Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1052644 - [GSS] (6.4.z) LdapExtLoginModule cannot find custom ldap socket factory [NEEDINFO]
[GSS] (6.4.z) LdapExtLoginModule cannot find custom ldap socket factory
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
6.2.0,6.3.0
Unspecified Unspecified
unspecified Severity high
: CR1
: EAP 6.4.5
Assigned To: Peter Skopek
Josef Cacek
Russell Dickenson
:
: 1068665 (view as bug list)
Depends On:
Blocks: 1068665 1235745 1255390
  Show dependency treegraph
 
Reported: 2014-01-13 16:50 EST by Derek Horton
Modified: 2017-01-17 06:43 EST (History)
12 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
In this release of JBoss EAP 6 the `LdapExtLoginModule` does not set the TCCL to the classloader of a (configurable) JBoss module. The JBoss module would contain a custom socket factory. As a consequence the `LdapExtLoginModule` cannot use custom socket factories for creating connections to the ldap server. A `ClassNotFoundException` will be thrown when attempting to use a custom socket factory with the `LdapExtLoginModule`. This issue will be resolved in a future release of the product.
Story Points: ---
Clone Of:
: 1068665 (view as bug list)
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
bdawidow: needinfo? (pskopek)

Attachments (Terms of Use)
custom-socket-factory.jar (4.89 KB, application/x-java-archive)
2014-07-30 05:29 EDT, Josef Cacek 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-784 Major Closed LdapExtLoginModule cannot find custom ldap socket factory 2017-11-08 15:25 EST

  None (edit)
Description Derek Horton 2014-01-13 16:50:08 EST 
Description of problem:

LdapExtLoginModule cannot find custom ldap socket factory.
Passing the "java.naming.ldap.factory.socket" property in as an
module-option:
<module-option name="java.naming.ldap.factory.socket" value="org.jboss.example.CustomSocketFactory"/>
results in a ClassNotFoundException:
Caused by: javax.naming.CommunicationException: 192.168.1.8:389 [Root exception is java.lang.ClassNotFoundException: org/jboss/example/CustomSocketFactory]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:226) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) [rt.jar:1.7.0_45]
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) [rt.jar:1.7.0_45]
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) [rt.jar:1.7.0_45]
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307) [rt.jar:1.7.0_45]
at javax.naming.InitialContext.init(InitialContext.java:242) [rt.jar:1.7.0_45]
at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:153) [rt.jar:1.7.0_45]
at org.jboss.security.auth.spi.LdapExtLoginModule.constructInitialLdapContext(LdapExtLoginModule.java:767) [picketbox-4.0.17.SP2-redhat-2.jar:4.0.17.SP2-redhat-2]

I tried making the custom socket factory into a jboss module and adding the module as a dependency to picketbox and
sun.jdk. Unfortunately, that did not work. I also added the socket
factory jar to the jre/lib/ext directory. That didn't work either.
Comment 2 Nichola Moore 2014-05-01 23:50:02 EDT 
Please provide Doc Text. Thank you.
Comment 3 sgilda 2014-05-13 10:23:24 EDT 
Change release note from Bug Fix to Known Issue, per bug 1097167.
Comment 4 Scott Mumford 2014-05-15 00:31:49 EDT 
Reformatted Doc Text to prose form.
Comment 6 Josef Cacek 2014-07-30 05:29:52 EDT 
Created attachment 922473 [details]
custom-socket-factory.jar

Adding reproducer - JAR with a custom SocketFactory implementation.

Enable it for the LDAP login module(s) by adding module option:

<module-option name="java.naming.ldap.factory.socket" value="org.jboss.example.CustomSocketFactory"/>

It prints debug output when it's used. E.g.
>>> org.jboss.example.CustomSocketFactory.getDefault : 42
>>> org.jboss.example.CustomSocketFactory.<init> : 38
>>> org.jboss.example.CustomSocketFactory.createSocket : 48
Comment 7 Josef Cacek 2014-07-30 06:31:12 EDT 
*** Bug 1068665 has been marked as a duplicate of this bug. ***
Comment 9 JBoss JIRA Server 2015-08-21 11:26:59 EDT 
Stefan Guilhen <sguilhen@redhat.com> updated the status of jira SECURITY-784 to Resolved
Comment 10 JBoss JIRA Server 2015-08-21 11:27:30 EDT 
Stefan Guilhen <sguilhen@redhat.com> updated the status of jira SECURITY-784 to Closed
Comment 14 Ondrej Lukas 2015-11-03 06:10:39 EST 
Verified in EAP 6.4.5.CP.CR1.
Comment 15 Petr Penicka 2017-01-17 06:43:21 EST 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.
Comment 16 Petr Penicka 2017-01-17 06:43:27 EST 
Retroactively bulk-closing issues from released EAP 6.4 cumulative patches.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.