Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

LDAP-132: base context is lost on IBM JVM #170

spring-issuemaster opened this Issue Sep 28, 2008 · 6 comments


None yet
1 participant

Claus Ibsen(Migrated from LDAP-132) said:

I had to add this workaround to get it working on IBM JVM

            String dn = context.getDn().toString();
            if (!dn.endsWith(base)) {
                // IBM JVM workaround as it returns without the base (see BS-150)
                dn = dn + ", " + base;

Without this the DB had lost the base (in my case its o=HS)
It works fine on SUN JVM 1.4 and 1.5.

I use these .jars:

Claus Ibsen said:

The code runnin on IBM JVM. Notice this log line:
2008-09-29 12:02:05,781 DEBUG - Principal: 'cn=TEST0022, ou=E4, ou=E, ou=E., ou=BH'
It is missing the last o=HS

2008-09-29 12:02:05,766 DEBUG - UserInformation: dn='cn=TEST0022, ou=E4, ou=E, ou=E., ou=BH' name='Test Estesen'
2008-09-29 12:02:05,766 DEBUG - Checking if user can login. password [Test0022]
2008-09-29 12:02:05,781 DEBUG - Not using LDAP pooling
2008-09-29 12:02:05,781 DEBUG - Trying provider Urls: ldap://XXXX:389
2008-09-29 12:02:05,781 DEBUG - Principal: 'cn=TEST0022, ou=E4, ou=E, ou=E., ou=BH'
Exception in thread "main" dk.rhos.integration.caps.capsauth.LdapServiceException: FAILED — User 'TEST0022' can not lo
Exception: [LDAP: error code 32 - NDS error: no such entry (-601)]
Caused by: org.springframework.ldap.AuthenticationException: [LDAP: error code 32 - NDS error: no such entry (-601)]; ne
Caused by: javax.naming.AuthenticationException: [LDAP: error code 32 - NDS error: no such entry (-601)]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:289)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2657)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:307)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:190)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:208)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:151)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:81)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:675)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:257)
at javax.naming.InitialContext.init(InitialContext.java:233)
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:145)
at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:60)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:223)
at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:12
at dk.rhos.integration.caps.capsauth.CapsAuthService.doCanLogin(CapsAuthService.java:107)

Claus Ibsen said:

And running on SUN JVM it works. Notice the principal has o=HS

2008-09-29 13:12:16,054 DEBUG - Checking if user can login. password [Test0022]
2008-09-29 13:12:16,054 DEBUG - Not using LDAP pooling
2008-09-29 13:12:16,055 DEBUG - Trying provider Urls: ldap:// =HS
2008-09-29 13:12:16,055 DEBUG - Principal: 'cn=TEST0022, ou=E4, ou=E, ou=E., ou= BH, o=HS'
2008-09-29 13:12:16,073 DEBUG - Got Ldap context on server 'ldap://XXXXXX :389/o=HS'
2008-09-29 13:12:16,074 DEBUG - User [TEST0022] can login
2008-09-29 13:12:16,074 INFO - Can login5: true

Claus Ibsen said:

Source code

Mattias Hellborg Arthursson said:

What if you use DirContextAdapter#getNameInNamespace()? Does that work?

Ulrik Sandberg said:

Is this still valid?

Claus Ibsen said:

I don't know if its still valid as I am no longer working at the client.

The issue may be fixed on IBM JDK 1.5 or better. I suggest to close this ticket. Then people can raise a new ticket if there still is an issue on AIX / IBM JDKs.

@spring-issuemaster spring-issuemaster added this to the 1.3.1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment