You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cloudstack.apache.org by "Mice Xia (JIRA)" <ji...@apache.org> on 2013/02/05 04:28:12 UTC
[jira] [Resolved] (CLOUDSTACK-1142) Testing LDAP Auth Failed - due
to "%" being illegal character in queryfilter
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mice Xia resolved CLOUDSTACK-1142.
----------------------------------
Resolution: Fixed
[root cause]
API parameter was incorrectly URL.decoded twice, for queryfilter, first time it is decoded as :
queryfilter=%28%26%28mail%3D%25e%29%29 --> queryfilter=(&(mail=%e)
second time an error was raised when trying to decode "(&(mail=%e)"
[change]
make parameters only decoded once
commit master: d8062e5633d884136cd532aad294c6c17ca702a5
4.1: dcb2e5a8ed750af483d28963f3cf97b6bad70239
> Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter
> ----------------------------------------------------------------------------
>
> Key: CLOUDSTACK-1142
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1142
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: API, Management Server
> Affects Versions: 4.1.0
> Environment: CentOS 6.3 with CloudStack 4.1 from git on 02/01/2013
> Reporter: ilya musayev
> Assignee: Mice Xia
> Priority: Blocker
> Labels: LDAP
>
> While attempting to test the LdapConfig command, i was unable to succesefully execute the API command due to
> { "ldapconfigresponse" : {"errorcode":431,"cserrorcode":9999,"errortext":"queryfilter could not be decoded, received value (sAMAccountName=%u) which contains illegal characters eg.%"} }
> This command i'm executing has worked successfully on 4.0, however its broken in latest 4.1 from git. Everything has been encoded properly and i use 8096 to bypass auth mechanism.
> Is there a reason why "%" became an illegal character when i ran this command? Please update the documentation if its no longer required to use "%" as in (sAMAccountName=%u) in query filter with alternate solution.
> If i alter the query filter and make it such that (sAMAccountName=u) is no longer there - it works.
> In my attempt to login with user that is on AD LDAP - i get this error:
> java.lang.NullPointerException
> at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
> at com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:263)
> at com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:254)
> at com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:202)
> at com.cloud.server.auth.LDAPUserAuthenticator.authenticate(LDAPUserAuthenticator.java:117)
> at com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:1901)
> at com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1772)
> at com.cloud.api.ApiServer.loginUser(ApiServer.java:763)
> at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:218)
> at com.cloud.api.ApiServlet.doPost(ApiServlet.java:76)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
> at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
> at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
> at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
> at org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Thanks
> ilya
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
RE: [jira] [Resolved] (CLOUDSTACK-1142) Testing LDAP Auth Failed -
due to "%" being illegal character in queryfilter
Posted by "Musayev, Ilya" <im...@webmd.net>.
Thanks Mice,
I will try this out tomorrow and let you know if it worked.
-----Original Message-----
From: Mice Xia (JIRA) [mailto:jira@apache.org]
Sent: Monday, February 04, 2013 10:28 PM
To: cloudstack-dev@incubator.apache.org
Subject: [jira] [Resolved] (CLOUDSTACK-1142) Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter
[ https://issues.apache.org/jira/browse/CLOUDSTACK-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Mice Xia resolved CLOUDSTACK-1142.
----------------------------------
Resolution: Fixed
[root cause]
API parameter was incorrectly URL.decoded twice, for queryfilter, first time it is decoded as :
queryfilter=%28%26%28mail%3D%25e%29%29 --> queryfilter=(&(mail=%e)
second time an error was raised when trying to decode "(&(mail=%e)"
[change]
make parameters only decoded once
commit master: d8062e5633d884136cd532aad294c6c17ca702a5
4.1: dcb2e5a8ed750af483d28963f3cf97b6bad70239
> Testing LDAP Auth Failed - due to "%" being illegal character in
> queryfilter
> ----------------------------------------------------------------------
> ------
>
> Key: CLOUDSTACK-1142
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1142
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the default.)
> Components: API, Management Server
> Affects Versions: 4.1.0
> Environment: CentOS 6.3 with CloudStack 4.1 from git on 02/01/2013
> Reporter: ilya musayev
> Assignee: Mice Xia
> Priority: Blocker
> Labels: LDAP
>
> While attempting to test the LdapConfig command, i was unable to
> succesefully execute the API command due to { "ldapconfigresponse" :
> {"errorcode":431,"cserrorcode":9999,"errortext":"queryfilter could not be decoded, received value (sAMAccountName=%u) which contains illegal characters eg.%"} } This command i'm executing has worked successfully on 4.0, however its broken in latest 4.1 from git. Everything has been encoded properly and i use 8096 to bypass auth mechanism.
> Is there a reason why "%" became an illegal character when i ran this command? Please update the documentation if its no longer required to use "%" as in (sAMAccountName=%u) in query filter with alternate solution.
> If i alter the query filter and make it such that (sAMAccountName=u) is no longer there - it works.
> In my attempt to login with user that is on AD LDAP - i get this error:
> java.lang.NullPointerException
> at com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
> at com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:263)
> at com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:254)
> at com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:202)
> at com.cloud.server.auth.LDAPUserAuthenticator.authenticate(LDAPUserAuthenticator.java:117)
> at com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:1901)
> at com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1772)
> at com.cloud.api.ApiServer.loginUser(ApiServer.java:763)
> at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:218)
> at com.cloud.api.ApiServlet.doPost(ApiServlet.java:76)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
> at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
> at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
> at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
> at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
> at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
> at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
> at org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
> at org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
> at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
> at org.mortbay.jetty.Server.handle(Server.java:326)
> at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
> at org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
> at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
> at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
> at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
> at org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.ja
> va:582)
> Thanks
> ilya
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira