Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP authentication error #147

Closed
cesmarvin opened this issue May 11, 2012 · 7 comments
Closed

LDAP authentication error #147

cesmarvin opened this issue May 11, 2012 · 7 comments
Labels
bug Something isn't working

Comments

@cesmarvin
Copy link
Contributor

Original report by Anonymous.

Custom ldap connection has been defined and tested via 'Test Connection' successfully. When trying to login in via one of the user accounts, it fails.

Thanks.

Connection: SUCCESS
Search user: SUCCESS
Authenticate user: SUCCESS

User:

  • Name: david
  • Display Name: XXX XXXX
  • Mail: XXXX.XXXX

Groups

  • admin
  • vorstand

Console Output:

00:35:04.385 [qtp673919523-22] INFO sonia.scm.user.DefaultUserManager - create user david of type ldap
00:35:04.395 [qtp673919523-22] ERROR sonia.scm.web.security.BasicSecurityContext - authentication failed
java.lang.IllegalStateException: object is not valid
at sonia.scm.util.AssertUtil.assertIsValid(AssertUtil.java:119) ~[scm-core-1.14.jar:na]
at sonia.scm.user.DefaultUserManager.create(DefaultUserManager.java:181) ~[classes/:na]
at sonia.scm.user.DefaultUserManager.create(DefaultUserManager.java:78) ~[classes/:na]
at sonia.scm.web.security.BasicSecurityContext.authenticate(BasicSecurityContext.java:191) ~[classes/:na]
at sonia.scm.api.rest.resources.AuthenticationResource.authenticate(AuthenticationResource.java:141) [classes/:n
a]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_04]
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_04]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) ~[na:1.7.0_04]
at java.lang.reflect.Method.invoke(Unknown Source) ~[na:1.7.0_04]
at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) [jersey-bund
le-1.12.jar:1.12]
at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispa
tch(AbstractResourceMethodDispatchProvider.java:185) [jersey-bundle-1.12.jar:1.12]
at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDisp
atcher.java:75) [jersey-bundle-1.12.jar:1.12]
at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288) [jersey-bundle-1.12.jar:1
.12]
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.12
.jar:1.12]
at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) [jersey-bundle-1.12
.jar:1.12]
at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.12
.jar:1.12]
at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) [jersey-
bundle-1.12.jar:1.12]
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483) [jerse
y-bundle-1.12.jar:1.12]
at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414) [jerse
y-bundle-1.12.jar:1.12]
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363) [jersey
-bundle-1.12.jar:1.12]
at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353) [jersey
-bundle-1.12.jar:1.12]
at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414) [jersey-bundle-1.12.jar:1.12
]
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537) [jersey-bundle-1.12.
jar:1.12]
at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708) [jersey-bundle-1.12.
jar:1.12]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) [javax.servlet-2.5.0.v201103041518.jar:na]
at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) [guice-servlet-3.0.j
ar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at sonia.scm.filter.SecurityFilter.doFilter(SecurityFilter.java:123) [classes/:na]
at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at sonia.scm.web.security.ApiBasicAuthenticationFilter.doFilter(ApiBasicAuthenticationFilter.java:101) [classes/
:na]
at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at sonia.scm.filter.GZipFilter.doFilter(GZipFilter.java:78) [classes/:na]
at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at sonia.scm.filter.BaseUrlFilter.doFilter(BaseUrlFilter.java:100) [classes/:na]
at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na]
at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na]
at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja
r:na]
at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118) [guice-servlet-3.0.j
ar:na]
at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113) [guice-servlet-3.0.jar:na]
at sonia.scm.boot.BootstrapFilter.doFilter(BootstrapFilter.java:104) [classes/:na]
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1332) [jetty-servlet-7.6.3.
v20120416.jar:7.6.3.v20120416]
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:477) [jetty-servlet-7.6.3.v20120416.jar
:7.6.3.v20120416]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119) [jetty-server-7.6.3.v20120416.j
ar:7.6.3.v20120416]
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) [jetty-security-7.6.3.v20120416.j
ar:7.6.3.v20120416]
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227) [jetty-server-7.6.3.v201204
16.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031) [jetty-server-7.6.3.v20120
416.jar:7.6.3.v20120416]
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406) [jetty-servlet-7.6.3.v20120416.jar:
7.6.3.v20120416]
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186) [jetty-server-7.6.3.v2012041
6.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965) [jetty-server-7.6.3.v2012041
6.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) [jetty-server-7.6.3.v20120416.j
ar:7.6.3.v20120416]
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) [jetty-server-7.6.3.v20
120416.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) [jetty-server-7.6.3.v20120416
.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.Server.handle(Server.java:348) [jetty-server-7.6.3.v20120416.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:452) [jetty-server-
7.6.3.v20120416.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:894) [jetty-server-7.6.3.
v20120416.jar:7.6.3.v20120416]
at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:948) [jett
y-server-7.6.3.v20120416.jar:7.6.3.v20120416]
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:851) [jetty-http-7.6.3.v20120416.jar:7.6.3.v20120
416]
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [jetty-http-7.6.3.v20120416.jar:7.6.3.v
20120416]
at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77) [jetty-server-7.6.3.v2012041
6.jar:7.6.3.v20120416]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:606) [jetty-io-7.6.3.v201204
16.jar:7.6.3.v20120416]
at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46) [jetty-io-7.6.3.v20120416
.jar:7.6.3.v20120416]
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) [jetty-util-7.6.3.v20120416.
jar:7.6.3.v20120416]
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) [jetty-util-7.6.3.v20120416.j
ar:7.6.3.v20120416]
at java.lang.Thread.run(Unknown Source) [na:1.7.0_04]
@cesmarvin
Copy link
Contributor Author

Original comment by Sebastian Sdorra (Bitbucket: sdorra, GitHub: sdorra).

The returned user seems not to be valid. That means the username or mail contains illegal characters or something like this. Have a look at the links below:

@cesmarvin
Copy link
Contributor Author

Original comment by Sebastian Sdorra (Bitbucket: sdorra, GitHub: sdorra).

It is possible that you create an bitbucket account? because the notification system of bitbucket does not notify on anonymous comments.

@cesmarvin
Copy link
Contributor Author

Original comment by Sebastian Sdorra (Bitbucket: sdorra, GitHub: sdorra).

Note: I've released version 1.13 of the ldap plugin. This new version displays an error in connection test if the user is not valid.

@cesmarvin
Copy link
Contributor Author

Original comment by David Adrian (Bitbucket: dbadrian, GitHub: dbadrian).

Connection: SUCCESS
Search user: SUCCESS
Authenticate user: SUCCESS
Returned user is valid: FAILURE

EDIT: Okay, if I'm seeing this correctly:

#!java
public static boolean isMailAddressValid(String value)
  {
    return Util.isNotEmpty(value) && value.matches(REGEX_MAIL);
  }

Checks for an correct mail with this REGEX:

#!java
 private static final String REGEX_MAIL =
    "^[A-z0-9][\\w.-]*@[A-z0-9][\\w\\-\\.]+\\.[A-z0-9]{2,6}$";

If understand it correctly, then it does indeed assume an email xxx@xxx.xxx. Which for our users is not the case.

Most of our users have a couple of mail adresses and only additional mails are stored in the Attribute mail. Also, only the part before @ is stored.

For example in my user entry:
mail = david.adrian
mail = adrianjr

@cesmarvin
Copy link
Contributor Author

Original comment by Sebastian Sdorra (Bitbucket: sdorra, GitHub: sdorra).

Yes a non valid mail address could cause the problem. You could leave the mail attribute field empty to avoid that.

@cesmarvin
Copy link
Contributor Author

Original comment by David Adrian (Bitbucket: dbadrian, GitHub: dbadrian).

You mean in the area for setting up the LDAP Authentication?

Leaving it empty causes an error, as it is a required field. Entering some gibberish for an non existing attribute results in a working configuration. My login was successful and the user got added.
Though of course the mail address is now not featured under user details.

I guess this makes this "bug" resolved.

Do you think, it could be possible to introduce a sort of mail-creating rule for the mail attribute.
As in: click a checkbox and you get an area where you can enter the part following @
so that 'value from mail attribute' + @ + 'what you enter in the area' makes up the final email address.

Not sure if we are such a special case with our mail attribute behavior, that its worth your effort.

@cesmarvin
Copy link
Contributor Author

Original comment by Sebastian Sdorra (Bitbucket: sdorra, GitHub: sdorra).

I have to think about an mail domain field for the ldap authentication.

@cesmarvin cesmarvin added blocker bug Something isn't working labels Mar 9, 2020
@snyk-bot snyk-bot mentioned this issue Aug 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cesmarvin