Created attachment 423258 [details] server log Description of problem: Upgrade JON2.3 to JON 2.4Beta1 with postgres gets LDAP error/exception in server log. 2010-06-11 17:12:17,316 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] Disabling RHQ LDAP JAAS Provider: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 57, vece] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 57, vece] Version-Release number of selected component (if applicable): JON 2.4Beta1 How reproducible: Always Steps to Reproduce: 1) Install JON 2.3 with Postgres 8.4 2) Set 'LDAP Configuration Properties' and use LDAP Authentication 3) Upgrade JON 2.3 to JON 2.4Beta1 (same database) 4) Refer server log file. Note: After upgrade the 'LDAP Configuration Properties' is 'AS IS' even after upgrade. But there is exception/error in server log. Actual results: Upgrade JON2.3 to JON 2.4Beta1 gets LDAP error in server log. Expected results: Upgrade JON2.3 to JON 2.4Beta1 should not give LDAP error/exception in server log. Additional info: 2010-06-11 17:12:16,975 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] Enabled the temporary session login module 2010-06-11 17:12:17,316 INFO [org.rhq.enterprise.server.core.CustomJaasDeploymentService] Disabling RHQ LDAP JAAS Provider: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 57, vece] javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030F, comment: AcceptSecurityContext error, data 57, vece] at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3041) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987) at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2789) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2703) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:293) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at org.rhq.enterprise.server.core.CustomJaasDeploymentService.validateLdapOptions(CustomJaasDeploymentService.java:213) at org.rhq.enterprise.server.core.CustomJaasDeploymentService.registerJaasModules(CustomJaasDeploymentService.java:131) at org.rhq.enterprise.server.core.CustomJaasDeploymentService.installJaasModules(CustomJaasDeploymentService.java:69) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:288) at $Proxy527.installJaasModules(Unknown Source) at org.rhq.enterprise.gui.startup.StartupServlet.installJaasModules(StartupServlet.java:254) at org.rhq.enterprise.gui.startup.StartupServlet.init(StartupServlet.java:126) at javax.servlet.GenericServlet.init(GenericServlet.java:212) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1161) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:981) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4071) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4375) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:790) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:770) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:553) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.apache.catalina.core.StandardContext.init(StandardContext.java:5312) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:296) at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.web.tomcat.service.TomcatDeployer.performDeployInternal(TomcatDeployer.java:301) at org.jboss.web.tomcat.service.TomcatDeployer.performDeploy(TomcatDeployer.java:104) at org.jboss.web.AbstractWebDeployer.start(AbstractWebDeployer.java:375) at org.jboss.web.WebModule.startModule(WebModule.java:83) at org.jboss.web.WebModule.startService(WebModule.java:61) at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289) at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978) at $Proxy0.start(Unknown Source) at org.jboss.system.ServiceController.start(ServiceController.java:417) at sun.reflect.GeneratedMethodAccessor5.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy41.start(Unknown Source) at org.jboss.web.AbstractWebContainer.start(AbstractWebContainer.java:466) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.interceptor.DynamicInterceptor.invoke(DynamicInterceptor.java:97) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy42.start(Unknown Source) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025) at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1015) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819) at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782) at sun.reflect.GeneratedMethodAccessor34.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142) at org.jboss.mx.server.Invocation.invoke(Invocation.java:88) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210) at $Proxy9.deploy(Unknown Source) at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:421) at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:634) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:263) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.loop(AbstractDeploymentScanner.java:274) at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.run(AbstractDeploymentScanner.java:225) 2010-06-11 17:12:17,319 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/]] initializer: Starting the server-agent communications services 2010-06-11 17:12:17,425 INFO [org.rhq.enterprise.communications.ServiceContainer] {ServiceContainer.global-concurrency-limit-set}Global concurrency limit has been set - no more than [30] incoming commands will be accepted at the same time 2010-06-11 17:12:17,490 INFO [org.rhq.enterprise.communications.ServiceContainer] {ServiceContainer.started}Service container started - ready to accept incoming commands
Reproduced this and it's weird. Need to check the property values before and right after an upgrade. I think somehow we're resetting or emptying the password field.
jshaughn could not reproduce (5:07:05 PM) ccrouch: jshaughn: any update on 603050? (5:07:32 PM) jshaughn: Did not replicate on 2.3.1 to 2.4 with Oracle (5:08:11 PM) ccrouch: so the system config rows for ldap were completely unchanged? (5:09:01 PM) jshaughn: correct (5:09:16 PM) jshaughn: discussing with simeon other possibilities (5:11:23 PM) ccrouch: i guess we could just try reproducing on PG with ldap configured and seeing if ldap continued to work in 2.4? (5:12:29 PM) jshaughn: ccrouch: I'm trying now from 2.2.0 to 2.4 with postgres (5:21:20 PM) ccrouch: spinder: can you test just a regular upgrade, but with an actual ldap server configured, and make sure ldap users who can login to 2.3 can still seemlessly loginto 2.4, without any changes? (5:26:43 PM) jshaughn: ccrouch: spinder, this is working as expected. I'm not sure what evil force twisted both rajan and simeon's test but postgres 2.2.0 to 2.4 did not show any issue. I can only imagine that somehow, maybe due to browser pwd caching or something, set bad creds before the upgrade. (5:27:39 PM) jshaughn: spinder: and I saw FF prompt for some odd pwd saving for ldap fields. (5:28:19 PM) ccrouch: jshaughn: hmm that could be it, it will treat that field like a username/password box (5:33:35 PM) jshaughn: ccrouch: The error they saw is definitely seen if the ldap creds are wrong. Ijust think they had to have been wrong for some other reason. I think you can close the bz (5:34:54 PM) spinder: jshaughn, ccrouch: excellent. Did not need and extra drama. (5:34:58 PM) ccrouch: jshaughn: sounds good, if they are even able to hit an ldap server then some of the config data must have stuck, otherwise the upgraded version would not have know where to try to talk (5:36:11 PM) jshaughn: yes, certainly the ldap url was right. fact is, there is no way I can see that the system config table can get hit in any negative way during our upgrade steps. I went back to 2.2 just to see if it made any diff