478228 – MIGRATED_FROM_JIRA: Invalid credentials when you try to bind with a dynamic user

Bug 478228 - MIGRATED_FROM_JIRA: Invalid credentials when you try to bind with a dynamic user

Summary: MIGRATED_FROM_JIRA: Invalid credentials when you try to bind with a dynamic user

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	penrose
Classification:	Retired
Component:	Unknown
Sub Component:
Version:	2.0
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Endi Sukma Dewata
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	471500
TreeView+	depends on / blocked

Reported:	2008-12-27 08:10 UTC by Chandrasekar Kannan
Modified:	2020-03-27 18:36 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-03-27 18:36:42 UTC
Embargoed:

Attachments	(Terms of Use)

Description Chandrasekar Kannan 2008-12-27 08:10:19 UTC

2 dynamic sources. From source "sPeople" system can take user uid=d.pontari,ou=People,dc=elis,dc=org. Using Penrose 1.1.2 I can bind with that user, with Penrose 1.2.4 these are the exceptions:

[09/21/2007 15:35:14] Unbind "uid=admin,ou=system".
[09/21/2007 15:35:14] Bind "uid=d.pontari,ou=People,dc=elis,dc=org".
[09/21/2007 15:35:14] Invalid Credentials
LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: Invalid Credentials
        at org.ietf.ldap.LDAPException.<init>(Unknown Source)
        at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(Exception
Util.java:73)
        at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(Exception
Util.java:61)
        at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:3
40)
        at org.safehaus.penrose.handler.Handler.bind(Handler.java:170)
        at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:
220)
        at org.safehaus.penrose.session.Session.bind(Session.java:296)
        at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:
119)
        at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.jav
a:44)
        at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(Demux
ingIoHandler.java:144)
        at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messa
geReceived(AbstractIoFilterChain.java:703)
        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageR
eceived(AbstractIoFilterChain.java:362)
        at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(Abst
ractIoFilterChain.java:54)
        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.mess
ageReceived(AbstractIoFilterChain.java:800)
        at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flus
h(SimpleProtocolDecoderOutput.java:60)
        at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(Prot
ocolCodecFilter.java:190)
        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageR
eceived(AbstractIoFilterChain.java:362)
        at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(Abst
ractIoFilterChain.java:54)
        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.mess
ageReceived(AbstractIoFilterChain.java:800)
        at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorF
ilter.java:243)
        at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.
run(ExecutorFilter.java:305)
        at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Wor
ker.runTask(ThreadPoolExecutor.java:665)
        at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Wor
ker.run(ThreadPoolExecutor.java:690)
        at java.lang.Thread.run(Unknown Source)

But if I try with cn=Domenico Pontari,ou=People,dc=elis,dc=org or with uid=d.pontari,dc=elis,dc=org it works.
I suppose "Domenico Pontari" is the correct cn for d.pontari user.

Configurations are:

CONNECTIONS.XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE connections PUBLIC "-//Penrose/DTD Connections 1.1//EN" "http://penrose.safehaus.org/dtd/connections.dtd">

<connections>
  <connection name="MySQL">
    <adapter-name>JDBC</adapter-name>
    <parameter>
      <param-name>user</param-name>
      <param-value>root</param-value>
    </parameter>
    <parameter>
      <param-name>password</param-name>
      <param-value>xxx</param-value>
    </parameter>
    <parameter>
      <param-name>url</param-name>
      <param-value>jdbc:mysql://localhost:3306/ldap?autoReconnect=true</param-value>
    </parameter>
    <parameter>
      <param-name>driver</param-name>
      <param-value>com.mysql.jdbc.Driver</param-value>
    </parameter>
  </connection>
</connections>

SOURCES.XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sources PUBLIC "-//Penrose/DTD Sources 1.1//EN" "http://penrose.safehaus.org/dtd/sources.dtd">

<sources>
  <source name="sPeople">
    <connection-name>MySQL</connection-name>
    <field name="cn"/>
    <field name="employeeNumber"/>
    <field name="givenName"/>
    <field name="mail"/>
    <field name="sn"/>
    <field name="uid" primaryKey="true"/>
    <field name="userPassword"/>
    <parameter>
      <param-name>catalog</param-name>
      <param-value>ldap</param-value>
    </parameter>
    <parameter>
      <param-name>table</param-name>
      <param-value>tpeople</param-value>
    </parameter>
  </source>
  <source name="sEsterni">
    <connection-name>MySQL</connection-name>
    <field name="cn"/>
    <field name="employeeNumber"/>
    <field name="givenName"/>
    <field name="mail"/>
    <field name="sn"/>
    <field name="uid" primaryKey="true"/>
    <field name="userPassword"/>
    <parameter>
      <param-name>catalog</param-name>
      <param-value>ldap</param-value>
    </parameter>
    <parameter>
      <param-name>table</param-name>
      <param-value>testerni</param-value>
    </parameter>
  </source>
</sources>

