You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Ralf Hauser (JIRA)" <ji...@apache.org> on 2006/06/11 15:18:29 UTC
[jira] Created: (DIRSERVER-640) bring error hints from
CustomAuthenticators extending AbstractAuthenticator back to the client.
bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
-----------------------------------------------------------------------------------------------
Key: DIRSERVER-640
URL: http://issues.apache.org/jira/browse/DIRSERVER-640
Project: Directory ApacheDS
Type: Improvement
Components: ldap
Versions: 1.0-RC3
Environment: windows/linux
Reporter: Ralf Hauser
For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException and I appreciate a lot to be able to provide some hint (String explanation) why the exception was thrown.
Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind failed" - the equivalent is visible in the server log as
<<Ldap Result
Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
Matched DN : 'null'
Error message : 'Bind failed'>>
It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
where that expception is caught, neither its class is analyzed in detail nor is there any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException constructor does exist that takes a "msg" for explanations.
Therefore my suggestion: please make sure that it is possible to provide a user more information by optionally appending an "explantion" to the 'Bind failed' a client currently sees in an ldap client.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (DIRSERVER-640) bring error hints from
CustomAuthenticators extending AbstractAuthenticator back to the client.
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-640:
----------------------------------------
Fix Version/s: (was: 1.5.6)
2.0.0-RC1
Moved to 2.0.0-RC1, we won't release a 1.5.6
> bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
> -----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-640
> URL: https://issues.apache.org/jira/browse/DIRSERVER-640
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.0-RC3
> Environment: windows/linux
> Reporter: Ralf Hauser
> Fix For: 2.0.0-RC1
>
> Attachments: AuthenticationService.java.patch
>
>
> For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
> If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException and I appreciate a lot to be able to provide some hint (String explanation) why the exception was thrown.
> Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind failed" - the equivalent is visible in the server log as
> <<Ldap Result
> Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
> Matched DN : 'null'
> Error message : 'Bind failed'>>
> It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
> where that expception is caught, neither its class is analyzed in detail nor is there any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException constructor does exist that takes a "msg" for explanations.
> Therefore my suggestion: please make sure that it is possible to provide a user more information by optionally appending an "explantion" to the 'Bind failed' a client currently sees in an ldap client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (DIRSERVER-640) bring error hints from
CustomAuthenticators extending AbstractAuthenticator back to the client.
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny resolved DIRSERVER-640.
-----------------------------------------
Resolution: Won't Fix
Providing more information is a potential security breach. Enough to say that the authent failed, no need to tell the user why (ie, if we tell him that the credentials are not correct, then that implies the user name exists)
> bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
> -----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-640
> URL: https://issues.apache.org/jira/browse/DIRSERVER-640
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.0-RC3
> Environment: windows/linux
> Reporter: Ralf Hauser
> Fix For: 2.0.0-RC1
>
> Attachments: AuthenticationService.java.patch
>
>
> For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
> If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException and I appreciate a lot to be able to provide some hint (String explanation) why the exception was thrown.
> Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind failed" - the equivalent is visible in the server log as
> <<Ldap Result
> Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
> Matched DN : 'null'
> Error message : 'Bind failed'>>
> It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
> where that expception is caught, neither its class is analyzed in detail nor is there any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException constructor does exist that takes a "msg" for explanations.
> Therefore my suggestion: please make sure that it is possible to provide a user more information by optionally appending an "explantion" to the 'Bind failed' a client currently sees in an ldap client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DIRSERVER-640) bring error hints from
CustomAuthenticators extending AbstractAuthenticator back to the client.
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Alex Karasulu updated DIRSERVER-640:
------------------------------------
Fix Version/s: (was: 1.5.4)
1.5.6
Postponed for authn/authz push in 1.5.6 when all these issues can be tackled.
> bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
> -----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-640
> URL: https://issues.apache.org/jira/browse/DIRSERVER-640
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.0-RC3
> Environment: windows/linux
> Reporter: Ralf Hauser
> Fix For: 1.5.6
>
> Attachments: AuthenticationService.java.patch
>
>
> For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
> If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException and I appreciate a lot to be able to provide some hint (String explanation) why the exception was thrown.
> Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind failed" - the equivalent is visible in the server log as
> <<Ldap Result
> Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
> Matched DN : 'null'
> Error message : 'Bind failed'>>
> It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
> where that expception is caught, neither its class is analyzed in detail nor is there any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException constructor does exist that takes a "msg" for explanations.
> Therefore my suggestion: please make sure that it is possible to provide a user more information by optionally appending an "explantion" to the 'Bind failed' a client currently sees in an ldap client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DIRSERVER-640) bring error hints from
CustomAuthenticators extending AbstractAuthenticator back to the client.
Posted by "Emmanuel Lecharny (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/DIRSERVER-640?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emmanuel Lecharny updated DIRSERVER-640:
----------------------------------------
Fix Version/s: 1.5.4
Postponed
> bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
> -----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-640
> URL: https://issues.apache.org/jira/browse/DIRSERVER-640
> Project: Directory ApacheDS
> Issue Type: Improvement
> Components: ldap
> Affects Versions: 1.0-RC3
> Environment: windows/linux
> Reporter: Ralf Hauser
> Fix For: 1.5.4
>
> Attachments: AuthenticationService.java.patch
>
>
> For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
> If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException and I appreciate a lot to be able to provide some hint (String explanation) why the exception was thrown.
> Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind failed" - the equivalent is visible in the server log as
> <<Ldap Result
> Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
> Matched DN : 'null'
> Error message : 'Bind failed'>>
> It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
> where that expception is caught, neither its class is analyzed in detail nor is there any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException constructor does exist that takes a "msg" for explanations.
> Therefore my suggestion: please make sure that it is possible to provide a user more information by optionally appending an "explantion" to the 'Bind failed' a client currently sees in an ldap client.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (DIRSERVER-640) bring error hints from
CustomAuthenticators extending AbstractAuthenticator back to the client.
Posted by "Ralf Hauser (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-640?page=all ]
Ralf Hauser updated DIRSERVER-640:
----------------------------------
Attachment: AuthenticationService.java.patch
see also DIRSERVER-649
> bring error hints from CustomAuthenticators extending AbstractAuthenticator back to the client.
> -----------------------------------------------------------------------------------------------
>
> Key: DIRSERVER-640
> URL: http://issues.apache.org/jira/browse/DIRSERVER-640
> Project: Directory ApacheDS
> Type: Improvement
> Components: ldap
> Versions: 1.0-RC3
> Environment: windows/linux
> Reporter: Ralf Hauser
> Attachments: AuthenticationService.java.patch
>
> For the authentication, I use a CustomAuthenticator that extends AbstractAuthenticator.
> If the authentication fails I use LdapAuthenticationException or LdapNoPermissionException and I appreciate a lot to be able to provide some hint (String explanation) why the exception was thrown.
> Unfortunately, this hint never reaches the client. I only sees "error code 49 - Bind failed" - the equivalent is visible in the server log as
> <<Ldap Result
> Result code : (ResultCodeEnum[INVALIDCREDENTIALS=49]) invalidCredentials
> Matched DN : 'null'
> Error message : 'Bind failed'>>
> It appears that the culprit is org.apache.directory.server.core.authn.AuthenticationService.bind(NextInterceptor next, Name bindDn, byte[] credentials, List mechanisms, String saslAuthId) throws NamingException
> where that expception is caught, neither its class is analyzed in detail nor is there any attempt to use "explanations" when re-throwing even though an LdapAuthenticationException constructor does exist that takes a "msg" for explanations.
> Therefore my suggestion: please make sure that it is possible to provide a user more information by optionally appending an "explantion" to the 'Bind failed' a client currently sees in an ldap client.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira