Security using ldap throws NullPointerException

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.0.1
Fix Version/s: 1.1
Component/s: Users/Security
Labels:
None
Environment:
Ubuntu Linux, Open-ldap

Number of attachments :
0

Description

I configured ~/.m2/security.properties with ldap information.
In DefaultArchivaConfiguration the Registry load all informations of security.properties.

When i was loggin throws this Exception:

java.lang.NullPointerException
org.codehaus.plexus.redback.common.ldap.connection.LdapConnection.<init>(LdapConnection.java:58)
org.codehaus.plexus.redback.common.ldap.connection.ConfigurableLdapConnectionFactory.getConnection(ConfigurableLdapConnectionFactory.java:123)
org.codehaus.plexus.redback.authentication.ldap.LdapBindAuthenticator.authenticate(LdapBindAuthenticator.java:92)

I got redback source code, and i see that any information of ldap was there in LdapConnection!

Issue Links

depends upon

MRM-677 Upgrade archiva to the latest redback (1.0.1)

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Maria Odea Ching added a comment - 11/Mar/08 2:26 AM

This is already fixed in redback-trunk. We're migrating archiva 1.0.2 to the latest redback, so this would be fixed by then.
I'll move this issue to 1.0.2..

Show

Maria Odea Ching added a comment - 11/Mar/08 2:26 AM This is already fixed in redback-trunk. We're migrating archiva 1.0.2 to the latest redback, so this would be fixed by then. I'll move this issue to 1.0.2..

Hide

Permalink

Maria Odea Ching added a comment - 19/Mar/08 9:41 AM

I upgraded archiva-trunk to redback 1.1-SNAPSHOT, could you please confirm if this has been fixed for you? Thanks..

Show

Maria Odea Ching added a comment - 19/Mar/08 9:41 AM I upgraded archiva-trunk to redback 1.1-SNAPSHOT, could you please confirm if this has been fixed for you? Thanks..

Hide

Permalink

Lucas Vilela de Souza Gon�alves added a comment - 26/Mar/08 3:28 PM

My security.properties look likes it:

ldap.user.store.enabled=false
ldap.bind.authenticator.enabled=true

ldap options for configuration via properties file
ldap.config.hostname=192.168.1.32
ldap.config.port=389
ldap.config.base.dn=ou=Usuarios,dc=powerlogic,dc=com,dc=br
ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
ldap.config.bind.dn=cn=Manager,dc=powerlogic,dc=com,dc=br
ldap.config.password=password
#ldap.config.authentication.method=

config parameter for the ConfigurableUserManager
user.manager.impl=cached

Debugging:
In class LdapConnection, LdapConnectionConfiguration.toString():
{LdapConnectionConfiguration: hostname: 192.168.1.32, port: 389, baseDn: ou=Usuarios, contextFactory: com.sun.jndi.ldap.LdapCtxFactory, bindDn: cn=Manager, password: password, authenticationMethod: null, objectFactories: [], stateFactories: [], extraProperties: {}}

BaseDn is missing ,dc=powerlogic,dc=com,dc=br.

Is that a bug, or i am doing wrong?

Show

Lucas Vilela de Souza Gon�alves added a comment - 26/Mar/08 3:28 PM My security.properties look likes it: ldap.user.store.enabled=false ldap.bind.authenticator.enabled=true ldap options for configuration via properties file ldap.config.hostname=192.168.1.32 ldap.config.port=389 ldap.config.base.dn=ou=Usuarios,dc=powerlogic,dc=com,dc=br ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory ldap.config.bind.dn=cn=Manager,dc=powerlogic,dc=com,dc=br ldap.config.password=password #ldap.config.authentication.method= config parameter for the ConfigurableUserManager user.manager.impl=cached Debugging: In class LdapConnection, LdapConnectionConfiguration.toString(): {LdapConnectionConfiguration: hostname: 192.168.1.32, port: 389, baseDn: ou=Usuarios, contextFactory: com.sun.jndi.ldap.LdapCtxFactory, bindDn: cn=Manager, password: password, authenticationMethod: null, objectFactories: [], stateFactories: [], extraProperties: {}} BaseDn is missing ,dc=powerlogic,dc=com,dc=br. Is that a bug, or i am doing wrong?

