Uploaded image for project: 'AMQ Broker'
  1. AMQ Broker
  2. ENTMQBR-7995

CommunicationException in LDAP not handled as expected by LDAPLoginModule

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Critical Critical
    • None
    • AMQ 7.11.0.GA
    • security
    • None

      This issue has been reported against AMQ 7.11 which includes this fix we have requested:

      https://issues.redhat.com/browse/ENTMQBR-6833

       Pre-requisites: a login.config file with the following list of noCacheExceptions

       noCacheExceptions="javax.naming.CommunicationException,javax.naming.NamingException,javax.naming.ServiceUnavailableException,java.net.ConnectException,java.net.SocketTimeoutException,java.net.SocketException"

      After authenticating successfully, and the LDAP service becomes unavailable, you expect "org.apache.activemq.artemis.spi.core.security.jaas.NoCacheLoginException" to be generated.

      However we cannot see it the  NoCacheLoginException in the Stack Trace but just the CommunicationException:

      2023-04-18 15:12:45,362 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Create the LDAP initial context.
      2023-04-18 15:12:45,365 DEBUG [org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule] Referral handling: ignore
      2023-04-18 15:12:45,378 ERROR [org.apache.activemq.artemis.core.server] AMQ224084: Failed to open context
      javax.naming.CommunicationException: localhost:10389
      at com.sun.jndi.ldap.Connection.<init>(Connection.java:252) ~[?:?]
      at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:?]
      at com.sun.jndi.ldap.LdapClientFactory.createPooledConnection(LdapClientFactory.java:71) ~[?:?]
      at com.sun.jndi.ldap.pool.Connections.createConnection(Connections.java:185) ~[?:?]
      at com.sun.jndi.ldap.pool.Connections.getAvailableConnection(Connections.java:151) ~[?:?]
      at com.sun.jndi.ldap.pool.Pool.getOrCreatePooledConnection(Pool.java:189) ~[?:?]
      at com.sun.jndi.ldap.pool.Pool.getPooledConnection(Pool.java:148) ~[?:?]
      at com.sun.jndi.ldap.LdapPoolManager.getLdapClient(LdapPoolManager.java:340) ~[?:?]
      at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1608) ~[?:?]
      at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2847) ~[?:?]
      at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348) ~[?:?]
      at com.sun.jndi.ldap.dns.LdapDnsProviderServiceImpl.getLdapCtxFromUrl(LdapDnsProviderServiceImpl.java:95) ~[?:?]
      at com.sun.jndi.ldap.dns.LdapDnsProviderServiceImpl.getContextFromEndpoints(LdapDnsProviderServiceImpl.java:129) ~[?:?]
      at com.sun.jndi.ldap.LdapCtxFactory.getContextFromEndpoints(LdapCtxFactory.java:188) ~[?:?]
      at com.sun.jndi.ldap.LdapCtxFactory.lambda$getUsingURL$0(LdapCtxFactory.java:197) ~[?:?]
      at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
      at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:570) ~[?:?]
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:195) ~[?:?]
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:241) ~[?:?]
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:160) ~[?:?]
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:90) ~[?:?]
      at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730) ~[?:?]
      at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
      at javax.naming.InitialContext.init(InitialContext.java:236) ~[?:?]
      at javax.naming.InitialContext.<init>(InitialContext.java:208) ~[?:?]
      at javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101) ~[?:?]
      at org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule.lambda$openContext$3(LDAPLoginModule.java:700) ~[artemis-server-2.28.0.redhat-00003.jar:2.28.0.redhat-00003]
      at java.security.AccessController.doPrivileged(Native Method) ~[?:?]

      So it seems the fix ENTMQBR-6833 does not work as expected

        1. AMQ_error_log(1).log
          84 kB
          Francesco Marchioni
        2. login.config
          1 kB
          Francesco Marchioni
        3. SecurityStoreImpl_MOD(1).java
          20 kB
          Francesco Marchioni

              rhn-support-jbertram Justin Bertram
              fmarchio@redhat.com Francesco Marchioni (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: