You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@directory.apache.org by John Strockmeyer <jo...@gmail.com> on 2015/03/27 12:07:09 UTC
bind response is too detailed
Hello. I have had this dilemma for some time now. The problem is that the
response following an unsuccessful bind contains too much information, and
there does not seem to be a way to break it down into individual parts. I
am using ApacheDS 2.0.0-M18, and its response consists of three parts that
I am interested in:
1) The very first line of a diagnostic message, which may look something
like this:
*Diagnostic message : 'INVALID_CREDENTIALS: Bind failed: account was
permanently locked*
2) The exception stack that follows immediately after the line in 1.
3) Bind request, which is at the tail end of the response.
Here are my issues.
1) There is no way to isolate the first line, which should really be
equivalent to Exception.getMessage(). For instance, if some remote
web-based client fails to login into my web application, there is no way to
specifically notify him about the problem, as I am forced to send him the
entire three-part response, which is too much to display in a popup.
2) The exception stack should be retrieved the same way that all stacks are
instead of being part of the actual message.
3) The bind request portion at the end of the response contains a password
in cleartext. Typically I would not mind it. But since there is no way to
break down the response, I am forced to send this back to the client along
with the other two response parts, creating a possible security problem.
My question is if there is a way to retrieve individual portions of the
response? I have looked through the API and could not figure it out. If
there is no way, is there perhaps an intention in the future releases to
break the response down into the parts I mentioned earlier?
Thank you.
Re: bind response is too detailed
Posted by Kiran Ayyagari <ka...@apache.org>.
On Mon, Mar 30, 2015 at 7:32 PM, Kiran Ayyagari <ka...@apache.org>
wrote:
> Hi John,
>
> On Fri, Mar 27, 2015 at 7:07 PM, John Strockmeyer <
> john.strockmeyer@gmail.com> wrote:
>
>> Hello. I have had this dilemma for some time now. The problem is that the
>> response following an unsuccessful bind contains too much information, and
>> there does not seem to be a way to break it down into individual parts. I
>> am using ApacheDS 2.0.0-M18, and its response consists of three parts that
>> I am interested in:
>> 1) The very first line of a diagnostic message, which may look something
>> like this:
>> *Diagnostic message : 'INVALID_CREDENTIALS: Bind failed: account
>> was
>> permanently locked*
>> 2) The exception stack that follows immediately after the line in 1.
>> 3) Bind request, which is at the tail end of the response.
>>
>> Here are my issues.
>> 1) There is no way to isolate the first line, which should really be
>> equivalent to Exception.getMessage(). For instance, if some remote
>> web-based client fails to login into my web application, there is no way
>> to
>> specifically notify him about the problem, as I am forced to send him the
>> entire three-part response, which is too much to display in a popup.
>>
> looks like the server is running with DEBUG log level on, in this case
server appends the stacktrace to the above mentioned single diagnostic
message line.
> 2) The exception stack should be retrieved the same way that all stacks are
>> instead of being part of the actual message.
>>
> the exception produced on the server cannot be filled into the exception
on the client side,
client will always have a different stacktrace
> 3) The bind request portion at the end of the response contains a password
>> in cleartext. Typically I would not mind it. But since there is no way to
>> break down the response, I am forced to send this back to the client along
>> with the other two response parts, creating a possible security problem.
>>
>> this was already fixed[1] a while ago and released with M24.
you may consider upgrading to the latest version, 1.0.0-M29, which was
recently released,
[1] https://issues.apache.org/jira/browse/DIRAPI-197
> My question is if there is a way to retrieve individual portions of the
>> response? I have looked through the API and could not figure it out. If
>> there is no way, is there perhaps an intention in the future releases to
>> break the response down into the parts I mentioned earlier?
>>
> I am going to look into this during the next weekend
>
>>
>> Thank you.
>>
>
>
>
> --
> Kiran Ayyagari
> http://keydap.com
>
--
Kiran Ayyagari
http://keydap.com
Re: bind response is too detailed
Posted by Kiran Ayyagari <ka...@apache.org>.
Hi John,
On Fri, Mar 27, 2015 at 7:07 PM, John Strockmeyer <
john.strockmeyer@gmail.com> wrote:
> Hello. I have had this dilemma for some time now. The problem is that the
> response following an unsuccessful bind contains too much information, and
> there does not seem to be a way to break it down into individual parts. I
> am using ApacheDS 2.0.0-M18, and its response consists of three parts that
> I am interested in:
> 1) The very first line of a diagnostic message, which may look something
> like this:
> *Diagnostic message : 'INVALID_CREDENTIALS: Bind failed: account was
> permanently locked*
> 2) The exception stack that follows immediately after the line in 1.
> 3) Bind request, which is at the tail end of the response.
>
> Here are my issues.
> 1) There is no way to isolate the first line, which should really be
> equivalent to Exception.getMessage(). For instance, if some remote
> web-based client fails to login into my web application, there is no way to
> specifically notify him about the problem, as I am forced to send him the
> entire three-part response, which is too much to display in a popup.
> 2) The exception stack should be retrieved the same way that all stacks are
> instead of being part of the actual message.
> 3) The bind request portion at the end of the response contains a password
> in cleartext. Typically I would not mind it. But since there is no way to
> break down the response, I am forced to send this back to the client along
> with the other two response parts, creating a possible security problem.
>
> My question is if there is a way to retrieve individual portions of the
> response? I have looked through the API and could not figure it out. If
> there is no way, is there perhaps an intention in the future releases to
> break the response down into the parts I mentioned earlier?
>
I am going to look into this during the next weekend
>
> Thank you.
>
--
Kiran Ayyagari
http://keydap.com