Issue Details (XML | Word | Printable)

Key: DIRSERVER-632
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Minor Minor
Assignee: Alex Karasulu
Reporter: Stefan Zoerner
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
Directory ApacheDS

If one tries to connect with an illegal LDAP protocol version, no error occurs

Created: 05/Jun/06 05:23 PM   Updated: 03/Aug/06 08:30 PM
Return to search
Component/s: None
Affects Version/s: 1.0-RC3
Fix Version/s: 1.5.0, 1.0-RC4

Time Tracking:
Not Specified

File Attachments:
  File Name Date Attached Attached By Size
Text File DIRSERVER-632.log 2006-07-20 07:51 PM Stefan Zoerner 6 kB
Java Source File IllegalLDAPVersionBindTest.java 2006-06-05 05:29 PM Stefan Zoerner 1 kB
Environment:
Sun ONE Directory SDK for Java 4.1
ApacheDS 1.0 RC 3
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_04-b05)
Microsoft Windows XP version 5.1 Service Pack 1

Resolution Date: 03/Aug/06 05:43 AM


 Description  « Hide
If one tries to connect to an LDAP server with a wrong version number (e.g. 4 instead of 2 or 3), it is expected that a protocol error occurs. See RFC 2251, 4.2.3, "Bind Response" for details.

This is not the case with ApacheDS, the client seems to hang instead, if you use version=4.
Unfortunately, I was not able to create this situation with JNDI, because its LDAP Provider does not allow this operation. You can specify the version via environment (key "java.naming.ldap.version", but for an illegal value it throws an exception on the client side and does not seem to call the server at all.

Therefore I have created a JUnit test case with Sun ONE Directory SDK for Java. Netscape SDK (now Mozilla SDK, http://www.mozilla.org/directory/), will probably do as well. Please let me know, if you have any problem to reproduce the problem.

 All   Comments   Work Log   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
[ Permlink | « Hide ]
Stefan Zoerner added a comment - 05/Jun/06 05:29 PM
Test case which fails, but shouldn't, as far as I understand the RFC.

Stefan Zoerner made changes - 05/Jun/06 05:29 PM
Field Original Value New Value
Attachment IllegalLDAPVersionBindTest.java [ 12335027 ]
Stefan Zoerner made changes - 17/Jul/06 05:31 PM
Assignee Stefan Zoerner [ szoerner ]
[ Permlink | « Hide ]
Stefan Zoerner added a comment - 20/Jul/06 07:51 PM
Here is a server log for this issue. The strange thing is that a protocolError occurs internally, but the client hangs nevertheless. Here is the result created:

[21:19:48] DEBUG [org.apache.directory.shared.ldap.codec.TwixEncoder] - Encoding
 this LdapMessage : LdapMessage
    message Id : 0
    Extended Response
        Ldap Result
            Result code : (2) protocolError
            Matched DN : ''
            Error message : 'The server will disconnect!'
        Response name :'1.3.6.1.4.1.1466.20036'
        Response :'[B@186d484'

 Any ideas? Has it to to with this LDAP_NOTICE_DISCONNECT response, which my client does not understand?

Stefan Zoerner made changes - 20/Jul/06 07:51 PM
Attachment DIRSERVER-632.log [ 12337260 ]
Stefan Zoerner made changes - 20/Jul/06 07:52 PM
Assignee Stefan Zoerner [ szoerner ]
Alex Karasulu made changes - 03/Aug/06 04:05 AM
Assignee Alex Karasulu [ akarasulu ]
Alex Karasulu made changes - 03/Aug/06 04:05 AM
Status Open [ 1 ] In Progress [ 3 ]
Repository Revision Date User Message
ASF #428244 Thu Aug 03 05:40:32 UTC 2006 akarasulu Fix for DIRSERVER-632. BindHandler rejects anything other than LDAPv3 on bind.
Files Changed
MODIFY /directory/branches/apacheds/1.0/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java
ADD /directory/branches/apacheds/1.0/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java

Repository Revision Date User Message
ASF #428245 Thu Aug 03 05:42:05 UTC 2006 akarasulu DIRSERVER-632 fix to only use LDAPv3 for binds
Files Changed
ADD /directory/trunks/apacheds/server-unit/src/test/java/org/apache/directory/server/IllegalLDAPVersionBindITest.java
MODIFY /directory/trunks/apacheds/protocol-ldap/src/main/java/org/apache/directory/server/ldap/support/BindHandler.java

[ Permlink | « Hide ]
Alex Karasulu added a comment - 03/Aug/06 05:43 AM
Fixed. Had to move decision making code up from codec into the BindHandler.

Alex Karasulu made changes - 03/Aug/06 05:43 AM
Fix Version/s 1.1.0 [ 12310790 ]
Fix Version/s 1.0-RC4 [ 12311053 ]
Resolution Fixed [ 1 ]
Status In Progress [ 3 ] Closed [ 6 ]
[ Permlink | « Hide ]
Stefan Zoerner added a comment - 03/Aug/06 08:30 PM
Thanks Alex! I can confirm that this issue does not occur in my environment anymore (I tested the current 1.0 branch).


Powered by a free Atlassian JIRA open source license for Apache Software Foundation. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.2-#335) - Bug/feature request - Atlassian news - Contact Administrators