Bug 580127

Summary: LDAP regression - RuntimeException when submitting details of new LDAP user
Product: [Other] RHQ Project Reporter: Jeff Weiss <jweiss>
Component: Core ServerAssignee: Simeon Pinder <spinder>
Status: CLOSED CURRENTRELEASE QA Contact: Jeff Weiss <jweiss>
Severity: medium Docs Contact:
Priority: low    
Version: 1.4CC: dajohnso, skondkar
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.4 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
linux/postgres
Last Closed: 2010-08-12 16:54:30 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 543122, 565628, 576714, 577267    

Description Jeff Weiss 2010-04-07 14:37:38 UTC 
Description of problem:
Can't submit user details for new LDAP user.

Version-Release number of selected component (if applicable):
d82d1581f18dcd6b9fb2a4e189df52ef82e43ece

How reproducible:
Always

Steps to Reproduce:
1. Enable ldap server (see additional info for our ldap server settings)
2. log out
3. log in as ldapuser/ldapuser
4. Fill in user details, click OK
  
Actual results:
RuntimeException - see below for stack trace

Expected results:
User is logged in 

Additional info:
URL: ldaps://jonqa.rdu.redhat.com/
Search Base: dc=example,dc=com
Username: uid=ldapuser,dc=example,dc=com
Password: ldapuser
Login Property: uid


    java.lang.RuntimeException: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=example,dc=com' at org.rhq.enterprise.server.resource.group.LdapGroupManager.buildGroup(LdapGroupManager.java:209) at org.rhq.enterprise.server.resource.group.LdapGroupManager.findAvailableGroupsFor(LdapGroupManager.java:79) at org.rhq.enterprise.gui.admin.user.RegisterAction.execute(RegisterAction.java:116) at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:636) Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=example,dc=com' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:323) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:144) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:540) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:460) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:105) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:73) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:538) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1975) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1837) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265) at org.rhq.enterprise.server.resource.group.LdapGroupManager.buildGroup(LdapGroupManager.java:193) ... 35 more 

Missing 'equals'

    javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=example,dc=com' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:323) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:144) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:540) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:460) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:105) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:73) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:538) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1975) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1837) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265) at org.rhq.enterprise.server.resource.group.LdapGroupManager.buildGroup(LdapGroupManager.java:193) at org.rhq.enterprise.server.resource.group.LdapGroupManager.findAvailableGroupsFor(LdapGroupManager.java:79) at org.rhq.enterprise.gui.admin.user.RegisterAction.execute(RegisterAction.java:116) at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:636) 
Use ssl: true
Comment 1 Simeon Pinder 2010-04-14 14:44:30 UTC 
I am unable to reproduce this issue.  In debugging another ldap issue using another box with the most recent builds provided by Sunil, I am also not able to reproduce this issue on that system either.

I notice that the "Group Search" and "Group Member" filter details were not included in the additional information section above.  Was this an inclusion oversight?  Both are used for correct ldap mapping to occur.

Are you able to reproduce this issue with one of the most recent builds?
Comment 2 Jeff Weiss 2010-04-14 17:38:21 UTC 
Simeon, sorry, I pasted the stack trace in above the last line.  note: ssl=true.

The group search/group member fields are not filled in, that has always worked just fine in the past.  I'll retest on a newer build if you can point to something that you believe fixed it.  Otherwise I think the build I originally tested it on should suffice, it's only a week old.
Comment 3 Charles Crouch 2010-04-14 22:38:34 UTC 
If the LDAP groups text boxes are empty then we should behave as we did, i.e. LDAP authentication, no LDAP athuz at all.
Comment 4 Jeff Weiss 2010-04-14 23:06:54 UTC 
Charles, 

That's not how it behaves. Read the reproduce steps.  It lets you log in and then only barfs when you try to fill in your details.
Comment 5 Simeon Pinder 2010-04-16 13:58:53 UTC 
Reproduced the problem and fix applied in build >= 218.

Details:
Error results because ldap group authorization configuration was being applied even when only ldap group authentication was being tested.  Modified code to conditionally check for authorization when it is actually enabled as well.

Commit hash:
07b28294ef1811d7877153de9516dfa6252fd2e3
Comment 6 Sunil Kondkar 2010-04-21 09:10:36 UTC 
Verified on jon build # 105 (Revision: 10609)

Below are the configurations set:

URL: ldap://rajantest.usersys.redhat.com:1636
Search Base: dc=rajantest
Username: uid=ldapuser,dc=rajantest
Login Property: uid
Password=ldapuser
SSL=true

After saving this configuration, logged in as ldapuser and submitted the details of new ldap user. Clicking OK button displayed the dashboard.
No exception observed.

Also tried with below configuration:

URL: ldaps://jonqa.rdu.redhat.com/
Search Base: dc=example,dc=com
Username: uid=ldapuser,dc=example,dc=com
Password: ldapuser
Login Property: uid
SSL=true

logged in as ldapuser and submitted the details of new ldap user. Clicking OK button displayed the dashboard.
No exception observed.
Comment 7 Corey Welton 2010-08-12 16:54:30 UTC 
Mass-closure of verified bugs against JON.