[infinispan-issues] [JBoss JIRA] (ISPN-4669) Loading LDAP roles fails when some principal hasn't LDAP record
RH Bugzilla Integration (JIRA)
issues at jboss.org
Wed Sep 3 11:09:03 EDT 2014
[ https://issues.jboss.org/browse/ISPN-4669?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12998455#comment-12998455 ]
RH Bugzilla Integration commented on ISPN-4669:
-----------------------------------------------
Tristan Tarrant <ttarrant at redhat.com> changed the Status of [bug 1134085|https://bugzilla.redhat.com/show_bug.cgi?id=1134085] from NEW to POST
> Loading LDAP roles fails when some principal hasn't LDAP record
> ---------------------------------------------------------------
>
> Key: ISPN-4669
> URL: https://issues.jboss.org/browse/ISPN-4669
> Project: Infinispan
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Server
> Reporter: Vojtech Juranek
> Assignee: Tristan Tarrant
> Fix For: 7.0.0.Beta2, 7.0.0.Final
>
>
> In server mode, when loading the roles from LDAP (e.g. scenario GSSAPI authentization and authorization is delegate to LDAP), it fails with following exception when some principal (typically {{InetAddressPrincipal}}) hasn't a record in LDAP:
> {noformat}
> Caused by: java.lang.SecurityException: JDGS010022: Cannot retrieve authorization information for user admin at INFINISPAN.ORG
> at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.getSubjectUserInfo(EndpointServerAuthenticationProvider.java:96) [infinispan-server-endpoints-7.0.0-SNAPSHOT.
> jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.hotrod.Decoder2x$.customReadHeader(Decoder2x.scala:238) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.hotrod.HotRodDecoder.customDecodeHeader(HotRodDecoder.scala:152) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.decodeHeader(AbstractProtocolDecoder.scala:148) [infinispan.jar:7.0.0-SNAPSHOT]
> at org.infinispan.server.core.AbstractProtocolDecoder.secureDecodeDispatch(AbstractProtocolDecoder.scala:96) [infinispan.jar:7.0.0-SNAPSHOT]
> ... 14 more
> Caused by: java.io.IOException: javax.naming.NamingException: JBAS015231: User '127.0.0.1' not found in directory.
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:171) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.jboss.as.domain.management.security.SecurityRealmService$1.createSubjectUserInfo(SecurityRealmService.java:200) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.infinispan.server.endpoint.subsystem.EndpointServerAuthenticationProvider$GSSAPIEndpointAuthorizingCallbackHandler.getSubjectUserInfo(EndpointServerAuthenticationProvider.java:94) [infinispan-server-endpoints-7.0.0-SNAPSHOT.jar:7.0.0-SNAPSHOT]
> ... 18 more
> Caused by: javax.naming.NamingException: JBAS015231: User '127.0.0.1' not found in directory.
> at org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:130) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.jboss.as.domain.management.security.LdapUserSearcherFactory$LdapUserSearcherImpl.search(LdapUserSearcherFactory.java:67) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.jboss.as.domain.management.security.LdapCacheService$NoCacheCache.search(LdapCacheService.java:223) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.loadGroups(LdapSubjectSupplementalService.java:184) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> at org.jboss.as.domain.management.security.LdapSubjectSupplementalService$LdapSubjectSupplemental.supplementSubject(LdapSubjectSupplementalService.java:163) [wildfly-domain-management-8.1.0.Final.jar:8.1.0.Final]
> ... 20 more
> {noformat}
--
This message was sent by Atlassian JIRA
(v6.3.1#6329)
More information about the infinispan-issues
mailing list