MAPPING.XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.1//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">

<mapping>
  <entry dn="dc=elis,dc=org">
    <oc>dcObject</oc>
    <oc>organization</oc>
    <at name="dc" rdn="true">
      <constant>elis</constant>
    </at>
    <at name="o">
      <constant>elis</constant>
    </at>
    <aci>
      <permission>rs</permission>
    </aci>
  </entry>
  <entry dn="ou=People,dc=elis,dc=org">
    <oc>organizationalUnit</oc>
    <oc>top</oc>
    <at name="ou" rdn="true">
      <constant>People</constant>
    </at>
  </entry>
  <entry dn="uid=...,ou=People,dc=elis,dc=org">
    <oc>top</oc>
    <at name="cn">
      <variable>sPeople.cn</variable>
    </at>
    <at name="employeeNumber">
      <variable>sPeople.employeeNumber</variable>
    </at>
    <at name="givenName">
      <variable>sPeople.givenName</variable>
    </at>
    <at name="mail">
      <variable>sPeople.mail</variable>
    </at>
    <at name="sn">
      <variable>sPeople.sn</variable>
    </at>
    <at name="uid" rdn="true">
      <variable>sPeople.uid</variable>
    </at>
    <at name="userPassword">
      <variable>sPeople.userPassword</variable>
    </at>
    <source name="sPeople">
      <source-name>sPeople</source-name>
      <field name="cn">
        <variable>cn</variable>
      </field>
      <field name="employeeNumber">
        <variable>employeeNumber</variable>
      </field>
      <field name="givenName">
        <variable>givenName</variable>
      </field>
      <field name="mail">
        <variable>mail</variable>
      </field>
      <field name="sn">
        <variable>sn</variable>
      </field>
      <field name="uid">
        <variable>uid</variable>
      </field>
      <field name="userPassword">
        <variable>userPassword</variable>
      </field>
    </source>
  </entry>
  <entry dn="ou=Esterni,dc=elis,dc=org">
    <oc>organizationalUnit</oc>
    <oc>top</oc>
    <at name="ou" rdn="true">
      <constant>Esterni</constant>
    </at>
  </entry>
  <entry dn="uid=...,ou=Esterni,dc=elis,dc=org">
    <oc>top</oc>
    <at name="cn">
      <variable>sEsterni.cn</variable>
    </at>
    <at name="employeeNumber">
      <variable>sEsterni.employeeNumber</variable>
    </at>
    <at name="givenName">
      <variable>sEsterni.givenName</variable>
    </at>
    <at name="mail">
      <variable>sEsterni.mail</variable>
    </at>
    <at name="sn">
      <variable>sEsterni.sn</variable>
    </at>
    <at name="uid" rdn="true">
      <variable>sEsterni.uid</variable>
    </at>
    <at name="userPassword">
      <variable>sEsterni.userPassword</variable>
    </at>
    <source name="sEsterni">
      <source-name>sEsterni</source-name>
      <field name="cn">
        <variable>cn</variable>
      </field>
      <field name="employeeNumber">
        <variable>employeeNumber</variable>
      </field>
      <field name="givenName">
        <variable>givenName</variable>
      </field>
      <field name="mail">
        <variable>mail</variable>
      </field>
      <field name="sn">
        <variable>sn</variable>
      </field>
      <field name="uid">
        <variable>uid</variable>
      </field>
      <field name="userPassword">
        <variable>userPassword</variable>
      </field>
    </source>
  </entry>
</mapping>

All others configurations have default values
Additional Comments From endisd dated Thu Jan 24 20:06:20 CST 2008 
This issue is fixed or no longer reproducible in Penrose 1.2.5 and 2.0.


=========================================================
Issue dump from jira
$VAR1 = {
          'priority' => '1',
          'customFieldValues' => [],
          'project' => 'PENROSE',
          'status' => '5',
          'components' => [
                            {}
                          ],
          'reporter' => 'fairsayan',
          'key' => 'PENROSE-258',
          'assignee' => 'endisd',
          'summary' => 'Invalid credentials when you try to bind with a dynamic user',
          'id' => '10872',
          'updated' => '2008-01-24 20:06:20.0',
          'votes' => '0',
          'fixVersions' => [
                           {
                             'releaseDate' => '2008-04-14 00:00:00.0',
                             'sequence' => '27',
                             'name' => 'Penrose-1.2.5',
                             'released' => 'true',
                             'id' => '10124',
                             'archived' => 'false'
                           },
                           {
                             'releaseDate' => '2008-04-07 00:00:00.0',
                             'sequence' => '28',
                             'name' => 'Penrose-2.0RC1',
                             'released' => 'true',
                             'id' => '10093',
                             'archived' => 'false'
                           }
                         ],
          'description' => '2 dynamic sources. From source "sPeople" system can take user uid=d.pontari,ou=People,dc=elis,dc=org. Using Penrose 1.1.2 I can bind with that user, with Penrose 1.2.4 these are the exceptions:

