New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ldap Groups with '.' fail to save role mapping #1458

Closed
binelson opened this Issue Oct 1, 2015 · 4 comments

Comments

Projects
None yet
6 participants
@binelson

binelson commented Oct 1, 2015

After upgrading to graylog 1.2.0, I attempted to add in ldap group mapping. I setup the group search info correctly (System -> Users -> Configure LDAP), and graylog successfully pulled the groups in our org. However, when I go to map an ldap group to a role in graylog (eg: mapping foo.bar to the admin role), although it says that the change was saved, if I reload the group mappings page, the changes have been reverted to 'none' for the role mapping.

Many of our roles include periods ('.') which seem to be the only ones causing problems. It looks like there is a stackoverflow article to convert a period into its unicode equivalent which might be the fix here: http://stackoverflow.com/questions/8429318/how-to-use-dot-in-field-name

Relevant Logs:

2015-10-01T10:25:14.545-04:00 ERROR [AnyExceptionClassMapper] Unhandled exception in REST resource
java.lang.IllegalArgumentException: Document field names can't have a . in them. (Bad Key: 'foo.bar')
        at com.mongodb.DBCollection.validateKey(DBCollection.java:1910)
        at com.mongodb.DBCollection._checkKeys(DBCollection.java:1879)
        at com.mongodb.DBCollection._checkValue(DBCollection.java:1894)
        at com.mongodb.DBCollection._checkKeys(DBCollection.java:1870)
        at com.mongodb.DBCollection._checkObject(DBCollection.java:1856)
        at com.mongodb.DBCollectionImpl.update(DBCollectionImpl.java:258)
        at com.mongodb.DBCollection.update(DBCollection.java:214)
        at com.mongodb.DBCollection.update(DBCollection.java:247)
        at org.graylog2.database.PersistedServiceImpl.save(PersistedServiceImpl.java:199)
        at org.graylog2.rest.resources.system.ldap.LdapResource.updateGroupMappingSettings(LdapResource.java:265)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:483)
        at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory$1.invoke(ResourceMethodInvocationHandlerFactory.java:81)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:144)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:161)
        at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ResponseOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:160)
        at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:99)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:389)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:347)
        at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:102)
        at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:308)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271)
        at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
        at org.glassfish.jersey.internal.Errors.process(Errors.java:267)
        at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317)
        at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:291)
        at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1140)
        at org.graylog2.jersey.container.netty.NettyContainer.messageReceived(NettyContainer.java:356)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline$DefaultChannelHandlerContext.sendUpstream(DefaultChannelPipeline.java:791)
        at org.jboss.netty.handler.execution.ChannelUpstreamEventRunnable.doRun(ChannelUpstreamEventRunnable.java:43)
        at org.jboss.netty.handler.execution.ChannelEventRunnable.run(ChannelEventRunnable.java:67)
        at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176)
        at org.jboss.netty.handler.execution.MemoryAwareThreadPoolExecutor$MemoryAwareRunnable.run(MemoryAwareThreadPoolExecutor.java:606)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)

@joschi joschi added bug users labels Oct 1, 2015

@lordrak007

This comment has been minimized.

lordrak007 commented Oct 14, 2015

Hello,
i have same problem. When do you plan fix this?
Thank you

@bernd bernd added the ldap label Oct 14, 2015

@sergey-litvinov

This comment has been minimized.

sergey-litvinov commented Feb 15, 2016

I've also have the same problem. We use . almost in each group name like Something.QA, Something.Dev, etc. Is there any fix or at least temporary fix for that? Because without this - LDAP integration is useless for us :(

@bernd bernd added S2 P2 labels Feb 26, 2016

@kroepke kroepke self-assigned this Mar 30, 2016

@kroepke kroepke added this to the 2.0.0 milestone Mar 30, 2016

kroepke added a commit that referenced this issue Mar 31, 2016

allow dots in LDAP group names
This changes the storage format for ldap group mappings to allow storing group names with '.' in them.
Migration will be performed on read as well as during startup (once per cluster) to allow backwards compatibility in case of a downgrade.

fix #1458

@bernd bernd closed this in #2009 Apr 1, 2016

@bernd

This comment has been minimized.

Member

bernd commented Apr 1, 2016

This will be fixed in the upcoming Graylog version 2.0. Thank you for the report!

@sergey-litvinov

This comment has been minimized.

sergey-litvinov commented Apr 1, 2016

This is amazing! Thank you guys!

@kroepke kroepke added the triaged label Sep 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment