Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-813

[GSS] Errors in log on Windows when login user account contains special character

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.6.0.GA
    • 7.1.0.GA, 7.1.1.GA
    • Decision Central
      • Red Hat Decision Central 7.1.0/7.1.1
      • Windows
    • Release Notes
    • CR1
    • -
    • Hide

      1. integrate LDAP authentication with Windows AD
      e.g.
      ~~~
      <security-domain name="ldap" cache-type="default">
      <authentication>
      <login-module code="RealmDirect" flag="sufficient">
      <module-option name="password-stacking" value="useFirstPass"/>
      </login-module>
      <login-module code="LdapExtended" flag="required">
      <module-option name="java.naming.provider.url" value="ldap://ldap.corp.sample.com:389"/>
      <module-option name="java.naming.referral" value="follow"/>
      <module-option name="bindDN" value="DOMAIN\Administrator"/>
      <module-option name="bindCredential" value="Password1!"/>
      <module-option name="baseCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/>
      <module-option name="baseFilter" value="(sAMAccountName=

      {0}

      )"/>
      <module-option name="rolesCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/>
      <module-option name="roleFilter" value="(member=

      {1}

      )"/>
      <module-option name="roleAttributeID" value="memberOf"/>
      <module-option name="roleAttributeIsDN" value="true"/>
      <module-option name="roleRecursion" value="-1"/>
      <module-option name="searchScope" value="SUBTREE_SCOPE"/>
      <module-option name="allowEmptyPasswords" value="false"/>
      </login-module>
      <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required">
      <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/ldap-role-mappings.properties"/>
      </login-module>
      </authentication>
      </security-domain>
      ~~~

      Show
      1. integrate LDAP authentication with Windows AD e.g. ~~~ <security-domain name="ldap" cache-type="default"> <authentication> <login-module code="RealmDirect" flag="sufficient"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="LdapExtended" flag="required"> <module-option name="java.naming.provider.url" value="ldap://ldap.corp.sample.com:389"/> <module-option name="java.naming.referral" value="follow"/> <module-option name="bindDN" value="DOMAIN\Administrator"/> <module-option name="bindCredential" value="Password1!"/> <module-option name="baseCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/> <module-option name="baseFilter" value="(sAMAccountName= {0} )"/> <module-option name="rolesCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/> <module-option name="roleFilter" value="(member= {1} )"/> <module-option name="roleAttributeID" value="memberOf"/> <module-option name="roleAttributeIsDN" value="true"/> <module-option name="roleRecursion" value="-1"/> <module-option name="searchScope" value="SUBTREE_SCOPE"/> <module-option name="allowEmptyPasswords" value="false"/> </login-module> <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required"> <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/ldap-role-mappings.properties"/> </login-module> </authentication> </security-domain> ~~~
    • 2019 Week 20-22, 2019 Week 23-25, 2019 Week 26-28, 2019 Week 29-31, 2019 Week 32-34, 2019 Week 41-43 (from Okt 7), 2019 Week 44-46 (from Okt 28)

      Decision Central is configured to authenticate using corporate LDAP(Windows Active Directory) . When I try to login Decision Central with my corporate account like 'DOMAIN\winuser' (i.e. special character '\' is included in login account.), login succeeds but the following error appears on the GUI.

      ~~~
      Unable to complete your request. The following exception occurred: org.ext.uberfire.social.activities.persistence.SocialUserCachePersistence$ErrorCreatingOrRetrievingUserData.
      ~~~

      and the following exception appears in server.log.

      ~~~
      2018-12-17 13:55:20,932 ERROR [stderr] (default task-18) java.lang.RuntimeException: org.eclipse.jgit.dircache.InvalidPathException: Invalid path: social-files/DOMAIN\winuser^M^M
      ...
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) Caused by: org.eclipse.jgit.errors.CorruptObjectException: name contains '\'^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.lib.ObjectChecker.scanPathSegment(ObjectChecker.java:700)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.lib.ObjectChecker.checkPathSegment(ObjectChecker.java:783)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.lib.ObjectChecker.checkPath(ObjectChecker.java:769)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.util.SystemReader.checkPath(SystemReader.java:373)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.dircache.DirCacheEntry.checkPath(DirCacheEntry.java:757)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) ... 87 more
      ~~~

      This happens only on Windows but not on RHEL/Linux.

            rh-ee-pefernan Pere Fernandez Perez
            rhn-support-hmiura Hiroko Miura
            Dominik Hanak Dominik Hanak
            Dominik Hanak Dominik Hanak
            Votes:
            0 Vote for this issue
            Watchers:
            8 Start watching this issue

              Created:
              Updated:
              Resolved: