domainControllerName+"': "+e.getMessage(),e);
throw new ManifoldCFException("Couldn't communicate with domain controller '"+domainControllerName+"': "+e.getMessage(),e);
}
catch (NamingException e)
{
+ Logging.authorityConnectors.error("Naming exception: " + e.getMessage(), e);
throw new ManifoldCFException(e.getMessage(),e);
}
}
@@ -882,16 +897,16 @@ public class ActiveDirectoryAuthority ex
catch (AuthenticationException e)
{
// This means we couldn't authenticate! Log it and retry creating a whole new context.
- Logging.authorityConnectors.warn("Reconnect: Authentication problem authenticating admin user '"+userName+"': "+e.getMessage(),e);
+ Logging.authorityConnectors.error("Authentication exception: " + e.getMessage() + ", explanation: " + e.getExplanation(), e);
}
catch (CommunicationException e)
{
// This means we couldn't connect, most likely. Log it and retry creating a whole new context.
- Logging.authorityConnectors.warn("Reconnect: Couldn't communicate with domain controller '"+domainControllerName+"': "+e.getMessage(),e);
+ Logging.authorityConnectors.error("Communication exception: " + e.getMessage() + ", explanation: " + e.getExplanation(), e);
}
catch (NamingException e)
{
- Logging.authorityConnectors.warn("Reconnect: Naming exception: "+e.getMessage(),e);
+ Logging.authorityConnectors.error("Naming exception: " + e.getMessage() + ", explanation: " + e.getExplanation(), e);
}
// So we have no chance of leaking resources, attempt to close the context.
@@ -936,6 +951,19 @@ public class ActiveDirectoryAuthority ex
{
return ctx != null;
}
+
+ /**
+ * Stringifies LDAP Context environment variable
+ * @param env LDAP Context environment variable
+ * @return Stringified LDAP Context environment. Password is masked if exists.
+ */
+ private String printLdapContextEnvironment(Hashtable env) {
+ Hashtable copyEnv = new Hashtable<>(env);
+ if (copyEnv.contains(Context.SECURITY_CREDENTIALS)){
+ copyEnv.put(Context.SECURITY_CREDENTIALS, "********");
+ }
+ return Arrays.toString(copyEnv.entrySet().toArray());
+ }
}
/** Class describing a domain suffix and corresponding domain controller name rule.