[jira] [Commented] (CLOUDSTACK-1142) Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter

Mon, 04 Feb 2013 20:32:17 -0800 

    [ 
https://issues.apache.org/jira/browse/CLOUDSTACK-1142?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13571031#comment-13571031
 ] 

Rohit Yadav commented on CLOUDSTACK-1142:
-----------------------------------------

Hi Mice, In APIServlet the url query is decoded once and in ApiServer's 
handleRequest it's decoded based on the boolean argument passed to it.
On port 8080 traffic is handled by ApiServlet which calls a better utf8Fixup() 
to decode key and values which down the line calls ApiServer's handRequest, and 
port 8096 (or integration port) ApiServer calls handleRequest with the boolean 
enabled.
Should we assume that whatever comes on port 8096 has its key value pairs 
fixed? I don't know what should be the best fix.
                
> Testing LDAP Auth Failed - due to "%" being illegal character in queryfilter
> ----------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-1142
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1142
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>          Components: API, Management Server
>    Affects Versions: 4.1.0
>         Environment: CentOS 6.3 with CloudStack 4.1 from git on 02/01/2013
>            Reporter: ilya musayev
>            Assignee: Mice Xia
>            Priority: Blocker
>              Labels: LDAP
>
> While attempting to test the LdapConfig command, i was unable to succesefully 
> execute the API command due to 
> { "ldapconfigresponse" : 
> {"errorcode":431,"cserrorcode":9999,"errortext":"queryfilter could not be 
> decoded, received value (sAMAccountName=%u) which contains illegal characters 
> eg.%"} }
> This command i'm executing has worked successfully on 4.0, however its broken 
> in latest 4.1 from git. Everything has been encoded properly and i use 8096 
> to bypass auth mechanism.
> Is there a reason why "%" became an illegal character when i ran this 
> command? Please update the documentation if its no longer required to use "%" 
> as in (sAMAccountName=%u) in query filter with alternate solution.
> If i alter the query filter and make it such that  (sAMAccountName=u)  is no 
> longer there - it works.
> In my attempt to login with user that is on AD LDAP - i get this error:
> java.lang.NullPointerException
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.getNextBatch(LdapNamingEnumeration.java:129)
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.nextAux(LdapNamingEnumeration.java:263)
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.nextImpl(LdapNamingEnumeration.java:254)
>       at 
> com.sun.jndi.ldap.LdapNamingEnumeration.next(LdapNamingEnumeration.java:202)
>       at 
> com.cloud.server.auth.LDAPUserAuthenticator.authenticate(LDAPUserAuthenticator.java:117)
>       at 
> com.cloud.user.AccountManagerImpl.getUserAccount(AccountManagerImpl.java:1901)
>       at 
> com.cloud.user.AccountManagerImpl.authenticateUser(AccountManagerImpl.java:1772)
>       at com.cloud.api.ApiServer.loginUser(ApiServer.java:763)
>       at com.cloud.api.ApiServlet.processRequest(ApiServlet.java:218)
>       at com.cloud.api.ApiServlet.doPost(ApiServlet.java:76)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
>       at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
>       at 
> org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
>       at 
> org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:401)
>       at 
> org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
>       at 
> org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
>       at 
> org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:766)
>       at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:450)
>       at 
> org.mortbay.jetty.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:230)
>       at 
> org.mortbay.jetty.handler.HandlerCollection.handle(HandlerCollection.java:114)
>       at 
> org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
>       at org.mortbay.jetty.Server.handle(Server.java:326)
>       at 
> org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
>       at 
> org.mortbay.jetty.HttpConnection$RequestHandler.content(HttpConnection.java:945)
>       at org.mortbay.jetty.HttpParser.parseNext(HttpParser.java:756)
>       at org.mortbay.jetty.HttpParser.parseAvailable(HttpParser.java:218)
>       at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
>       at 
> org.mortbay.io.nio.SelectChannelEndPoint.run(SelectChannelEndPoint.java:410)
>       at 
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:582)
> Thanks
> ilya

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to