580127 – LDAP regression - RuntimeException when submitting details of new LDAP user

Bug 580127 - LDAP regression - RuntimeException when submitting details of new LDAP user

Summary: LDAP regression - RuntimeException when submitting details of new LDAP user

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	RHQ Project
Classification:	Other
Component:	Core Server
Sub Component:
Version:	1.4
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Simeon Pinder
QA Contact:	Jeff Weiss
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	RHQ-01 rhq_triage jon-sprint8-bugs jon24-ldap
TreeView+	depends on / blocked

Reported:	2010-04-07 14:37 UTC by Jeff Weiss
Modified:	2014-11-09 22:50 UTC (History)
CC List:	2 users (show)
Fixed In Version:	2.4
Clone Of:
Environment:	linux/postgres
Last Closed:	2010-08-12 16:54:30 UTC
Embargoed:

Attachments	(Terms of Use)

Description Jeff Weiss 2010-04-07 14:37:38 UTC

Description of problem:
Can't submit user details for new LDAP user.

Version-Release number of selected component (if applicable):
d82d1581f18dcd6b9fb2a4e189df52ef82e43ece

How reproducible:
Always

Steps to Reproduce:
1. Enable ldap server (see additional info for our ldap server settings)
2. log out
3. log in as ldapuser/ldapuser
4. Fill in user details, click OK
  
Actual results:
RuntimeException - see below for stack trace

Expected results:
User is logged in 

Additional info:
URL: ldaps://jonqa.rdu.redhat.com/
Search Base: dc=example,dc=com
Username: uid=ldapuser,dc=example,dc=com
Password: ldapuser
Login Property: uid


    java.lang.RuntimeException: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=example,dc=com' at org.rhq.enterprise.server.resource.group.LdapGroupManager.buildGroup(LdapGroupManager.java:209) at org.rhq.enterprise.server.resource.group.LdapGroupManager.findAvailableGroupsFor(LdapGroupManager.java:79) at org.rhq.enterprise.gui.admin.user.RegisterAction.execute(RegisterAction.java:116) at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:636) Caused by: javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=example,dc=com' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:323) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:144) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:540) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:460) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:105) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:73) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:538) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1975) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1837) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265) at org.rhq.enterprise.server.resource.group.LdapGroupManager.buildGroup(LdapGroupManager.java:193) ... 35 more 

Missing 'equals'

    javax.naming.directory.InvalidSearchFilterException: Missing 'equals'; remaining name 'dc=example,dc=com' at com.sun.jndi.ldap.Filter.encodeSimpleFilter(Filter.java:323) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:144) at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:540) at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:460) at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:105) at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:73) at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:538) at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1975) at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1837) at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1762) at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:265) at org.rhq.enterprise.server.resource.group.LdapGroupManager.buildGroup(LdapGroupManager.java:193) at org.rhq.enterprise.server.resource.group.LdapGroupManager.findAvailableGroupsFor(LdapGroupManager.java:79) at org.rhq.enterprise.gui.admin.user.RegisterAction.execute(RegisterAction.java:116) at org.rhq.enterprise.gui.legacy.action.BaseRequestProcessor.processActionPerform(BaseRequestProcessor.java:46) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:236) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1196) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.WebUserTrackingFilter.doFilter(WebUserTrackingFilter.java:50) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.enterprise.gui.legacy.AuthenticationFilter.doFilter(AuthenticationFilter.java:129) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.rhq.helpers.rtfilter.filter.RtFilter.doFilter(RtFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Thread.java:636) 
Use ssl: true

Comment 1 Simeon Pinder 2010-04-14 14:44:30 UTC

I am unable to reproduce this issue.  In debugging another ldap issue using another box with the most recent builds provided by Sunil, I am also not able to reproduce this issue on that system either.

I notice that the "Group Search" and "Group Member" filter details were not included in the additional information section above.  Was this an inclusion oversight?  Both are used for correct ldap mapping to occur.

Are you able to reproduce this issue with one of the most recent builds?

Comment 2 Jeff Weiss 2010-04-14 17:38:21 UTC

Simeon, sorry, I pasted the stack trace in above the last line.  note: ssl=true.

The group search/group member fields are not filled in, that has always worked just fine in the past.  I'll retest on a newer build if you can point to something that you believe fixed it.  Otherwise I think the build I originally tested it on should suffice, it's only a week old.

Comment 3 Charles Crouch 2010-04-14 22:38:34 UTC

If the LDAP groups text boxes are empty then we should behave as we did, i.e. LDAP authentication, no LDAP athuz at all.

Comment 4 Jeff Weiss 2010-04-14 23:06:54 UTC

Charles, 

That's not how it behaves. Read the reproduce steps.  It lets you log in and then only barfs when you try to fill in your details.

Comment 5 Simeon Pinder 2010-04-16 13:58:53 UTC

Reproduced the problem and fix applied in build >= 218.

Details:
Error results because ldap group authorization configuration was being applied even when only ldap group authentication was being tested.  Modified code to conditionally check for authorization when it is actually enabled as well.

Commit hash:
07b28294ef1811d7877153de9516dfa6252fd2e3

Comment 6 Sunil Kondkar 2010-04-21 09:10:36 UTC

Verified on jon build # 105 (Revision: 10609)

Below are the configurations set:

URL: ldap://rajantest.usersys.redhat.com:1636
Search Base: dc=rajantest
Username: uid=ldapuser,dc=rajantest
Login Property: uid
Password=ldapuser
SSL=true

After saving this configuration, logged in as ldapuser and submitted the details of new ldap user. Clicking OK button displayed the dashboard.
No exception observed.

Also tried with below configuration:

URL: ldaps://jonqa.rdu.redhat.com/
Search Base: dc=example,dc=com
Username: uid=ldapuser,dc=example,dc=com
Password: ldapuser
Login Property: uid
SSL=true

logged in as ldapuser and submitted the details of new ldap user. Clicking OK button displayed the dashboard.
No exception observed.

Comment 7 Corey Welton 2010-08-12 16:54:30 UTC

Mass-closure of verified bugs against JON.

Note You need to log in before you can comment on or make changes to this bug.