859361 – engine: GSSAPIDirContextAuthenticationStrategy gets Error from Kerberos with java.lang.NullPointerException

Bug 859361 - engine: GSSAPIDirContextAuthenticationStrategy gets Error from Kerberos with java.lang.NullPointerException

Summary: engine: GSSAPIDirContextAuthenticationStrategy gets Error from Kerberos with ...

Keywords:
Status:	CLOSED DUPLICATE of bug 858769
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine
Sub Component:
Version:	3.1.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Yair Zaslavsky
QA Contact:	Pavel Stehlik
Docs Contact:
URL:
Whiteboard:	infra
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-09-21 10:07 UTC by Dafna Ron
Modified:	2016-02-10 19:17 UTC (History)
CC List:	10 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-09-23 09:48:48 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
log (215.61 KB, application/x-xz) 2012-09-21 10:07 UTC, Dafna Ron	no flags	Details
View All

Description Dafna Ron 2012-09-21 10:07:03 UTC

Created attachment 615356 [details]
log

Description of problem:

we are getting NPE on command GSSAPIDirContextAuthenticationStrategy when we try to add a user from domain with internal user. 

Version-Release number of selected component (if applicable):

si18

How reproducible:

100%

Steps to Reproduce:
1. add a domain using rhevm-manage-domains (do not add permissions)
2. log in to rhevm with internal user and try to add a user
3.
  
Actual results:

we are getting NPE on ERROR from krb. 

Expected results:

we should not get NPE

Additional info: full engine log attached

command used to add the domains: 

rhevm-manage-domains -action=add -domain=qa.lab.tlv.redhat.com -provider=activeDirectory -user=vdcadmin -interactive

2012-09-21 12:59:01,922 ERROR [org.ovirt.engine.core.bll.adbroker.DirectorySearcher] (ajp-/127.0.0.1:8009-8) Failed ldap search server LDAP://qa2-tlv.qa.lab.tlv.redhat.com:389 due to javax.naming.CommunicationException: qa2-tlv.qa.lab.tlv.redhat.com:389 [Root exception is java.net.SocketTimeoutException: connect timed out]. We should try the next server
2012-09-21 12:59:01,991 ERROR [org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy] (ajp-/127.0.0.1:8009-10) Error from Kerberos: java.lang.NullPointerException
        at org.ovirt.engine.core.bll.adbroker.GSSAPICallbackHandler.handle(GSSAPICallbackHandler.java:47)
        at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:969)
        at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:966)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:965)
        at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:870)
        at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:715)
        at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:580)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
        at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticateToKDC(GSSAPIDirContextAuthenticationStrategy.java:127)
        at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.explicitAuth(GSSAPIDirContextAuthenticationStrategy.java:119)
        at org.ovirt.engine.core.bll.adbroker.GSSAPIDirContextAuthenticationStrategy.authenticate(GSSAPIDirContextAuthenticationStrategy.java:111)
        at org.ovirt.engine.core.bll.adbroker.GSSAPILdapTemplateWrapper.useAuthenticationStrategy(GSSAPILdapTemplateWrapper.java:86)
        at org.ovirt.engine.core.bll.adbroker.PrepareLdapConnectionTask.call(PrepareLdapConnectionTask.java:56)
        at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.find(DirectorySearcher.java:103)
        at org.ovirt.engine.core.bll.adbroker.DirectorySearcher.FindAll(DirectorySearcher.java:48)
        at org.ovirt.engine.core.bll.adbroker.LdapSearchGroupsByQueryCommand.executeQuery(LdapSearchGroupsByQueryCommand.java:22)
        at org.ovirt.engine.core.bll.adbroker.LdapBrokerCommandBase.Execute(LdapBrokerCommandBase.java:69)
        at org.ovirt.engine.core.bll.adbroker.LdapBrokerBase.RunAdAction(LdapBrokerBase.java:18)

Comment 1 Yair Zaslavsky 2012-09-23 09:48:48 UTC


*** This bug has been marked as a duplicate of bug 858769 ***

Note You need to log in before you can comment on or make changes to this bug.