Bug 1014911 - [GSS] (6.3.0) LDAP: InitialDirContext.search() method doesn't accecpt url included name parameter
[GSS] (6.3.0) LDAP: InitialDirContext.search() method doesn't accecpt url inc...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
6.1.0
Unspecified Unspecified
unspecified Severity unspecified
: DR0
: EAP 6.3.0
Assigned To: emartins
Josef Cacek
Russell Dickenson
:
Depends On:
Blocks: 1050184
  Show dependency treegraph
 
Reported: 2013-10-03 02:10 EDT by Lyle Wang
Modified: 2015-02-05 09:11 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-28 11:37:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker JBEAP-32 Minor Closed LDAP: InitialDirContext.search() method doesn't accecpt url included name parameter 2016-02-17 06:35 EST
JBoss Issue Tracker WFLY-2319 Major Resolved LDAP Search containing URL - InvalidNameException: ldap:: [LDAP: error code 34 - Invalid root Dn given 2016-02-17 06:35 EST

  None (edit)
Description Lyle Wang 2013-10-03 02:10:31 EDT
Description of problem:

When trying to use InitialDirContext.search(String name, String filter, SearchControls cons) method to search LDAP server, if the first "name" parameter includes url and port number, an javax.naming.InvalidNameException exception will be thrown. This issue only happens in EAP 6, same source code works fine in either EAP 5 or as standalone Java client.


Version-Release number of selected component (if applicable):


How reproducible:

The source code snippet below can be used to reproduce this issue:

=============================================================
Hashtable env = new Hashtable();
        env.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        env.put("java.naming.security.authentication", "simple");
        env.put("java.naming.ldap.version", "3");
        env.put("java.naming.referral", "ignore");
        env.put("java.naming.ldap.derefAliases", "never");       
        env.put("java.naming.provider.url", "ldap://192.168.0.1:389");
        env.put("java.naming.factory.url.pkgs", "org.jboss.as.naming.interfaces:org.jboss.ejb.client.naming");
              
       SearchControls ctl = null;
       String attrArr[] = new String[1];
       attrArr[0] = "objectclass";
       ctl  = new SearchControls(2, 0L, 0, attrArr, false, false);
       
       String base = "ldap://192.168.0.1:389/dc=sample,dc=com";
       String filter = "(uid=sample@sample.com)";         
              
       NamingEnumeration nenum = null;
       DirContext ictx = null;
              
       try{
            ictx = new InitialDirContext(env);
            nenum = ictx.search(base, filter, ctl);   // <====== issue occurs on this line
            
            return "SUCCESS";
        }
        catch(NamingException ne1){
            ne1.printStackTrace();            
        }

=============================================================

Actual results:

Below exception will be thrown:
09:31:57,377 ERROR [stderr] (http-/192.168.0.2:8080-1) javax.naming.InvalidNameException: ldap:: [LDAP: error code 34 - Invalid DN Syntax]; remaining name 'ldap://192.168.0.1:389/dc=sample,dc=com'
09:31:57,377 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.ldap.LdapCtx.c_lookup(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.toolkit.ctx.ComponentContext.c_resolveIntermediate_nns(Unknown Source)
09:31:57,378 ERROR [stderr] (http-/192.168.0.2:8080-1) 	at com.sun.jndi.toolkit.ctx.AtomicContext.c_resolveIntermediate_nns(Unknown Source)



To workaround the issue:
Change the line:
String base = "ldap://192.168.0.1:389/dc=sample,dc=com";

To
String base = "dc=sample,dc=com";

By removing url part, search() method will work with the name string.


Expected results:

 NamingEnumeration object returned, even if using "ldap://192.168.0.1:389/dc=sample,dc=com" as name parameter.


Additional info:

From the official "The JNDI Tutorial", names with url should be supported.
http://docs.oracle.com/javase/jndi/tutorial/ldap/misc/url.html
Comment 1 Darran Lofthouse 2013-10-03 04:34:16 EDT
I don't mind taking a look, working on LDAP at the moment anyway and we have had other similar issues I believe in this area.

Just one question - where is the affected code being executed?  Is it deployed within a web app or somewhere else?
Comment 2 Lyle Wang 2013-10-03 20:35:58 EDT
(In reply to Darran Lofthouse from comment #1)
> I don't mind taking a look, working on LDAP at the moment anyway and we have
> had other similar issues I believe in this area.
> 
> Just one question - where is the affected code being executed?  Is it
> deployed within a web app or somewhere else?


Hi, Darran:

Thanks for looking into this.
The customer is using a 3rd party software to authenticate against LDAP. This third party app is a wrapper for the Business Objects SDK (SAP). 

The call oringally starts from a REST webservice:

Snippet how they call 3rd party software:
========================================================
    @GET
    @Path("loginTokenFake")	
    @Produces(MediaType.TEXT_PLAIN)
    public String getLoginTokenFake() {

        IEnterpriseSession eSession = null;
        ReportServiceImpl reportService = new ReportServiceImpl();
        try {
            // HAVING problem here
            eSession = reportService.logon("admin@anothername.com", "xxxxxx");
            // ......
            // ......
            return "BO Login Successful";

        } catch (SDKException sdkEx){
            LOGGER.error("Error logging into BO:",sdkEx);
        }
        return "BO Login Failed";
    }

========================================================

Snippet in the 3rd party software, which calls BusinessObject method
========================================================
public IEnterpriseSession logon(String username, String password) throws SDKException{

        ISessionMgr mySessionMgr;

        try {
            mySessionMgr = CrystalEnterprise.getSessionMgr();

            return mySessionMgr.logon(username, password, getBOServer(), getBOAuthentication());

        } catch (SDKException sdkEx){
            throw sdkEx;
        }

    }
========================================================

The souce code I pasted in the case is the reproducer being used in customer's debug / testing.
Comment 3 Hisanobu Okuda 2013-10-07 21:30:21 EDT
Request for inclusion to EAP 6.3.0.
Comment 8 JBoss JIRA Server 2013-10-22 08:36:00 EDT
Darran Lofthouse <darran.lofthouse@jboss.com> made a comment on jira WFLY-2319

Adding the test project used to reproduce this.
Comment 11 emartins 2013-10-29 07:24:53 EDT
Have you tried to use String base = "dc=sample,dc=com"; ? ldap:// names are to be used with no environment properties map, and the handling of such jndi names is mostly what we are fixing here, so proper names for LdapCtxFactory should work at the moment.

Here is an example of proper usage on Oracle JNDI LDAP docs:

http://docs.oracle.com/javase/jndi/tutorial/basics/directory/src/SearchRetAll.java
Comment 21 JBoss JIRA Server 2014-01-13 11:03:13 EST
Brad Maxwell <bmaxwell@redhat.com> updated the status of jira JBEAP-32 to Closed
Comment 22 JBoss JIRA Server 2014-02-03 14:32:53 EST
Josef Cacek <jcacek@redhat.com> updated the status of jira WFLY-2319 to Reopened
Comment 23 Ondrej Lukas 2014-03-05 02:49:06 EST
Verified on EAP 6.3.0.DR1.

Note You need to log in before you can comment on or make changes to this bug.