[09/21/2007 15:35:14] Unbind "uid=admin,ou=system".
[09/21/2007 15:35:14] Bind "uid=d.pontari,ou=People,dc=elis,dc=org".
[09/21/2007 15:35:14] Invalid Credentials
LDAPException: Invalid Credentials (49) Invalid Credentials
LDAPException: Server Message: Invalid Credentials
        at org.ietf.ldap.LDAPException.<init>(Unknown Source)
        at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(Exception
Util.java:73)
        at org.safehaus.penrose.util.ExceptionUtil.createLDAPException(Exception
Util.java:61)
        at org.safehaus.penrose.engine.basic.BasicEngine.bind(BasicEngine.java:3
40)
        at org.safehaus.penrose.handler.Handler.bind(Handler.java:170)
        at org.safehaus.penrose.handler.HandlerManager.bind(HandlerManager.java:
220)
        at org.safehaus.penrose.session.Session.bind(Session.java:296)
        at org.safehaus.penrose.backend.PenroseSession.bind(PenroseSession.java:
119)
        at org.safehaus.penrose.mina.BindHandler.messageReceived(BindHandler.jav
a:44)
        at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(Demux
ingIoHandler.java:144)
        at org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messa
geReceived(AbstractIoFilterChain.java:703)
        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageR
eceived(AbstractIoFilterChain.java:362)
        at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(Abst
ractIoFilterChain.java:54)
        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.mess
ageReceived(AbstractIoFilterChain.java:800)
        at org.apache.mina.filter.codec.support.SimpleProtocolDecoderOutput.flus
h(SimpleProtocolDecoderOutput.java:60)
        at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(Prot
ocolCodecFilter.java:190)
        at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageR
eceived(AbstractIoFilterChain.java:362)
        at org.apache.mina.common.support.AbstractIoFilterChain.access$1200(Abst
ractIoFilterChain.java:54)
        at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.mess
ageReceived(AbstractIoFilterChain.java:800)
        at org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorF
ilter.java:243)
        at org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.
run(ExecutorFilter.java:305)
        at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Wor
ker.runTask(ThreadPoolExecutor.java:665)
        at edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Wor
ker.run(ThreadPoolExecutor.java:690)
        at java.lang.Thread.run(Unknown Source)

But if I try with cn=Domenico Pontari,ou=People,dc=elis,dc=org or with uid=d.pontari,dc=elis,dc=org it works.
I suppose "Domenico Pontari" is the correct cn for d.pontari user.

Configurations are:

CONNECTIONS.XML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE connections PUBLIC "-//Penrose/DTD Connections 1.1//EN" "http://penrose.safehaus.org/dtd/connections.dtd">

<connections>
  <connection name="MySQL">
    <adapter-name>JDBC</adapter-name>
    <parameter>
      <param-name>user</param-name>
      <param-value>root</param-value>
    </parameter>
    <parameter>
      <param-name>password</param-name>
      <param-value>xxx</param-value>
    </parameter>
    <parameter>
      <param-name>url</param-name>
      <param-value>jdbc:mysql://localhost:3306/ldap?autoReconnect=true</param-value>
    </parameter>
    <parameter>
      <param-name>driver</param-name>
      <param-value>com.mysql.jdbc.Driver</param-value>
    </parameter>
  </connection>
</connections>

SOURCES.XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sources PUBLIC "-//Penrose/DTD Sources 1.1//EN" "http://penrose.safehaus.org/dtd/sources.dtd">

<sources>
  <source name="sPeople">
    <connection-name>MySQL</connection-name>
    <field name="cn"/>
    <field name="employeeNumber"/>
    <field name="givenName"/>
    <field name="mail"/>
    <field name="sn"/>
    <field name="uid" primaryKey="true"/>
    <field name="userPassword"/>
    <parameter>
      <param-name>catalog</param-name>
      <param-value>ldap</param-value>
    </parameter>
    <parameter>
      <param-name>table</param-name>
      <param-value>tpeople</param-value>
    </parameter>
  </source>
  <source name="sEsterni">
    <connection-name>MySQL</connection-name>
    <field name="cn"/>
    <field name="employeeNumber"/>
    <field name="givenName"/>
    <field name="mail"/>
    <field name="sn"/>
    <field name="uid" primaryKey="true"/>
    <field name="userPassword"/>
    <parameter>
      <param-name>catalog</param-name>
      <param-value>ldap</param-value>
    </parameter>
    <parameter>
      <param-name>table</param-name>
      <param-value>testerni</param-value>
    </parameter>
  </source>
</sources>

