Bug 1014911

Summary: [GSS] (6.3.0) LDAP: InitialDirContext.search() method doesn't accecpt url included name parameter
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Lyle Wang <lywang>
Component: SecurityAssignee: emartins
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.1.0CC: bmaxwell, brian.stansberry, cdewolf, darran.lofthouse, dehort, emartins, hokuda, jawilson, kkhan, lywang, myarboro, olukas
Target Milestone: DR0   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:37:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1050184    

Description Lyle Wang 2013-10-03 06:10:31 UTC 
Description of problem:

When trying to use InitialDirContext.search(String name, String filter, SearchControls cons) method to search LDAP server, if the first "name" parameter includes url and port number, an javax.naming.InvalidNameException exception will be thrown. This issue only happens in EAP 6, same source code works fine in either EAP 5 or as standalone Java client.


Version-Release number of selected component (if applicable):


How reproducible:

The source code snippet below can be used to reproduce this issue:

=============================================================
Hashtable env = new Hashtable();
        env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        env.put("java.naming.security.authentication", "simple");
        env.put("java.naming.ldap.version", "3");
        env.put("java.naming.referral", "ignore");
        env.put("java.naming.ldap.derefAliases", "never");       
        env.put("java.naming.provider.url", "ldap://192.168.0.1:389");
        env.put("java.naming.factory.url.pkgs", "org.jboss.as.naming.interfaces:org.jboss.ejb.client.naming");
              
       SearchControls ctl = null;
       String attrArr[] = new String[1];
       attrArr[0] = "objectclass";
       ctl  = new SearchControls(2, 0L, 0, attrArr, false, false);
       
       String base = "ldap://192.168.0.1:389/dc=sample,dc=com";
       String filter = "(uid=sample)";         
              
       NamingEnumeration nenum = null;
       DirContext ictx = null;
              
       try{
            ictx = new InitialDirContext(env);
            nenum = ictx.search(base, filter, ctl);   // <====== issue occurs on this line
            
            return "SUCCESS";
        }
        catch(NamingException ne1){
            ne1.printStackTrace();            
        }

=============================================================

Actual results:

Below exception will be thrown:
09:31:57,377 ERROR [stderr] (http-/192.168.0.2:8080-1) javax.naming.InvalidNameException: ldap:: [LDAP: error code 34 - Invalid DN Syntax]; remaining name 'ldap://192.168.0.1:389/dc=sample,dc=com'
09:31:57,377 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.ldap.LdapCtx.c_lookup(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(Unknown Source)



To workaround the issue:
Change the line:
String base = "ldap://192.168.0.1:389/dc=sample,dc=com";

To
String base = "dc=sample,dc=com";

By removing url part, search() method will work with the name string.


Expected results:

 NamingEnumeration object returned, even if using "ldap://192.168.0.1:389/dc=sample,dc=com" as name parameter.


Additional info:

From the official "The JNDI Tutorial", names with url should be supported.
http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html
Comment 1 Darran Lofthouse 2013-10-03 08:34:16 UTC 
I don't mind taking a look, working on LDAP at the moment anyway and we have had other similar issues I believe in this area.

Just one question - where is the affected code being executed?  Is it deployed within a web app or somewhere else?
Comment 2 Lyle Wang 2013-10-04 00:35:58 UTC 
(In reply to Darran Lofthouse from comment #1)
> I don't mind taking a look, working on LDAP at the moment anyway and we have
> had other similar issues I believe in this area.
> 
> Just one question - where is the affected code being executed?  Is it
> deployed within a web app or somewhere else?


Hi, Darran:

Thanks for looking into this.
The customer is using a 3rd party software to authenticate against LDAP. This third party app is a wrapper for the Business Objects SDK (SAP). 

The call oringally starts from a REST webservice:

Snippet how they call 3rd party software:
========================================================
    @GET
    @Path("loginTokenFake")	
    @Produces(MediaType.TEXT_PLAIN)
    public String getLoginTokenFake() {

        IEnterpriseSession eSession = null;
        ReportServiceImpl reportService = new ReportServiceImpl();
        try {
            // HAVING problem here
            eSession = reportService.logon("admin", "xxxxxx");
            // ......
            // ......
            return "BO Login Successful";

        } catch (SDKException sdkEx){
            LOGGER.error("Error logging into BO:",sdkEx);
        }
        return "BO Login Failed";
    }

========================================================

Snippet in the 3rd party software, which calls BusinessObject method
========================================================
public IEnterpriseSession logon(String username, String password) throws SDKException{

        ISessionMgr mySessionMgr;

        try {
            mySessionMgr = CrystalEnterprise.getSessionMgr();

            return mySessionMgr.logon(username, password, getBOServer(), getBOAuthentication());

        } catch (SDKException sdkEx){
            throw sdkEx;
        }

    }
========================================================

The souce code I pasted in the case is the reproducer being used in customer's debug / testing.
Comment 3 Hisanobu Okuda 2013-10-08 01:30:21 UTC 
Request for inclusion to EAP 6.3.0.
Comment 8 JBoss JIRA Server 2013-10-22 12:36:00 UTC 
Darran Lofthouse <darran.lofthouse> made a comment on jira WFLY-2319

Adding the test project used to reproduce this.
Comment 11 emartins 2013-10-29 11:24:53 UTC 
Have you tried to use String base = "dc=sample,dc=com"; ? ldap:// names are to be used with no environment properties map, and the handling of such jndi names is mostly what we are fixing here, so proper names for LdapCtxFactory should work at the moment.

Here is an example of proper usage on Oracle JNDI LDAP docs:

http://docs.oracle.com/javase/jndi/tutorial/basics/directory/src/SearchRetAll.java
Comment 21 JBoss JIRA Server 2014-01-13 16:03:13 UTC 
Brad Maxwell <bmaxwell> updated the status of jira JBEAP-32 to Closed
Comment 22 JBoss JIRA Server 2014-02-03 19:32:53 UTC 
Josef Cacek <jcacek> updated the status of jira WFLY-2319 to Reopened
Comment 23 Ondrej Lukas 2014-03-05 07:49:06 UTC 
Verified on EAP 6.3.0.DR1.