Before reporting an issue
Area
ldap
Describe the bug
This error occurs:
2024-01-03 21:00:15,793 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-2) Uncaught server error: java.lang.NullPointerException: Cannot invoke "org.keycloak.storage.ldap.idm.model.LDAPDn$RDN.getAttrValue(String)" because the return value of "org.keycloak.storage.ldap.idm.model.LDAPDn.getFirstRdn()" is null
at org.keycloak.storage.ldap.mappers.membership.MembershipType$1.getLDAPMembersWithParent(MembershipType.java:66)
at org.keycloak.storage.ldap.mappers.membership.MembershipType$1.getLDAPSubgroups(MembershipType.java:53)
at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.getLDAPSubgroups(GroupLDAPStorageMapper.java:152)
at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.convertGroupsToInternalRep(GroupLDAPStorageMapper.java:241)
at org.keycloak.storage.ldap.mappers.membership.group.GroupLDAPStorageMapper.syncDataFromFederationProviderToKeycloak(GroupLDAPStorageMapper.java:177)
at org.keycloak.services.resources.admin.UserStorageProviderResource.syncMapperData(UserStorageProviderResource.java:255)
at org.keycloak.services.resources.admin.UserStorageProviderResource$quarkusrestinvoker$syncMapperData_7d7259fd8f486e4638b0a2f1d3b37905909372a0.invoke(Unknown Source)
at org.jboss.resteasy.reactive.server.handlers.InvocationHandler.handle(InvocationHandler.java:29)
at io.quarkus.resteasy.reactive.server.runtime.QuarkusResteasyReactiveRequestContext.invokeHandler(QuarkusResteasyReactiveRequestContext.java:141)
at org.jboss.resteasy.reactive.common.core.AbstractResteasyReactiveContext.run(AbstractResteasyReactiveContext.java:145)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:576)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2513)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1538)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:840
when a empty member: attribute exists in the LDAP-group like this:
dn: cn=test,ou=groups,dc=example,dc=com
objectClass: groupOfNames
cn: test
member:
member: uid=dev,ou=People,dc=example,dc=com
such a member may be automatically created by various tools for empty groups. It should not cause the whole import for ALL groups to fail (or the entire sync).
Version
23.0.3
Expected behavior
a) Nothing happens, an empty member is ignored (my opinion)
b) At least just skip the group and import the rest
Actual behavior
Whole sync/group import crashes with "unknown_error" in web-interface and the above error in the log.
How to Reproduce?
Create an empty group with via ldapmodify or something and see how this create an empty member: entry which is not removed once a member is added and cause the LDAP provide to crash during sync with the above error.
Anything else?
This Bug started to occur somewhere between 20.0.3 and 22.0.2. It definitely worked on 20.0.3.
Before reporting an issue
Area
ldap
Describe the bug
This error occurs:
when a empty member: attribute exists in the LDAP-group like this:
such a member may be automatically created by various tools for empty groups. It should not cause the whole import for ALL groups to fail (or the entire sync).
Version
23.0.3
Expected behavior
a) Nothing happens, an empty member is ignored (my opinion)
b) At least just skip the group and import the rest
Actual behavior
Whole sync/group import crashes with "unknown_error" in web-interface and the above error in the log.
How to Reproduce?
Create an empty group with via ldapmodify or something and see how this create an empty member: entry which is not removed once a member is added and cause the LDAP provide to crash during sync with the above error.
Anything else?
This Bug started to occur somewhere between 20.0.3 and 22.0.2. It definitely worked on 20.0.3.