Hide

Permalink

Maria Odea Ching added a comment - 27/Mar/08 4:05 AM

Your configuration looks right. Could you attach the logs for the error you're getting?
Thanks..

Show

Maria Odea Ching added a comment - 27/Mar/08 4:05 AM Your configuration looks right. Could you attach the logs for the error you're getting? Thanks..

Hide

Permalink

Lucas Vilela de Souza Gon�alves added a comment - 27/Mar/08 12:56 PM

jvm 1 | 2008-03-27 14:50:20,795 [SocketListener0-1] WARN authenticator#user-manager - Login for user lucas.goncalves failed. user not found.
jvm 1 | 2008-03-27 14:50:20,795 [SocketListener0-1] INFO authenticator#ldap - Searching for users with filter: '(&(objectClass=inetOrgPerson)(cn=lucas.goncalves))' from base dn: <user-base-dn></user-base-dn>

And debuging i force a printstacktrace:

jvm 1 | javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
jvm 1 | at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985)
jvm 1 | at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931)
jvm 1 | at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732)
jvm 1 | at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646)
jvm 1 | at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283)
jvm 1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
jvm 1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)

Show

Lucas Vilela de Souza Gon�alves added a comment - 27/Mar/08 12:56 PM jvm 1 | 2008-03-27 14:50:20,795 [SocketListener0-1] WARN authenticator#user-manager - Login for user lucas.goncalves failed. user not found. jvm 1 | 2008-03-27 14:50:20,795 [SocketListener0-1] INFO authenticator#ldap - Searching for users with filter: '(&(objectClass=inetOrgPerson)(cn=lucas.goncalves))' from base dn: <user-base-dn></user-base-dn> And debuging i force a printstacktrace: jvm 1 | javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials] jvm 1 | at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:2985) jvm 1 | at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2931) jvm 1 | at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2732) jvm 1 | at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2646) jvm 1 | at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283) jvm 1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) jvm 1 | at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)

Hide

Permalink

Maria Odea Ching added a comment - 28/Mar/08 5:19 AM

I'm able to replicate this already, and I think the problem is with the Registry.. when it looks up the properties for the ldap configuration, it cuts the property values which has the ',' character (e.g. ldap.config.bind.dn=cn=Manager,dc=powerlogic,dc=com,dc=br). So the bind.dn becomes only this --> cn=Manager instead of cn=Manager,dc=powerlogic,dc=com,dc=br. The same goes with the base.dn property.

We encountered the same problem before with the cron expressions in the archiva config. Redback and Archiva are both using the commons-config plexus registry implementation. I'll file this issue in Redback and fix it there.

Show

Maria Odea Ching added a comment - 28/Mar/08 5:19 AM I'm able to replicate this already, and I think the problem is with the Registry.. when it looks up the properties for the ldap configuration, it cuts the property values which has the ',' character (e.g. ldap.config.bind.dn=cn=Manager,dc=powerlogic,dc=com,dc=br). So the bind.dn becomes only this --> cn=Manager instead of cn=Manager,dc=powerlogic,dc=com,dc=br. The same goes with the base.dn property. We encountered the same problem before with the cron expressions in the archiva config. Redback and Archiva are both using the commons-config plexus registry implementation. I'll file this issue in Redback and fix it there.

Hide

Permalink

Maria Odea Ching added a comment - 29/Mar/08 9:26 AM

Looking further into this, it wasn't a problem with the registry.. but originates in the GuestUserEnvironmentCheck when it looks up the guest user. For some reason the basedn is not set in the LdapUserMapper where the user is searched, resulting to the NPE.

