[keycloak-user] Error during "Synchronize all users" from an LDAP Server

Giovanni Baruzzi giovanni.baruzzi at syntlogo.de
Mon Jun 22 14:20:18 EDT 2015 

Dear Friends,

I got the following exception trying to “synchronize all users” from a LDAP Server. The dialog user is „Settings->User Federation->Settings.
Please find the details about the LDAP Server further below after the Java LOG.
Thank for your attention,
Giovanni

=====================
20:23:38,119 ERROR [io.undertow.request] (default task-9) UT005023: Exception handling request to /auth/admin/realms/demo/user-federation/instances/6f4de879-f4b7-4d74-9141-46044c4b9e09/sync: java.lang.RuntimeException: request path: /auth/admin/realms/demo/user-fede                                                      ration/instances/6f4de879-f4b7-4d74-9141-46044c4b9e09/sync
        at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:54)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
        at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:85)
        at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
        at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
        at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.                                                      java:78)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java                                                      :131)
        at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java                                                      :57)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstrai                                                      ntHandler.java:64)
        at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:58)
        at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.ja                                                      va:72)
        at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        at io.undertow.security.handlers.SecurityInitialHandler.handleRequest(SecurityInitialHandler.java:76)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:274)
        at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:253)
        at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:80)
        at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:172)
        at io.undertow.server.Connectors.executeRootHandler(Connectors.java:199)
        at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:774)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)
Caused by: org.jboss.resteasy.spi.UnhandledException: java.lang.IllegalStateException: Expected String but attribute was [adub, sdub]                                                       of type java.util.TreeSet
        at org.jboss.resteasy.core.ExceptionHandler.handleApplicationException(ExceptionHandler.java:76)
        at org.jboss.resteasy.core.ExceptionHandler.handleException(ExceptionHandler.java:212)
        at org.jboss.resteasy.core.SynchronousDispatcher.writeException(SynchronousDispatcher.java:149)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:372)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
        at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:86)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:130)
        at org.keycloak.services.filters.ClientConnectionFilter.doFilter(ClientConnectionFilter.java:41)
        at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:60)
        at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:132)
        at org.keycloak.services.filters.KeycloakSessionServletFilter.doFilter(KeycloakSessionServletFilter.java:40)
        ... 29 more
Caused by: java.lang.IllegalStateException: Expected String but attribute was [adub, sdub] of type java.util.TreeSet
        at org.keycloak.federation.ldap.idm.model.LDAPObject.getAttributeAsString(LDAPObject.java:79)
        at org.keycloak.federation.ldap.LDAPUtils.getUsername(LDAPUtils.java:76)
        at org.keycloak.federation.ldap.LDAPFederationProvider.importLDAPUsers(LDAPFederationProvider.java:390)
        at org.keycloak.federation.ldap.LDAPFederationProviderFactory.importLdapUsers(LDAPFederationProviderFactory.java:269)
        at org.keycloak.federation.ldap.LDAPFederationProviderFactory$1.run(LDAPFederationProviderFactory.java:223)
        at org.keycloak.models.utils.KeycloakModelUtils.runJobInTransaction(KeycloakModelUtils.java:241)
        at org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncImpl(LDAPFederationProviderFactory.java:219)
        at org.keycloak.federation.ldap.LDAPFederationProviderFactory.syncAllUsers(LDAPFederationProviderFactory.java:177)
        at org.keycloak.services.managers.UsersSyncManager.syncAllUsers(UsersSyncManager.java:50)
        at org.keycloak.services.resources.admin.UserFederationProviderResource.syncUsers(UserFederationProviderResource.java:144)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:606)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:296)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:250)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:140)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:109)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:135)
        at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:103)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
        ... 40 more

The LDAP Server is a port389 (nearly identical to RedHat) this is an excerpt of the LDIF of the people container
(all test data, not real people)

dn: ou=People, dc=syntlogo,dc=de
objectClass: top
objectClass: organizationalunit
ou: People

dn: uid=cros, ou=People, dc=syntlogo,dc=de
cn: Carlo Rossi
sn: Rossi
givenName: Carlo
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Accounting
ou: People
l: Milano
uid: cros
mail: carlo.rossi at mycompany.com<mailto:carlo.rossi at mycompany.com>
telephoneNumber: +39-02-2267-4798
facsimileTelephoneNumber: +39-02-2267-9751
roomNumber: 4612
userPassword: {SSHA}dvuiZA9vGMEqopNlIJ2qwxf0igE1fmJVLB8MRw==

dn: uid=gste, ou=People, dc=syntlogo,dc=de
cn: Gudrun Steinle
sn: Steinle
givenName: Gudrun
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Accounting
ou: People
l: Stuttgart
uid: gste
mail: gudrun.steinle at mycompany.com<mailto:gudrun.steinle at mycompany.com>
telephoneNumber: +49-711-2359-9187
facsimileTelephoneNumber: +49-711-2359-8473
roomNumber: 4117
userPassword: {SSHA}wc8v0cdM3GNzzQZ9EkfH5EdUBUMqVtMCDlTXFQ==

dn: uid=abia, ou=People, dc=syntlogo,dc=de
cn: Antonio Bianchi
sn: Bianchi
givenName: Antonio
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: Human Resources
ou: People
l: Milano
uid: abia
mail: antonio.bianchi at mycompany.com<mailto:antonio.bianchi at mycompany.com>
telephoneNumber: +39-02-2267- 5625
facsimileTelephoneNumber: +39-02-2267- 3372
roomNumber: 2871
userPassword: {SSHA}+b2IRLQ2tPT5xLSiYAnM4vuUrY7FMac/NwGXFQ==


and in the log of the LDAP server is the following to see:

[18/May/2015:14:32:26 +0200] conn=168 fd=64 slot=64 connection from 10.1.0.90 to 10.1.0.93
[18/May/2015:14:32:26 +0200] conn=169 fd=65 slot=65 connection from 10.1.0.90 to 10.1.0.93
[18/May/2015:14:32:26 +0200] conn=169 op=0 BIND dn="cn=directory manager" method=128 version=3
[18/May/2015:14:32:26 +0200] conn=169 op=0 RESULT err=0 tag=97 nentries=0 etime=0 dn="cn=directory manager"
[18/May/2015:14:32:26 +0200] conn=169 op=1 SRCH base="ou=people,dc=syntlogo,dc=local" scope=1 filter="(&(objectClass=organizationalPerson)(objectClass=inetOrgPerson))" attrs="uid nsUniqueId mail createTimestamp sn cn objectClass modifyTimestamp"
[18/May/2015:14:32:26 +0200] conn=169 op=1 RESULT err=0 tag=101 nentries=19 etime=0 notes=P


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150622/2519014c/attachment-0001.html

More information about the keycloak-user mailing list