[keycloak-user] Error during "Synchronize all users" from an LDAP Server
Marek Posolda
mposolda at redhat.com
Wed Jun 24 03:53:26 EDT 2015
Hi Giovanni,
this is bug similar to already reported here
https://issues.jboss.org/browse/KEYCLOAK-1487, I will need to take a
look at it.
Marek
On 22.6.2015 20:20, Giovanni Baruzzi wrote:
> Dear Friends,
>
> I got the following exception trying to “synchronize all users” from a
> LDAP Server. The dialog user is „Settings->User Federation->Settings.
>
> Please find the details about the LDAP Server further below after the
> Java LOG.
>
> Thank for your attention,
>
> Giovanni
>
> =====================
>
> 20:23:38,119 ERROR [io.undertow.request] (default task-9) UT005023:
> Exception handling request to
> /auth/admin/realms/demo/user-federation/instances/6f4de879-f4b7-4d74-9141-46044c4b9e09/sync:
> java.lang.RuntimeException: request path:
> /auth/admin/realms/demo/user-fede
> ration/instances/6f4de879-f4b7-4d74-9141-46044c4b9e09/sync
>
> at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:54)
>
> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>
> at
> io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
>
> at
> io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>
> at
> io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>
> at
> org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.
> java:78)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
> io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java
> :131)
>
> at
> io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java
> :57)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
> io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>
> at
> io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstrai
> ntHandler.java:64)
>
> at
> io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
>
> at
> io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.ja
> va:72)
>
> at
> io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>
> at
> io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
> org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
> io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:274)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:253)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
>
> at
> io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
>
> at
> io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
>
> at
> io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
>
> at
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>
> at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>
> at java.lang.Thread.run(Thread.java:745)
>
> Caused by: org.jboss.resteasy.spi.UnhandledException:
> java.lang.IllegalStateException: Expected String but attribute was
> [adub, sdub] of type java.util.TreeSet
>
> at
> org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
>
> at
> org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
>
> at
> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
>
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>
> at
> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
>
> at
> io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
>
> at
> org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41)
>
> at
> io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
>
> at
> io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
>
> at
> org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:40)
>
> ... 29 more
>
> Caused by: java.lang.IllegalStateException: Expected String but
> attribute was [adub, sdub] of type java.util.TreeSet
>
> at
> org.keycloak.federation.ldap.idm.model.LDAPObject.getAttributeAsString(LDAPObject.java:79)
>
> at
> org.keycloak.federation.ldap.LDAPUtils.getUsername(LDAPUtils.java:76)
>
> at
> org.keycloak.federation.ldap.LDAPFederationProvider.importLDAPUsers(LDAPFederationProvider.java:390)
>
> at
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:269)
>
> at
> org.keycloak.federation.ldap.LDAPFederationProviderFactory$1.run(LDAPFederationProviderFactory.java:223)
>
> at
> org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:241)
>
> at
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:219)
>
> at
> org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:177)
>
> at
> org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)
>
> at
> org.keycloak.services.resources.admin.UserFederationProviderResource.syncUsers(UserFederationProviderResource.java:144)
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.lang.reflect.Method.invoke(Method.java:606)
>
> at
> org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
>
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
>
> at
> org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
>
> at
> org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
>
> at
> org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
>
> ... 40 more
>
> The LDAP Server is a port389 (nearly identical to RedHat) this is an
> excerpt of the LDIF of the people container
>
> (all test data, not real people)
>
> dn: ou=People, dc=syntlogo,dc=de
>
> objectClass: top
>
> objectClass: organizationalunit
>
> ou: People
>
> dn: uid=cros, ou=People, dc=syntlogo,dc=de
>
> cn: Carlo Rossi
>
> sn: Rossi
>
> givenName: Carlo
>
> objectClass: top
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: inetOrgPerson
>
> ou: Accounting
>
> ou: People
>
> l: Milano
>
> uid: cros
>
> mail:carlo.rossi at mycompany.com <mailto:carlo.rossi at mycompany.com>
>
> telephoneNumber: +39-02-2267-4798
>
> facsimileTelephoneNumber: +39-02-2267-9751
>
> roomNumber: 4612
>
> userPassword: {SSHA}dvuiZA9vGMEqopNlIJ2qwxf0igE1fmJVLB8MRw==
>
> dn: uid=gste, ou=People, dc=syntlogo,dc=de
>
> cn: Gudrun Steinle
>
> sn: Steinle
>
> givenName: Gudrun
>
> objectClass: top
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: inetOrgPerson
>
> ou: Accounting
>
> ou: People
>
> l: Stuttgart
>
> uid: gste
>
> mail:gudrun.steinle at mycompany.com <mailto:gudrun.steinle at mycompany.com>
>
> telephoneNumber: +49-711-2359-9187
>
> facsimileTelephoneNumber: +49-711-2359-8473
>
> roomNumber: 4117
>
> userPassword: {SSHA}wc8v0cdM3GNzzQZ9EkfH5EdUBUMqVtMCDlTXFQ==
>
> dn: uid=abia, ou=People, dc=syntlogo,dc=de
>
> cn: Antonio Bianchi
>
> sn: Bianchi
>
> givenName: Antonio
>
> objectClass: top
>
> objectClass: person
>
> objectClass: organizationalPerson
>
> objectClass: inetOrgPerson
>
> ou: Human Resources
>
> ou: People
>
> l: Milano
>
> uid: abia
>
> mail:antonio.bianchi at mycompany.com <mailto:antonio.bianchi at mycompany.com>
>
> telephoneNumber: +39-02-2267- 5625
>
> facsimileTelephoneNumber: +39-02-2267- 3372
>
> roomNumber: 2871
>
> userPassword: {SSHA}+b2IRLQ2tPT5xLSiYAnM4vuUrY7FMac/NwGXFQ==
>
> and in the log of the LDAP server is the following to see:
>
> [18/May/2015:14:32:26 +0200] conn=168 fd=64 slot=64 connection from
> 10.1.0.90 to 10.1.0.93
>
> [18/May/2015:14:32:26 +0200] conn=169 fd=65 slot=65 connection from
> 10.1.0.90 to 10.1.0.93
>
> [18/May/2015:14:32:26 +0200] conn=169 op=0 BIND dn="cn=directory
> manager" method=128 version=3
>
> [18/May/2015:14:32:26 +0200] conn=169 op=0 RESULT err=0 tag=97
> nentries=0 etime=0 dn="cn=directory manager"
>
> [18/May/2015:14:32:26 +0200] conn=169 op=1 SRCH
> base="ou=people,dc=syntlogo,dc=local" scope=1
> filter="(&(objectClass=organizationalPerson)(objectClass=inetOrgPerson))"
> attrs="uid nsUniqueId mail createTimestamp sn cn objectClass
> modifyTimestamp"
>
> [18/May/2015:14:32:26 +0200] conn=169 op=1 RESULT err=0 tag=101
> nentries=19 etime=0 notes=P
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150624/7c9ffe4e/attachment-0001.html
More information about the keycloak-user
mailing list