18992 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.scheduled.executors.ArchivaRepositoryScanningTaskExecutor - Initialized org.apache.maven.archiva.scheduled.executors.ArchivaRepositoryScanningTaskExecutor
18992 [WrapperSimpleAppMain] INFO taskQueueExecutor#repository-scanning - Starting task executor, thread name 'repository-scanning'.
19008 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: required-roles
19008 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.security.ArchivaStandardRolesCheck - Checking the existance of required roles.
19051 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.security.ArchivaStandardRolesCheck - Checking the existance of required operations.
19082 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: ExpectedJsps
19082 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: locked-admin-check
19902 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: guest-user-check
19921 [WrapperSimpleAppMain] INFO ldapController - Searching for user: guest
19922 [WrapperSimpleAppMain] INFO ldapController - Searching for users with filter: '(&(objectClass=inetOrgPerson)(cn=guest))' from base dn: null
20802 [WrapperSimpleAppMain] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized.
20802 [WrapperSimpleAppMain] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'defaultScheduler' initialized from an externally provided properties instance.
20802 [WrapperSimpleAppMain] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 1.4.5
20803 [WrapperSimpleAppMain] INFO org.quartz.core.QuartzScheduler - Scheduler defaultScheduler_$_NON_CLUSTERED started.
22067 [WrapperSimpleAppMain] ERROR org.mortbay.log - Failed startup of context org.mortbay.jetty.webapp.WebAppContext@1c9313b

{/archiva,file:/home/deng/Projects/archiva-new-trunk/archiva-jetty/target/apache-archiva-1.1-SNAPSHOT/apps/archiva/}

java.lang.NullPointerException
at javax.naming.InitialContext.getURLScheme(InitialContext.java:228)
at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277)
at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248)
at org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.searchUsers(DefaultLdapController.java:141)
at org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.getUser(DefaultLdapController.java:193)
at org.codehaus.plexus.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:217)
at org.codehaus.plexus.redback.users.configurable.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111)
at org.codehaus.plexus.redback.xwork.checks.security.GuestUserEnvironmentCheck.validateEnvironment(GuestUserEnvironmentCheck.java:82)
at org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks(SecuritySynchronization.java:151)
at org.apache.maven.archiva.web.startup.SecuritySynchronization.startup(SecuritySynchronization.java:125)
at org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized(ArchivaStartup.java:61)
at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:539)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:135)
at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1216)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:509)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117)
at org.mortbay.jetty.Server.doStart(Server.java:222)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40)
at org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.mortbay.start.Main.invokeMain(Main.java:194)
at org.mortbay.start.Main.start(Main.java:509)
at org.mortbay.start.Main.main(Main.java:119)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240)
at java.lang.Thread.run(Thread.java:595)
22071 [WrapperSimpleAppMain] INFO org.mortbay.log - Opened /home/deng/Projects/archiva-new-trunk/archiva-jetty/target/apache-archiva-1.1-SNAPSHOT/logs/2008_03_29.request.log

