[jira] [Created] (HADOOP-19340) Unrecognized SSL message error in LDAPGroupMappings

Sun, 17 Nov 2024 19:23:06 -0800 

ConfX created HADOOP-19340:
------------------------------

             Summary: Unrecognized SSL message error in LDAPGroupMappings
                 Key: HADOOP-19340
                 URL: https://issues.apache.org/jira/browse/HADOOP-19340
             Project: Hadoop Common
          Issue Type: Bug
          Components: common
    Affects Versions: 3.4.1
            Reporter: ConfX
            Assignee: ConfX


h3. What Happened: 

Got an unrecognized SSL message error instead of the expected LDAP response 
read timeout when hadoop.security.group.mapping.ldap.ssl is set to true. 
h3. Buggy Code: 

 
{code:java}
try (ServerSocket serverSock = new ServerSocket(0)) { // -> ServerSocket is not 
configured to accept SSL communication.
  final CountDownLatch finLatch = new CountDownLatch(1);

  final Thread ldapServer = new Thread(new Runnable() {
    @Override
    public void run() {
      try {
        try (Socket clientSock = serverSock.accept()) {
          IOUtils.skipFully(clientSock.getInputStream(), 1);
          clientSock.getOutputStream().write(AUTHENTICATE_SUCCESS_MSG);
          finLatch.await();
        }
      } catch (Exception e) {
        e.printStackTrace();
      }
    }
  });
  ldapServer.start(); {code}
 
h3. Stack Trace: 

 
{code:java}
Expected to find 'LDAP response read timed out, timeout used' but got 
unexpected exception: javax.naming.CommunicationException: localhost:36143 
[Root exception is javax.net.ssl.SSLException: Unsupported or unrecognized SSL 
message]
        at java.naming/com.sun.jndi.ldap.Connection.<init>(Connection.java:250)
        at java.naming/com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137)
        at 
java.naming/com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1616)
        at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847)
        at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
        at 
java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
        at 
java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
        at 
java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
        at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
        at 
java.naming/javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
        at 
org.apache.hadoop.security.TestLdapGroupsMappingBase$DummyLdapCtxFactory.getInitialContext(TestLdapGroupsMappingBase.java:241)
{code}
h3. How to Reproduce: 

(1) Set hadoop.security.group.mapping.ldap.ssl to true 

(2) Run test: 
org.apache.hadoop.security.TestLdapGroupsMapping#testLdapReadTimeout
h3. Notes: 

I don't have a patch/fix for this yet, I am working on it. 

 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org

Reply via email to