[keycloak-user] Error during LDAP syncing on Keycloak 1.4.0

Marek Posolda mposolda at redhat.com
Tue Aug 4 06:39:55 EDT 2015 

Hi,

this means that some of your LDAP user record doesn't have the 
attribute, which you mapped as "Username LDAP Attribute" in the admin 
console. For example if you configured
"Username LDAP Attribute" as "cn" and some of your LDAP user doesn't 
have "cn" . I've created JIRA 
https://issues.jboss.org/browse/KEYCLOAK-1728 and have a fix, which will 
be available in 1.5 . The fix will give you better error message and 
won't break whole sync process with NPE, but just won't import the 
incorrect user, which has missing attribute.

Until that, you can either fix LDAP user records in your LDAP server to 
contain the missing attribute, or you can configure "Username LDAP 
Attribute" to different value.

Marek

On 29.7.2015 11:10, Nair, Rajat wrote:
>
> Hi,
>
> As part of testing another issue (Distributed Keycloak user sessions 
> using Infinispan), I upgraded my nodes to Keycloak 1.4.0 (grabbed 
> release from here - 
> http://central.maven.org/maven2/org/keycloak/keycloak-server-dist/1.4.0.Final/keycloak-server-dist-1.4.0.Final.tar.gz). 
> I wiped out our Keycloak database and recreated it. After configuring 
> our LDAP server (similar configuration which worked against Keycloak 
> 1.3.1 Final), when we try to sync users we get following exception –
>
> 2015-07-29 09:00:42,062 ERROR [io.undertow.request] (default task-25) 
> UT005023: Exception handling request to 
> /auth/admin/realms/test/user-federation/instances/3ccbe831-2d9b-4253-8fe7-343d7ead505d/sync: 
> java.lang.RuntimeException: request path: 
> /auth/admin/realms/test/user-federation/instances/3ccbe831-2d9b-4253-8fe7-343d7ead505d/sync
>
>         at 
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:73)
>
>         at 
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>
>         at 
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>
>         at 
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
>
>         at 
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>
>         at 
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>
>         at 
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
>         at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>         at 
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
>
>         at 
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>
>         at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>         at 
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>
>         at 
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>
>         at 
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>
>         at 
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:72)
>
>         at 
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>
>         at 
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>
>         at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>         at 
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
>         at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>         at 
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
>         at 
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:282)
>
>         at 
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:261)
>
>         at 
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
>
>         at 
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
>
>         at 
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>
>         at 
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
>
>         at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown 
> Source)
>
>         at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown 
> Source)
>
>         at java.lang.Thread.run(Unknown Source)
>
> Caused by: org.jboss.resteasy.spi.UnhandledException: 
> java.lang.NullPointerException
>
>         at 
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>
>         at 
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>
>         at 
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
>
>         at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
>
>         at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
>
>         at 
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
>
>         at 
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>
> at 
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>
>         at 
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
>
>         at 
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
>
>         at 
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:59)
>
>         ... 29 more
>
> Caused by: java.lang.NullPointerException
>
>         at 
> org.keycloak.models.cache.DefaultCacheUserProvider.getUserByUsername(DefaultCacheUserProvider.java:149)
>
>         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory$2.run(LDAPFederationProviderFactory.java:294)
>
>         at 
> org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:242)
>
>         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:286)
>
>         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:241)
>
>         at 
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:200)
>
>         at 
> org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)
>
>         at 
> org.keycloak.services.resources.admin.UserFederationProviderResource.syncUsers(UserFederationProviderResource.java:143)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
>
>         at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
>
>         at java.lang.reflect.Method.invoke(Unknown Source)
>
>         at 
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
>
>         at 
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
>
>         at 
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>
>         at 
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
>
>         at 
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
>
>         ... 37 more
>
> Could this be a regression?
>
> -- Rajat
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150804/e680a86d/attachment-0001.html

More information about the keycloak-user mailing list