[AMBARI-19632] Ldap sync fails when there are special characters in distinguished names - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 2.4.0
Fix Version/s: 2.5.0, 2.4.3
Component/s: ambari-server
Labels:
- ldap

Description

Ldap sync fails when there are special characters in distinguished names.

For example if there was a user with the distinguished name of OU=test/test,OU=users,DC=EXAMPLE,DC=COM and that user was a member of a synced group, then the lookup of the user using the membership attribute in the group would fail due to the special character.

The error would look something like

REASON: Caught exception running LDAP sync. Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031007DB, problem 5012 (DIR_ERROR), data 0
]; remaining name 'OU=test/test,OU=users,DC=EXAMPLE,DC=COM'

Solution
Update the library versionf for Spring LDAP

org.springframework.security/spring-security-ldap to 4.0.4.RELEASE
org.springframework.ldap/spring-ldap-core to 2.0.4.RELEASE

Then use LdapUtils.newLdapName to convert a String representing a DN into a javax.naming.ldap.LdapName and use that object in the search facility executed in org.apache.ambari.server.security.ldap.AmbariLdapDataPopulator#getFilteredLdapUsers(java.lang.String, org.springframework.ldap.filter.Filter).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-19632_branch-2.5_01.patch
20/Jan/17 13:39
39 kB
Robert Levas
AMBARI-19632_trunk_01.patch
20/Jan/17 13:39
39 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 19/Jan/17 20:03

Updated:: 18/Apr/17 20:10

Resolved:: 18/Apr/17 20:10