Anonymous LDAP login fails

[gitblit]

Originally reported on Google Code with ID 297

What steps will reproduce the problem?
1. Leave the properties realm.ldap.username and realm.ldap.password blank or comment
them;
2. Start gitblit and try to logon;
3. See command line error.

What is the expected output? What do you see instead?
I expect to logon to gitblit, instead there is an exception connecting to LDAP server.

ERROR Error Connecting to LDAP
LDAPException(resultCode=34 (invalid DN syntax), errorMessage='invalid DN syntax')
        at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1816)
        at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:616)
        at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:513)
        at com.gitblit.LdapUserService.getLdapConnection(LdapUserService.java:179)
        at com.gitblit.LdapUserService.authenticate(LdapUserService.java:265)
        at com.gitblit.GitBlit.authenticate(GitBlit.java:811)
        at com.gitblit.wicket.pages.RootPage$LoginForm$1.onSubmit(RootPage.java:530)
        at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1595)
        at org.apache.wicket.markup.html.form.Form.process(Form.java:960)
        at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:922)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:182)
        at org.apache.wicket.request.target.component.listener.ListenerInterfaceRequestTarget.processEvents(ListenerInterfaceRequestTarget.java:73)
        at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:92)
        at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1279)
        at org.apache.wicket.RequestCycle.step(RequestCycle.java:1358)
        at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1465)
        at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
        at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:486)
        at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:319)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)
        at com.gitblit.EnforceAuthenticationFilter.doFilter(EnforceAuthenticationFilter.java:87)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:445)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:556)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:363)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
        at java.lang.Thread.run(Thread.java:662)

What version of the product are you using? On what operating system?
Gitblit 1.3.1 in Windows 7 x64, Windows 2003 and Linux CentOS 6.4

Please provide any additional information below.
According to the documentation (https://www.unboundid.com/products/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/LDAPConnection.html)
there are different constructors to create authenticated or unauthenticated LDAP connections.

In method (http://code.google.com/p/gitblit/source/browse/src/main/java/com/gitblit/LdapUserService.java#179)
com.gitblit.LdapUserService.getLdapConnection(), if the call to LDAPConnection constructor
sends bindUserName and bindPassword as zero length strings the exception LDAPException(resultCode=34
(invalid DN syntax), errorMessage='invalid DN syntax') occurs.

Reported by titonobre on 2013-08-13 14:27:21

[gitblit]

This scenario is not currently supported.

Reported by James.Moger on 2013-08-13 14:35:37

[gitblit]

In gitblit.properties (around line 1253) says 

# Login username for LDAP searches.
# If this value is unspecified, anonymous LDAP login will be used.
# 
# e.g. mydomain\\username
#
# SINCE 1.0.0
realm.ldap.username = cn=Directory Manager

So, it seems there is a discrepancy between the documentation and the supported functionality.
Therefore, please consider this as an enhancement.

Reported by titonobre on 2013-08-13 14:45:36

[gitblit]

Ah.  You got me.  :)  I missed that in the settings and evidently so far no one has
needed that combination.

I will add it in, if you will build from source and test it.

Reported by James.Moger on 2013-08-13 15:04:41

[gitblit]

I have pushed a change for this issue which will use the correct constructor when the
LDAP credentials are unspecified.

Reported by James.Moger on 2013-08-16 13:47:40

• Status changed: Queued
• Labels added: Milestone-1.3.2

[gitblit]

Tested and working fine!

Environment: 
Gitblit v1.3.2-SNAPSHOT built from source 
Windows 7 x64 and Linux CentOS 6.4

Properties:
with empty values
realm.ldap.username = 
realm.ldap.password = 

and commented lines
#realm.ldap.username = 
#realm.ldap.password = 

Thank you for the fast response!

Best regards,
Tito

Reported by titonobre on 2013-08-19 15:02:09

[gitblit]

Fixed/change deployed in v1.3.2.

Reported by James.Moger on 2013-08-22 17:17:52

• Status changed: Done