You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-commits@jackrabbit.apache.org by tr...@apache.org on 2015/10/02 20:45:02 UTC

svn commit: r1706463 - in /jackrabbit/oak/branches/1.2/oak-auth-ldap/src: main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/ test/java/org/apache/jackrabbit/oak/security/authentication/ldap/ test/resources/org/apache/jackrabbit/oak/...

Author: tripod
Date: Fri Oct  2 18:45:01 2015
New Revision: 1706463

URL: http://svn.apache.org/viewvc?rev=1706463&view=rev
Log:
OAK-3396 NPE during syncAllExternalUsers in LdapIdentityProvider.createUser

Added:
    jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif
Modified:
    jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
    jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java

Modified: jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java?rev=1706463&r1=1706462&r2=1706463&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java (original)
+++ jackrabbit/oak/branches/1.2/oak-auth-ldap/src/main/java/org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProvider.java Fri Oct  2 18:45:01 2015
@@ -701,7 +701,13 @@ public class LdapIdentityProvider implem
             throws LdapInvalidAttributeValueException {
         ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
         if (id == null) {
-            id = entry.get(config.getUserConfig().getIdAttribute()).getString();
+            String idAttribute = config.getUserConfig().getIdAttribute();
+            Attribute attr = entry.get(idAttribute);
+            if (attr == null) {
+                throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
+                        "no value found for attribute '" + idAttribute + "' for entry " + entry);
+            }
+            id = attr.getString();
         }
         String path = config.getUserConfig().makeDnPath()
                 ? createDNPath(entry.getDn())
@@ -717,7 +723,13 @@ public class LdapIdentityProvider implem
             throws LdapInvalidAttributeValueException {
         ExternalIdentityRef ref = new ExternalIdentityRef(entry.getDn().getName(), this.getName());
         if (name == null) {
-            name = entry.get(config.getGroupConfig().getIdAttribute()).getString();
+            String idAttribute = config.getGroupConfig().getIdAttribute();
+            Attribute attr = entry.get(idAttribute);
+            if (attr == null) {
+                throw new LdapInvalidAttributeValueException(ResultCodeEnum.CONSTRAINT_VIOLATION,
+                        "no value found for attribute '" + idAttribute + "' for entry " + entry);
+            }
+            name = attr.getString();
         }
         String path = config.getGroupConfig().makeDnPath()
                 ? createDNPath(entry.getDn())

Modified: jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java?rev=1706463&r1=1706462&r2=1706463&view=diff
==============================================================================
--- jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java (original)
+++ jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/java/org/apache/jackrabbit/oak/security/authentication/ldap/LdapProviderTest.java Fri Oct  2 18:45:01 2015
@@ -21,6 +21,7 @@ import java.io.InputStream;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
+import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -61,6 +62,8 @@ public class LdapProviderTest {
 
     private static final String TUTORIAL_LDIF = "apache-ds-tutorial.ldif";
 
+    private static final String ERRONEOUS_LDIF = "erroneous.ldif";
+
     public static final String IDP_NAME = "ldap";
 
     protected LdapIdentityProvider idp;
@@ -163,6 +166,25 @@ public class LdapProviderTest {
         assertTrue("User instance", id instanceof ExternalUser);
         assertEquals("User ID", TEST_USER1_UID, id.getId());
     }
+    
+    /**
+     * Test case to reproduce OAK-3396 where an ldap user entry
+     * without a uid caused a NullpointerException in LdapIdentityProvider.createUser
+     */
+    @Test
+    public void testListUsersWithMissingUid() throws Exception {
+        // the ERRONEOUS_LDIF contains an entry without uid
+        InputStream erroneousDIF = LdapProviderTest.class.getResourceAsStream(ERRONEOUS_LDIF);
+        LDAP_SERVER.loadLdif(erroneousDIF);
+        Iterator<ExternalUser> users = idp.listUsers();
+        // without the LdapInvalidAttributeValueException a NPE would result here:
+        while(users.hasNext()) {
+            ExternalUser user = users.next();
+            // the 'Faulty Entry' of the ERRONEOUS_LDIF should be filtered out
+            // (by LdapIdentityProvider.listUsers.getNext())
+            assertTrue(!user.getPrincipalName().startsWith("cn=Faulty Entry"));
+        }
+    }
 
     @Test
     public void testGetUserByUserId() throws Exception {

Added: jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif
URL: http://svn.apache.org/viewvc/jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif?rev=1706463&view=auto
==============================================================================
--- jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif (added)
+++ jackrabbit/oak/branches/1.2/oak-auth-ldap/src/test/resources/org/apache/jackrabbit/oak/security/authentication/ldap/erroneous.ldif Fri Oct  2 18:45:01 2015
@@ -0,0 +1,40 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Sample LDIF data containing a faulty entry (without uid)
+#
+version: 1
+
+dn: ou=faulty,ou=groups,ou=system
+objectclass: organizationalUnit
+objectclass: top
+description: Contains a faulty entry
+ou: faulty
+
+# Faulty entry without uid
+# ---------
+dn: cn=Faulty Entry,ou=users,ou=system
+objectclass: person
+objectclass: organizationalPerson
+objectclass: inetOrgPerson
+objectclass: top
+cn: Faulty Entry
+description: Example erroneous entry
+givenname: Faulty
+sn: Entry
+mail: no-reply@no.reply
+userpassword: foobar