When using LDAP connector to connect to active directory, see encoding exception when can't connect

[mooreds]

When using LDAP connector to connect to active directory, see encoding exception when can't connect

Description

I'm connecting to active directory using a connector and haven't configured it correctly. When I try to log in, I get an error message.

The event log shows this message:

LDAP Connector Debug Log for [aws ad] with Id [195a0fd3-7de4-496b-a473-93c0907cad8b].

9/18/2020 04:36:46 PM UTC Attempting authentication request to application with Id [e6b49b5e-33a9-49aa-a3fd-0227d89bb924] from IP address [73.14.174.244] for [dantest1@danadtest.fusionauth.io] against the URL [ldap://192.168.0.59].
9/18/2020 04:36:46 PM UTC Attempting bind against DN [CN=Admin,OU=Users,OU=danadtest,DC=danadtest,DC=fusionauth,DC=io].
9/18/2020 04:36:46 PM UTC Bind against DN [CN=Admin,OU=Users,OU=danadtest,DC=danadtest,DC=fusionauth,DC=io] was successful.
9/18/2020 04:36:46 PM UTC Attempting search with filter [(userPrincipalName=dantest1@danadtest.fusionauth.io)].
9/18/2020 04:36:46 PM UTC Attempting bind against DN [CN=Dan Moore,OU=Users,OU=danadtest,DC=danadtest,DC=fusionauth,DC=io].
9/18/2020 04:36:46 PM UTC The response was not successful, see the error event log.

When I look at Systems -> Logs, I see the stacktrace below.

Affects versions

1.19.6

Steps to reproduce

Steps to reproduce the behavior:

1. Set up a connector to an existing active directory instance.
2. Try to log in as a user in an application in the tenant with this connector configured, but use the incorrect password.
3. See error in UX: "FusionAuth encountered an unexpected error. Please contact support for assistance. "

Here's the stack trace:

## Error updating database.  Cause: org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
### The error may involve io.fusionauth.api.domain.EventLogMapper.create-Inline
### The error occurred while setting parameters
### SQL: INSERT INTO event_logs (insert_instant, message, type) VALUES (?, ?, ?)
### Cause: org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
	at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
	at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:200)
	at org.apache.ibatis.session.defaults.DefaultSqlSession.insert(DefaultSqlSession.java:185)
	at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
	at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:59)
	at com.sun.proxy.$Proxy48.create(Unknown Source)
	at io.fusionauth.api.service.system.DefaultEventLogService.create(DefaultEventLogService.java:54)
	at io.fusionauth.api.service.system.EventLogHelper.create(EventLogHelper.java:24)
	at io.fusionauth.api.service.connector.LDAPConnector.handleLDAPError(LDAPConnector.java:248)
	at io.fusionauth.api.service.connector.LDAPConnector.bind(LDAPConnector.java:185)
	at io.fusionauth.api.service.connector.LDAPConnector.authenticate(LDAPConnector.java:101)
	at io.fusionauth.api.service.connector.LDAPConnector.authenticate(LDAPConnector.java:70)
...
Caused by: org.postgresql.util.PSQLException: ERROR: invalid byte sequence for encoding "UTF8": 0x00
	at org.postgresql.core.v3.QueryExecutorImpl.receiveErrorResponse(QueryExecutorImpl.java:2532)
	at org.postgresql.core.v3.QueryExecutorImpl.processResults(QueryExecutorImpl.java:2267)
	at org.postgresql.core.v3.QueryExecutorImpl.execute(QueryExecutorImpl.java:312)
	at org.postgresql.jdbc.PgStatement.executeInternal(PgStatement.java:448)
	at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:369)

Expected behavior

No escaping exceptions, a better log message about how the bind failed.

Platform

postgresql 10, amazon linux, AWS managed AD. I have verified that my postgresql install is using utf 8

postgres=# \l
                                  List of databases
    Name    |  Owner   | Encoding |   Collate   |    Ctype    |   Access privileges   
------------+----------+----------+-------------+-------------+-----------------------
 fusionauth | postgres | UTF8     | en_US.UTF-8 | en_US.UTF-8 | 

Additional context

This bug seems very similar to what I'm encountering: https://bugster.forgerock.org/jira/browse/OPENICF-581

This SO answer suggests just removing null characters: https://stackoverflow.com/questions/1347646/postgres-error-on-insert-error-invalid-byte-sequence-for-encoding-utf8-0x0

[robotdan]

Here is the actual Error event log that should have been produced.

Bind request to connector [AWS LDAP / AD] at [ldap://localhost:1389] failed authentication for the system account DN [CN=Admin,OU=Users,OU=danadtest,DC=danadtest,DC=fusionauth,DC=io].

Exception encountered.

Message: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090446, comment: AcceptSecurityContext error, data 52e, v2580]

[robotdan]

Planning to deliver issue #822 as well while I'm in here.