Details
-
Improvement
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
1.2
Description
regression of OAK-2783....
On my local instance, I have tested the 4 combination of the new attributes in org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider
@adminPool.lookupOnValidate (true)
@userPool.lookupOnValidate (true)
and found that only when both are set to true, I was able to login with credentials from LDAP server. see table below for time stamps of the four tested combinations.
I have setup a test harness at http://10.36.65.137:4502. It is configured for LDAP server on my laptop, which provides user001 ... user010. All have same password, '1234'.
Note: I have not repeated the above tests on the test harness due to time constraints.
time | adminPool.lookupOnValidate | userPool.lookupOnValidate | logon user001 |
---|---|---|---|
16.05.2015 11:14:59.066 | false | true | NG @ 16.05.2015 11:16:37.431 (1) |
16.05.2015 11:18:40.627 | false | false | NG @ 16.05.2015 11:19:54.971 (2) |
16.05.2015 11:21:31.757 | true | false | NG @ ??. No error in LDAP.log. But username and pwd not match |
16.05.2015 11:24:16.277 | true | true | OK |
Excerpts from ldap.log
(1) 16.05.2015 11:16:37.435 *ERROR* [qtp2069601494-1250] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider Error while connecting to the ldap server. java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed (2) 16.05.2015 11:19:54.971 *ERROR* [qtp2069601494-1249] org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider Error while connecting to the ldap server. java.util.NoSuchElementException: Could not create a validated object, cause: ValidateObject failed at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1233) at org.apache.directory.ldap.client.api.LdapConnectionPool.getConnection(LdapConnectionPool.java:56)