LDAP authentication error

Anonymous avatarAnonymous created an issue

Custom ldap connection has been defined and tested via 'Test Connection' successfully. When trying to login in via one of the user accounts, it fails.

Thanks.

--------

Connection: SUCCESS Search user: SUCCESS Authenticate user: SUCCESS

User: - Name: david - Display Name: XXX XXXX - Mail: XXXX.XXXX

Groups - admin - vorstand

------------

Console Output:

00:35:04.385 [qtp673919523-22] INFO sonia.scm.user.DefaultUserManager - create user david of type ldap 00:35:04.395 [qtp673919523-22] ERROR sonia.scm.web.security.BasicSecurityContext - authentication failed java.lang.IllegalStateException: object is not valid at sonia.scm.util.AssertUtil.assertIsValid(AssertUtil.java:119) [scm-core-1.14.jar:na] at sonia.scm.user.DefaultUserManager.create(DefaultUserManager.java:181) [classes/:na] at sonia.scm.user.DefaultUserManager.create(DefaultUserManager.java:78) [classes/:na] at sonia.scm.web.security.BasicSecurityContext.authenticate(BasicSecurityContext.java:191) [classes/:na] at sonia.scm.api.rest.resources.AuthenticationResource.authenticate(AuthenticationResource.java:141) [classes/:n a] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [na:1.7.0_04] at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) [na:1.7.0_04] at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) [na:1.7.0_04] at java.lang.reflect.Method.invoke(Unknown Source) [na:1.7.0_04] at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60) [jersey-bund le-1.12.jar:1.12] at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$TypeOutInvoker._dispa tch(AbstractResourceMethodDispatchProvider.java:185) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDisp atcher.java:75) [jersey-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288) [jersey-bundle-1.12.jar:1 .12] at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.12 .jar:1.12] at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108) [jersey-bundle-1.12 .jar:1.12] at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147) [jersey-bundle-1.12 .jar:1.12] at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84) [jersey- bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1483) [jerse y-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1414) [jerse y-bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1363) [jersey -bundle-1.12.jar:1.12] at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1353) [jersey -bundle-1.12.jar:1.12] at com.sun.jersey.spi.container.servlet.WebComponent.service(WebComponent.java:414) [jersey-bundle-1.12.jar:1.12 ] at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:537) [jersey-bundle-1.12. jar:1.12] at com.sun.jersey.spi.container.servlet.ServletContainer.service(ServletContainer.java:708) [jersey-bundle-1.12. jar:1.12] at javax.servlet.http.HttpServlet.service(HttpServlet.java:820) [javax.servlet-2.5.0.v201103041518.jar:na] at com.google.inject.servlet.ServletDefinition.doService(ServletDefinition.java:263) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.ServletDefinition.service(ServletDefinition.java:178) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.ManagedServletPipeline.service(ManagedServletPipeline.java:91) [guice-servlet-3.0.j ar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:62) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at sonia.scm.filter.SecurityFilter.doFilter(SecurityFilter.java:123) [classes/:na] at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:168) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at sonia.scm.web.security.ApiBasicAuthenticationFilter.doFilter(ApiBasicAuthenticationFilter.java:101) [classes/ :na] at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at sonia.scm.filter.GZipFilter.doFilter(GZipFilter.java:78) [classes/:na] at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at sonia.scm.filter.BaseUrlFilter.doFilter(BaseUrlFilter.java:100) [classes/:na] at sonia.scm.web.filter.HttpFilter.doFilter(HttpFilter.java:102) [scm-core-1.14.jar:na] at com.google.inject.servlet.FilterDefinition.doFilter(FilterDefinition.java:163) [guice-servlet-3.0.jar:na] at com.google.inject.servlet.FilterChainInvocation.doFilter(FilterChainInvocation.java:58) [guice-servlet-3.0.ja r:na] at com.google.inject.servlet.ManagedFilterPipeline.dispatch(ManagedFilterPipeline.java:118) [guice-servlet-3.0.j ar:na] at com.google.inject.servlet.GuiceFilter.doFilter(GuiceFilter.java:113) [guice-servlet-3.0.jar:na] at sonia.scm.boot.BootstrapFilter.doFilter(BootstrapFilter.java:104) [classes/:na] at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1332) [jetty-servlet-7.6.3. v20120416.jar:7.6.3.v20120416] at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:477) [jetty-servlet-7.6.3.v20120416.jar :7.6.3.v20120416] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:119) [jetty-server-7.6.3.v20120416.j ar:7.6.3.v20120416] at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:524) [jetty-security-7.6.3.v20120416.j ar:7.6.3.v20120416] at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:227) [jetty-server-7.6.3.v201204 16.jar:7.6.3.v20120416] at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1031) [jetty-server-7.6.3.v20120 416.jar:7.6.3.v20120416] at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:406) [jetty-servlet-7.6.3.v20120416.jar: 7.6.3.v20120416] at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:186) [jetty-server-7.6.3.v2012041 6.jar:7.6.3.v20120416] at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:965) [jetty-server-7.6.3.v2012041 6.jar:7.6.3.v20120416] at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117) [jetty-server-7.6.3.v20120416.j ar:7.6.3.v20120416] at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:149) [jetty-server-7.6.3.v20 120416.jar:7.6.3.v20120416] at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:111) [jetty-server-7.6.3.v20120416 .jar:7.6.3.v20120416] at org.eclipse.jetty.server.Server.handle(Server.java:348) [jetty-server-7.6.3.v20120416.jar:7.6.3.v20120416] at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:452) [jetty-server- 7.6.3.v20120416.jar:7.6.3.v20120416] at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:894) [jetty-server-7.6.3. v20120416.jar:7.6.3.v20120416] at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:948) [jett y-server-7.6.3.v20120416.jar:7.6.3.v20120416] at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:851) [jetty-http-7.6.3.v20120416.jar:7.6.3.v20120 416] at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:235) [jetty-http-7.6.3.v20120416.jar:7.6.3.v 20120416] at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:77) [jetty-server-7.6.3.v2012041 6.jar:7.6.3.v20120416] at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:606) [jetty-io-7.6.3.v201204 16.jar:7.6.3.v20120416] at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:46) [jetty-io-7.6.3.v20120416 .jar:7.6.3.v20120416] at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:603) [jetty-util-7.6.3.v20120416. jar:7.6.3.v20120416] at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:538) [jetty-util-7.6.3.v20120416.j ar:7.6.3.v20120416] at java.lang.Thread.run(Unknown Source) [na:1.7.0_04]

Comments (8)

  1. Sebastian Sdorra
  2. David Adrian

    Connection: SUCCESS Search user: SUCCESS Authenticate user: SUCCESS Returned user is valid: FAILURE

    EDIT: Okay, if I'm seeing this correctly:

    public static boolean isMailAddressValid(String value)
      {
        return Util.isNotEmpty(value) && value.matches(REGEX_MAIL);
      }
    

    Checks for an correct mail with this REGEX:

     private static final String REGEX_MAIL =
        "^[A-z0-9][\\w.-]*@[A-z0-9][\\w\\-\\.]+\\.[A-z0-9]{2,6}$";
    

    If understand it correctly, then it does indeed assume an email xxx@xxx.xxx. Which for our users is not the case.

    Most of our users have a couple of mail adresses and only additional mails are stored in the Attribute mail. Also, only the part before @ is stored.

    For example in my user entry: mail = david.adrian mail = adrianjr

  3. David Adrian

    You mean in the area for setting up the LDAP Authentication?

    Leaving it empty causes an error, as it is a required field. Entering some gibberish for an non existing attribute results in a working configuration. My login was successful and the user got added. Though of course the mail address is now not featured under user details.

    I guess this makes this "bug" resolved.

    Do you think, it could be possible to introduce a sort of mail-creating rule for the mail attribute. As in: click a checkbox and you get an area where you can enter the part following @ so that 'value from mail attribute' + @ + 'what you enter in the area' makes up the final email address.

    Not sure if we are such a special case with our mail attribute behavior, that its worth your effort.

  4. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.