[keycloak-user] LDAP null uuid Regression?
Ryan Slominski
ryans at jlab.org
Wed Mar 27 15:44:56 EDT 2019
I implemented a work-around, but I can't explain why nsuniqueid no longer works with Red Hat Identity Manager LDAP. This seems like a regression. I probably need to create an issue ticket for this.
________________________________
From: Marek Posolda <mposolda at redhat.com>
Sent: Wednesday, March 27, 2019 3:25 PM
To: Ryan Slominski; keycloak-user
Subject: Re: [keycloak-user] LDAP null uuid Regression?
I guess you already fixed this based on your other post?
Thanks,
Marek
On 27/03/2019 17:00, Ryan Slominski wrote:
> I'm attempting to setup Keycloak 5.0.0 with Java 11 with a LDAP User Storage Provider, and I am unable to load users into Keycloak. I'm using Red Hat Identity Manager as the LDAP server (which, I believe uses Red Hat Directory Server under the hood). The error in the log file when I navigate to the "Users" menu to try to search for a user is:
>
>
>
>
> 2019-03-27 11:38:54,095 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-15) Uncaught server error: org.keycloak.models.ModelException: User returned from LDAP has null uuid! Check configuration of your LDAP settings. UUID Attribute must be unique among your LDAP records and available on all the LDAP user records. If your LDAP server really doesn't support the notion of UUID, you can use any other attribute, which is supposed to be unique among LDAP users in tree. For example 'uid' or 'entryDN' . Mapped UUID LDAP attribute: nsuniqueid, user DN: uid=ryans,cn=users,cn=accounts,dc=acc,dc=jlab,dc=org
>
> at org.keycloak.keycloak-ldap-federation at 5.0.0//org.keycloak.storage.ldap.LDAPUtils.checkUuid(LDAPUtils.java:123)
>
> at org.keycloak.keycloak-ldap-federation at 5.0.0//org.keycloak.storage.ldap.LDAPStorageProvider.importUserFromLDAP(LDAPStorageProvider.java:498)
>
> at org.keycloak.keycloak-ldap-federation at 5.0.0//org.keycloak.storage.ldap.LDAPStorageProvider.searchForUser(LDAPStorageProvider.java:372)
>
> at org.keycloak.keycloak-ldap-federation at 5.0.0//org.keycloak.storage.ldap.LDAPStorageProvider.searchForUser(LDAPStorageProvider.java:354)
>
> at org.keycloak.keycloak-services at 5.0.0//org.keycloak.storage.UserStorageManager.lambda$searchForUser$1(UserStorageManager.java:537)
>
> at org.keycloak.keycloak-services at 5.0.0//org.keycloak.storage.UserStorageManager.query(UserStorageManager.java:505)
>
> at org.keycloak.keycloak-services at 5.0.0//org.keycloak.storage.UserStorageManager.searchForUser(UserStorageManager.java:535)
>
> at org.keycloak.keycloak-model-infinispan at 5.0.0//org.keycloak.models.cache.infinispan.UserCacheSession.searchForUser(UserCacheSession.java:573)
>
> at org.keycloak.keycloak-services at 5.0.0//org.keycloak.services.resources.admin.UsersResource.getUsers(UsersResource.java:202)
>
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
> at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>
> at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>
> at java.base/java.lang.reflect.Method.invoke(Method.java:566)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:439)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
>
> at org.jboss.resteasy.resteasy-jaxrs at 3.6.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
>
> at javax.servlet.api at 1.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:791)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
>
> at org.keycloak.keycloak-services at 5.0.0//org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at org.wildfly.extension.undertow at 15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
>
> at io.undertow.servlet at 2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)
>
> at io.undertow.core at 2.0.15.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
>
> at org.jboss.threads at 2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
>
> at org.jboss.threads at 2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)
>
> at org.jboss.threads at 2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)
>
> at org.jboss.threads at 2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)
>
> at java.base/java.lang.Thread.run(Thread.java:834)
>
>
>
>
>
> I believe this is a regression since I have this currently working on another server using Keycloak 4.1.0 and Java 8. As a workaround I can update the "UUID LDAP attribute" from "nsuniqueid" to "uid" and then it works again (I can search for and find users on the Users page). However, I know the "nsuniqueid" field exists in LDAP and I'm using that field with Keycloak 4.1.0. Should I create an issue ticket for this?
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.jboss.org%2Fmailman%2Flistinfo%2Fkeycloak-user&data=02%7C01%7Cryans%40jlab.org%7Cd591b117f7754cbd167a08d6b2ea052c%7Cb4d7ee1f4fb34f0690372b5b522042ab%7C1%7C0%7C636893115525492596&sdata=BkxYaKHrQFWxzeAKeRRaCZOt6ZEEVEGnP2jM8OSDd3o%3D&reserved=0
More information about the keycloak-user
mailing list