[jira] [Commented] (QPID-8623) [Broker-J] AESKeyFile encryption breaks SimpleLDAPAuthenticationManager user search

["ASF subversion and git services (Jira)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/QPID-8623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17726099#comment-17726099 ] 

ASF subversion and git services commented on QPID-8623:
-------------------------------------------------------

Commit 2371e1973cfd1787be94f3e10c290401bb20074f in qpid-broker-j's branch refs/heads/main from Daniil Kirilyuk
[ https://gitbox.apache.org/repos/asf?p=qpid-broker-j.git;h=2371e1973c ]

QPID-8623: [Broker-J] AESKeyFile encryption breaks SimpleLDAPAuthenticationManager user search (#186)



> [Broker-J] AESKeyFile encryption breaks SimpleLDAPAuthenticationManager user search
> -----------------------------------------------------------------------------------
>
>                 Key: QPID-8623
>                 URL: https://issues.apache.org/jira/browse/QPID-8623
>             Project: Qpid
>          Issue Type: Bug
>          Components: Broker-J
>    Affects Versions: qpid-java-broker-9.0.0
>            Reporter: Daniil Kirilyuk
>            Priority: Major
>             Fix For: qpid-java-broker-9.0.1
>
>
> When enabling AESKeyFile configuration encryption and trying to authenticate via SimpleLDAPAuthenticationManager an error happens with the following stacktrace:
>  
> {code:java}
> 2023-02-14T20:58:22,270Z WARN [qtp453021524-123] (o.a.q.s.s.a.m.SimpleLDAPAuthenticationManagerImpl) - Retrieving LDAP name for user 'xxxxxx' resulted in error.
> javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563 ]
> at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)
> at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
> at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2991)
> at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2905)
> at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
> at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266)
> at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
> at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284)
> at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
> at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
> at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
> at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
> at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
> at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
> at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
> at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.lambda$createInitialDirContext$2(SimpleLDAPAuthenticationManagerImpl.java:602)
> at java.base/java.security.AccessController.doPrivileged(Native Method)
> at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
> at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.invokeContextOperationAs(SimpleLDAPAuthenticationManagerImpl.java:796)
> at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.createInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:602) {code}
> It seems that AESKeyFile encryption might not be working correctly with SimpleLDAP: perhaps the password is encrypted in the config.json isn't being decrypted before LDAP is checked.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@qpid.apache.org
For additional commands, e-mail: dev-help@qpid.apache.org