Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Anonymous LDAP login fails #593

Closed
gitblit opened this issue Aug 12, 2015 · 6 comments
Closed

Anonymous LDAP login fails #593

gitblit opened this issue Aug 12, 2015 · 6 comments

Comments

@gitblit
Copy link
Owner

@gitblit gitblit commented Aug 12, 2015

Originally reported on Google Code with ID 297

What steps will reproduce the problem?
1. Leave the properties realm.ldap.username and realm.ldap.password blank or comment
them;
2. Start gitblit and try to logon;
3. See command line error.

What is the expected output? What do you see instead?
I expect to logon to gitblit, instead there is an exception connecting to LDAP server.

ERROR Error Connecting to LDAP
LDAPException(resultCode=34 (invalid DN syntax), errorMessage='invalid DN syntax')
        at com.unboundid.ldap.sdk.LDAPConnection.bind(LDAPConnection.java:1816)
        at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:616)
        at com.unboundid.ldap.sdk.LDAPConnection.<init>(LDAPConnection.java:513)
        at com.gitblit.LdapUserService.getLdapConnection(LdapUserService.java:179)
        at com.gitblit.LdapUserService.authenticate(LdapUserService.java:265)
        at com.gitblit.GitBlit.authenticate(GitBlit.java:811)
        at com.gitblit.wicket.pages.RootPage$LoginForm$1.onSubmit(RootPage.java:530)
        at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1595)
        at org.apache.wicket.markup.html.form.Form.process(Form.java:960)
        at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:922)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.wicket.RequestListenerInterface.invoke(RequestListenerInterface.java:182)
        at org.apache.wicket.request.target.component.listener.ListenerInterfaceRequestTarget.processEvents(ListenerInterfaceRequestTarget.java:73)
        at org.apache.wicket.request.AbstractRequestCycleProcessor.processEvents(AbstractRequestCycleProcessor.java:92)
        at org.apache.wicket.RequestCycle.processEventsAndRespond(RequestCycle.java:1279)
        at org.apache.wicket.RequestCycle.step(RequestCycle.java:1358)
        at org.apache.wicket.RequestCycle.steps(RequestCycle.java:1465)
        at org.apache.wicket.RequestCycle.request(RequestCycle.java:545)
        at org.apache.wicket.protocol.http.WicketFilter.doGet(WicketFilter.java:486)
        at org.apache.wicket.protocol.http.WicketFilter.doFilter(WicketFilter.java:319)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)
        at com.gitblit.EnforceAuthenticationFilter.doFilter(EnforceAuthenticationFilter.java:87)
        at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1300)
        at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:445)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:556)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1038)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:374)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:189)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:972)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
        at org.eclipse.jetty.server.Server.handle(Server.java:363)
        at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:483)
        at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:931)
        at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:992)
        at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:856)
        at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
        at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
        at org.eclipse.jetty.io.nio.SslConnection.handle(SslConnection.java:196)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:628)
        at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:608)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:543)
        at java.lang.Thread.run(Thread.java:662)

What version of the product are you using? On what operating system?
Gitblit 1.3.1 in Windows 7 x64, Windows 2003 and Linux CentOS 6.4

Please provide any additional information below.
According to the documentation (https://www.unboundid.com/products/ldap-sdk/docs/javadoc/com/unboundid/ldap/sdk/LDAPConnection.html)
there are different constructors to create authenticated or unauthenticated LDAP connections.

In method (http://code.google.com/p/gitblit/source/browse/src/main/java/com/gitblit/LdapUserService.java#179)
com.gitblit.LdapUserService.getLdapConnection(), if the call to LDAPConnection constructor
sends bindUserName and bindPassword as zero length strings the exception LDAPException(resultCode=34
(invalid DN syntax), errorMessage='invalid DN syntax') occurs.

Reported by titonobre on 2013-08-13 14:27:21

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

This scenario is not currently supported.

Reported by James.Moger on 2013-08-13 14:35:37

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

In gitblit.properties (around line 1253) says 

# Login username for LDAP searches.
# If this value is unspecified, anonymous LDAP login will be used.
# 
# e.g. mydomain\\username
#
# SINCE 1.0.0
realm.ldap.username = cn=Directory Manager

So, it seems there is a discrepancy between the documentation and the supported functionality.
Therefore, please consider this as an enhancement.

Reported by titonobre on 2013-08-13 14:45:36

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Ah.  You got me.  :)  I missed that in the settings and evidently so far no one has
needed that combination.

I will add it in, if you will build from source and test it.

Reported by James.Moger on 2013-08-13 15:04:41

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

I have pushed a change for this issue which will use the correct constructor when the
LDAP credentials are unspecified.

Reported by James.Moger on 2013-08-16 13:47:40

  • Status changed: Queued
  • Labels added: Milestone-1.3.2

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Tested and working fine!

Environment: 
Gitblit v1.3.2-SNAPSHOT built from source 
Windows 7 x64 and Linux CentOS 6.4

Properties:
with empty values
realm.ldap.username = 
realm.ldap.password = 

and commented lines
#realm.ldap.username = 
#realm.ldap.password = 

Thank you for the fast response!

Best regards,
Tito

Reported by titonobre on 2013-08-19 15:02:09

@gitblit
Copy link
Owner Author

@gitblit gitblit commented Aug 12, 2015

Fixed/change deployed in v1.3.2.

Reported by James.Moger on 2013-08-22 17:17:52

  • Status changed: Done

@gitblit gitblit closed this as completed Aug 12, 2015
@flaix flaix added this to the 1.3.2 milestone Dec 13, 2016
@flaix flaix added this to the 1.3.2 milestone Dec 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants