Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-813

[GSS] Errors in log on Windows when login user account contains special character

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.6.0.GA
    • 7.1.0.GA, 7.1.1.GA
    • Decision Central
      • Red Hat Decision Central 7.1.0/7.1.1
      • Windows
    • Release Notes
    • CR1
    • -
    • Hide

      1. integrate LDAP authentication with Windows AD
      e.g.
      ~~~
      <security-domain name="ldap" cache-type="default">
      <authentication>
      <login-module code="RealmDirect" flag="sufficient">
      <module-option name="password-stacking" value="useFirstPass"/>
      </login-module>
      <login-module code="LdapExtended" flag="required">
      <module-option name="java.naming.provider.url" value="ldap://ldap.corp.sample.com:389"/>
      <module-option name="java.naming.referral" value="follow"/>
      <module-option name="bindDN" value="DOMAIN\Administrator"/>
      <module-option name="bindCredential" value="Password1!"/>
      <module-option name="baseCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/>
      <module-option name="baseFilter" value="(sAMAccountName=

      {0}

      )"/>
      <module-option name="rolesCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/>
      <module-option name="roleFilter" value="(member=

      {1}

      )"/>
      <module-option name="roleAttributeID" value="memberOf"/>
      <module-option name="roleAttributeIsDN" value="true"/>
      <module-option name="roleRecursion" value="-1"/>
      <module-option name="searchScope" value="SUBTREE_SCOPE"/>
      <module-option name="allowEmptyPasswords" value="false"/>
      </login-module>
      <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required">
      <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/ldap-role-mappings.properties"/>
      </login-module>
      </authentication>
      </security-domain>
      ~~~

      Show
      1. integrate LDAP authentication with Windows AD e.g. ~~~ <security-domain name="ldap" cache-type="default"> <authentication> <login-module code="RealmDirect" flag="sufficient"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="LdapExtended" flag="required"> <module-option name="java.naming.provider.url" value="ldap://ldap.corp.sample.com:389"/> <module-option name="java.naming.referral" value="follow"/> <module-option name="bindDN" value="DOMAIN\Administrator"/> <module-option name="bindCredential" value="Password1!"/> <module-option name="baseCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/> <module-option name="baseFilter" value="(sAMAccountName= {0} )"/> <module-option name="rolesCtxDN" value="CN=Users,DC=domain,DC=sample,DC=com"/> <module-option name="roleFilter" value="(member= {1} )"/> <module-option name="roleAttributeID" value="memberOf"/> <module-option name="roleAttributeIsDN" value="true"/> <module-option name="roleRecursion" value="-1"/> <module-option name="searchScope" value="SUBTREE_SCOPE"/> <module-option name="allowEmptyPasswords" value="false"/> </login-module> <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="required"> <module-option name="rolesProperties" value="file://${jboss.server.config.dir}/ldap-role-mappings.properties"/> </login-module> </authentication> </security-domain> ~~~
    • 2019 Week 20-22, 2019 Week 23-25, 2019 Week 26-28, 2019 Week 29-31, 2019 Week 32-34, 2019 Week 41-43 (from Okt 7), 2019 Week 44-46 (from Okt 28)

    Description

      Decision Central is configured to authenticate using corporate LDAP(Windows Active Directory) . When I try to login Decision Central with my corporate account like 'DOMAIN\winuser' (i.e. special character '\' is included in login account.), login succeeds but the following error appears on the GUI.

      ~~~
      Unable to complete your request. The following exception occurred: org.ext.uberfire.social.activities.persistence.SocialUserCachePersistence$ErrorCreatingOrRetrievingUserData.
      ~~~

      and the following exception appears in server.log.

      ~~~
      2018-12-17 13:55:20,932 ERROR [stderr] (default task-18) java.lang.RuntimeException: org.eclipse.jgit.dircache.InvalidPathException: Invalid path: social-files/DOMAIN\winuser^M^M
      ...
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) Caused by: org.eclipse.jgit.errors.CorruptObjectException: name contains '\'^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.lib.ObjectChecker.scanPathSegment(ObjectChecker.java:700)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.lib.ObjectChecker.checkPathSegment(ObjectChecker.java:783)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.lib.ObjectChecker.checkPath(ObjectChecker.java:769)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.util.SystemReader.checkPath(SystemReader.java:373)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) at org.eclipse.jgit.dircache.DirCacheEntry.checkPath(DirCacheEntry.java:757)^M^M
      2018-12-17 13:55:21,073 ERROR [stderr] (default task-18) ... 87 more
      ~~~

      This happens only on Windows but not on RHEL/Linux.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. AF-1768 Errors on Windows when login user account contains special character

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rh-ee-pefernan Pere Fernandez Perez
              rhn-support-hmiura Hiroko Miura
              Dominik Hanak Dominik Hanak
              Dominik Hanak Dominik Hanak
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: