Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
1.0.0-M28
-
None
Description
I was attempting to use M28 and was having issues getting LDAPS to work (startTLS appeared to work just fine). After several repeated bind and unbind operations, the LDAPS connection would eventually fail with a PROTOCOL_ERROR and never bind again. However, when it was attempting to bind after receiving that error, it would then send the bind user and password in the clear. This was confirmed by looking in the LDAP server logs and also by Wireshark.
I ran with debug turned on and this is what it receives during a failure (which is after a long string of successes, by the way). I omitted my project's code from the trace for clarity:
14:53:55,447 | DEBUG | tp1920834220-484 | ry.ldap.client.api.LdapNetworkConnection 1028 | ts-ldapclaimshandler | Bind request
14:53:55,450 | DEBUG | tp1920834220-484 | ry.ldap.client.api.LdapNetworkConnection 1270 | ts-ldapclaimshandler | Sending request
MessageType : BIND_REQUEST
Message ID : 1
BindRequest
Version : '3'
Name : 'cn=admin'
Simple authentication : '(omitted-for-safety)'
14:53:55,450 | DEBUG | tp1920834220-484 | ry.ldap.client.api.LdapNetworkConnection 280 | ts-ldapclaimshandler | Adding <1, org.apache.directory.ldap.client.api.future.BindFuture>
14:53:55,654 | DEBUG | NioProcessor-3 | .ldap.client.api.LdapNetworkConnection$1 660 | ts-ldapclaimshandler | received a NoD, closing everything
14:53:55,654 | DEBUG | NioProcessor-3 | .ldap.client.api.LdapNetworkConnection$1 665 | ts-ldapclaimshandler | closing BindFuture[msgId : 1, size : 0, Canceled :false]
14:53:55,656 | DEBUG | tp1920834220-484 | ry.ldap.client.api.LdapNetworkConnection 1201 | ts-ldapclaimshandler | Bind failed : MessageType : BIND_RESPONSE
Message ID : -1
BindResponse
Ldap Result
Result code : (PROTOCOL_ERROR) protocolError
Matched Dn : 'null'
Diagnostic message : 'PROTOCOL_ERROR: The server will disconnect!'
14:53:55,656 | ERROR | tp1920834220-484 | rity.sts.claimsHandler.RoleClaimsHandler 238 | ts-ldapclaimshandler | Unable to set role claims.
org.apache.directory.api.ldap.model.exception.LdapProtocolErrorException: PROTOCOL_ERROR: The server will disconnect!
at org.apache.directory.api.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2163)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1035)