Show

Maria Odea Ching added a comment - 29/Mar/08 9:26 AM Looking further into this, it wasn't a problem with the registry.. but originates in the GuestUserEnvironmentCheck when it looks up the guest user. For some reason the basedn is not set in the LdapUserMapper where the user is searched, resulting to the NPE. 18992 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.scheduled.executors.ArchivaRepositoryScanningTaskExecutor - Initialized org.apache.maven.archiva.scheduled.executors.ArchivaRepositoryScanningTaskExecutor 18992 [WrapperSimpleAppMain] INFO taskQueueExecutor#repository-scanning - Starting task executor, thread name 'repository-scanning'. 19008 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: required-roles 19008 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.security.ArchivaStandardRolesCheck - Checking the existance of required roles. 19051 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.security.ArchivaStandardRolesCheck - Checking the existance of required operations. 19082 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: ExpectedJsps 19082 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: locked-admin-check 19902 [WrapperSimpleAppMain] INFO org.apache.maven.archiva.web.startup.SecuritySynchronization - Running Environment Check: guest-user-check 19921 [WrapperSimpleAppMain] INFO ldapController - Searching for user: guest 19922 [WrapperSimpleAppMain] INFO ldapController - Searching for users with filter: '(&(objectClass=inetOrgPerson)(cn=guest))' from base dn: null 20802 [WrapperSimpleAppMain] INFO org.quartz.simpl.RAMJobStore - RAMJobStore initialized. 20802 [WrapperSimpleAppMain] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler 'defaultScheduler' initialized from an externally provided properties instance. 20802 [WrapperSimpleAppMain] INFO org.quartz.impl.StdSchedulerFactory - Quartz scheduler version: 1.4.5 20803 [WrapperSimpleAppMain] INFO org.quartz.core.QuartzScheduler - Scheduler defaultScheduler_$_NON_CLUSTERED started. 22067 [WrapperSimpleAppMain] ERROR org.mortbay.log - Failed startup of context org.mortbay.jetty.webapp.WebAppContext@1c9313b {/archiva,file:/home/deng/Projects/archiva-new-trunk/archiva-jetty/target/apache-archiva-1.1-SNAPSHOT/apps/archiva/} java.lang.NullPointerException at javax.naming.InitialContext.getURLScheme(InitialContext.java:228) at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:277) at javax.naming.directory.InitialDirContext.getURLOrDefaultInitDirCtx(InitialDirContext.java:87) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:248) at org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.searchUsers(DefaultLdapController.java:141) at org.codehaus.plexus.redback.users.ldap.ctl.DefaultLdapController.getUser(DefaultLdapController.java:193) at org.codehaus.plexus.redback.users.ldap.LdapUserManager.findUser(LdapUserManager.java:217) at org.codehaus.plexus.redback.users.configurable.ConfigurableUserManager.findUser(ConfigurableUserManager.java:111) at org.codehaus.plexus.redback.xwork.checks.security.GuestUserEnvironmentCheck.validateEnvironment(GuestUserEnvironmentCheck.java:82) at org.apache.maven.archiva.web.startup.SecuritySynchronization.executeEnvironmentChecks(SecuritySynchronization.java:151) at org.apache.maven.archiva.web.startup.SecuritySynchronization.startup(SecuritySynchronization.java:125) at org.apache.maven.archiva.web.startup.ArchivaStartup.contextInitialized(ArchivaStartup.java:61) at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:539) at org.mortbay.jetty.servlet.Context.startContext(Context.java:135) at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1216) at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:509) at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:447) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147) at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:147) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:117) at org.mortbay.jetty.Server.doStart(Server.java:222) at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:40) at org.mortbay.xml.XmlConfiguration.main(XmlConfiguration.java:977) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.mortbay.start.Main.invokeMain(Main.java:194) at org.mortbay.start.Main.start(Main.java:509) at org.mortbay.start.Main.main(Main.java:119) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:240) at java.lang.Thread.run(Thread.java:595) 22071 [WrapperSimpleAppMain] INFO org.mortbay.log - Opened /home/deng/Projects/archiva-new-trunk/archiva-jetty/target/apache-archiva-1.1-SNAPSHOT/logs/2008_03_29.request.log

Hide

Permalink

Maria Odea Ching added a comment - 29/Mar/08 9:41 AM

Sorry, correction again.. if the separator in the basedn & binddn is ',', an NPE still occurs. I used ';' as a separator instead and was able to get past that first NPE. The NPE from the GuestUserEnvironmentCheck occurs after that.

Show

Maria Odea Ching added a comment - 29/Mar/08 9:41 AM Sorry, correction again.. if the separator in the basedn & binddn is ',', an NPE still occurs. I used ';' as a separator instead and was able to get past that first NPE. The NPE from the GuestUserEnvironmentCheck occurs after that.

Hide

Permalink

Maria Odea Ching added a comment - 29/Mar/08 10:43 AM

I made some fixes in redback, please see ~~REDBACK-139~~.
Thanks!

Show

Maria Odea Ching added a comment - 29/Mar/08 10:43 AM I made some fixes in redback, please see REDBACK-139 . Thanks!

Hide

Permalink

Maria Odea Ching added a comment - 13/Apr/08 10:09 PM

Fixed in redback 1.0.1. I already upgraded archiva's redback to this version (-r647651).

Show

Maria Odea Ching added a comment - 13/Apr/08 10:09 PM Fixed in redback 1.0.1. I already upgraded archiva's redback to this version (-r647651).

People

Assignee:

Maria Odea Ching

Reporter:

Lucas Vilela de Souza Gon�alves

Vote (0)

Watch (1)

Dates

Created:

21/Feb/08 6:01 AM

Updated:

13/Apr/08 10:09 PM

Resolved:

13/Apr/08 10:09 PM