Re: [keycloak-user] LDAP null uuid Regression?

Wednesday, 27 March 2019

I guess you already fixed this based on your other post?

Thanks,
Marek

On 27/03/2019 17:00, Ryan Slominski wrote:
...
 I'm attempting to setup Keycloak 5.0.0 with Java 11 with a LDAP
User Storage Provider, and I am unable to load users into Keycloak.   I'm using Red
Hat Identity Manager as the LDAP server (which, I believe uses Red Hat Directory Server
under the hood).   The error in the log file when I navigate to the "Users" menu
to try to search for a user is:

 2019-03-27 11:38:54,095 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default
task-15) Uncaught server error: org.keycloak.models.ModelException: User returned from
LDAP has null uuid! Check configuration of your LDAP settings. UUID Attribute must be
unique among your LDAP records and available on all the LDAP user records. If your LDAP
server really doesn't support the notion of UUID, you can use any other attribute,
which is supposed to be unique among LDAP users in tree. For example 'uid' or
'entryDN' . Mapped UUID LDAP attribute: nsuniqueid, user DN:
uid=ryans,cn=users,cn=accounts,dc=acc,dc=jlab,dc=org

          at
org.keycloak.keycloak-ldap-federation@5.0.0//org.keycloak.storage.ldap.LDAPUtils.checkUuid(LDAPUtils.java:123)

          at
org.keycloak.keycloak-ldap-federation@5.0.0//org.keycloak.storage.ldap.LDAPStorageProvider.importUserFromLDAP(LDAPStorageProvider.java:498)

          at
org.keycloak.keycloak-ldap-federation@5.0.0//org.keycloak.storage.ldap.LDAPStorageProvider.searchForUser(LDAPStorageProvider.java:372)

          at
org.keycloak.keycloak-ldap-federation@5.0.0//org.keycloak.storage.ldap.LDAPStorageProvider.searchForUser(LDAPStorageProvider.java:354)

          at
org.keycloak.keycloak-services@5.0.0//org.keycloak.storage.UserStorageManager.lambda$searchForUser$1(UserStorageManager.java:537)

          at
org.keycloak.keycloak-services@5.0.0//org.keycloak.storage.UserStorageManager.query(UserStorageManager.java:505)

          at
org.keycloak.keycloak-services@5.0.0//org.keycloak.storage.UserStorageManager.searchForUser(UserStorageManager.java:535)

          at
org.keycloak.keycloak-model-infinispan@5.0.0//org.keycloak.models.cache.infinispan.UserCacheSession.searchForUser(UserCacheSession.java:573)

          at
org.keycloak.keycloak-services@5.0.0//org.keycloak.services.resources.admin.UsersResource.getUsers(UsersResource.java:202)

          at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)

          at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

          at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

          at java.base/java.lang.reflect.Method.invoke(Method.java:566)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:139)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:509)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:399)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$0(ResourceMethodInvoker.java:363)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:365)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:337)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:137)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:106)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:132)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:100)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:439)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:229)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:135)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.interception.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:355)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:138)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:215)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:227)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)

          at
org.jboss.resteasy.resteasy-jaxrs@3.6.2.Final//org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)

          at
javax.servlet.api@1.0.0.Final//javax.servlet.http.HttpServlet.service(HttpServlet.java:791)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)

          at
org.keycloak.keycloak-services@5.0.0//org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:90)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:132)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at
io.undertow.core@2.0.15.Final//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)

          at
io.undertow.core@2.0.15.Final//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)

          at
io.undertow.core@2.0.15.Final//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)

          at
io.undertow.core@2.0.15.Final//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at
org.wildfly.extension.undertow@15.0.1.Final//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1502)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)

          at
io.undertow.servlet@2.0.15.Final//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.Connectors.executeRootHandler(Connectors.java:360)

          at
io.undertow.core@2.0.15.Final//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)

          at
org.jboss.threads@2.3.2.Final//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)

          at
org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1985)

          at
org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1487)

          at
org.jboss.threads@2.3.2.Final//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1378)

          at java.base/java.lang.Thread.run(Thread.java:834)

 I believe this is a regression since I have this currently working on another server
using Keycloak 4.1.0 and Java 8.  As a workaround I can update the "UUID LDAP
attribute" from "nsuniqueid" to "uid" and then it works again (I
can search for and find users on the Users page).  However, I know the
"nsuniqueid" field exists in LDAP and I'm using that field with Keycloak
4.1.0.    Should I create an issue ticket for this?
 _______________________________________________
 keycloak-user mailing list
 keycloak-user(a)lists.jboss.org
 https://lists.jboss.org/mailman/listinfo/keycloak-user 

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

Re: [keycloak-user] LDAP null uuid Regression?