MAPPING.XML
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapping PUBLIC "-//Penrose/DTD Mapping 1.1//EN" "http://penrose.safehaus.org/dtd/mapping.dtd">

<mapping>
  <entry dn="dc=elis,dc=org">
    <oc>dcObject</oc>
    <oc>organization</oc>
    <at name="dc" rdn="true">
      <constant>elis</constant>
    </at>
    <at name="o">
      <constant>elis</constant>
    </at>
    <aci>
      <permission>rs</permission>
    </aci>
  </entry>
  <entry dn="ou=People,dc=elis,dc=org">
    <oc>organizationalUnit</oc>
    <oc>top</oc>
    <at name="ou" rdn="true">
      <constant>People</constant>
    </at>
  </entry>
  <entry dn="uid=...,ou=People,dc=elis,dc=org">
    <oc>top</oc>
    <at name="cn">
      <variable>sPeople.cn</variable>
    </at>
    <at name="employeeNumber">
      <variable>sPeople.employeeNumber</variable>
    </at>
    <at name="givenName">
      <variable>sPeople.givenName</variable>
    </at>
    <at name="mail">
      <variable>sPeople.mail</variable>
    </at>
    <at name="sn">
      <variable>sPeople.sn</variable>
    </at>
    <at name="uid" rdn="true">
      <variable>sPeople.uid</variable>
    </at>
    <at name="userPassword">
      <variable>sPeople.userPassword</variable>
    </at>
    <source name="sPeople">
      <source-name>sPeople</source-name>
      <field name="cn">
        <variable>cn</variable>
      </field>
      <field name="employeeNumber">
        <variable>employeeNumber</variable>
      </field>
      <field name="givenName">
        <variable>givenName</variable>
      </field>
      <field name="mail">
        <variable>mail</variable>
      </field>
      <field name="sn">
        <variable>sn</variable>
      </field>
      <field name="uid">
        <variable>uid</variable>
      </field>
      <field name="userPassword">
        <variable>userPassword</variable>
      </field>
    </source>
  </entry>
  <entry dn="ou=Esterni,dc=elis,dc=org">
    <oc>organizationalUnit</oc>
    <oc>top</oc>
    <at name="ou" rdn="true">
      <constant>Esterni</constant>
    </at>
  </entry>
  <entry dn="uid=...,ou=Esterni,dc=elis,dc=org">
    <oc>top</oc>
    <at name="cn">
      <variable>sEsterni.cn</variable>
    </at>
    <at name="employeeNumber">
      <variable>sEsterni.employeeNumber</variable>
    </at>
    <at name="givenName">
      <variable>sEsterni.givenName</variable>
    </at>
    <at name="mail">
      <variable>sEsterni.mail</variable>
    </at>
    <at name="sn">
      <variable>sEsterni.sn</variable>
    </at>
    <at name="uid" rdn="true">
      <variable>sEsterni.uid</variable>
    </at>
    <at name="userPassword">
      <variable>sEsterni.userPassword</variable>
    </at>
    <source name="sEsterni">
      <source-name>sEsterni</source-name>
      <field name="cn">
        <variable>cn</variable>
      </field>
      <field name="employeeNumber">
        <variable>employeeNumber</variable>
      </field>
      <field name="givenName">
        <variable>givenName</variable>
      </field>
      <field name="mail">
        <variable>mail</variable>
      </field>
      <field name="sn">
        <variable>sn</variable>
      </field>
      <field name="uid">
        <variable>uid</variable>
      </field>
      <field name="userPassword">
        <variable>userPassword</variable>
      </field>
    </source>
  </entry>
</mapping>

All others configurations have default values',
          'affectsVersions' => [
                               {
                                 'releaseDate' => '2007-07-17 00:00:00.0',
                                 'sequence' => '26',
                                 'name' => 'Penrose-1.2.4',
                                 'released' => 'true',
                                 'id' => '10123',
                                 'archived' => 'false'
                               }
                             ],
          'created' => '2007-09-21 09:53:10.0',
          'environment' => 'Windows XP',
          'resolution' => '1',
          'type' => '1'
        };


=========================================================

Comment 1 Chandrasekar Kannan 2008-12-27 08:10:21 UTC

Marking bug as MODIFIED as it was already resolved in Jira - PENROSE-258

Note You need to log in before you can comment on or make changes to this bug.