Description
I use anonymous connection to an embedded ApacheDS instance (DefaultDirectoryService allows anon access by default). I receive multiple errors like:
8671 ERROR o.a.d.s.l.h.r.UnbindRequestHandler - ERR_169 failed to unbind session properly
org.apache.directory.api.ldap.model.exception.LdapNoSuchObjectException: ERR_268 Cannot find a partition for
at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:927) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.core.shared.partition.DefaultPartitionNexus.unbind(DefaultPartitionNexus.java:794) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.core.api.interceptor.BaseInterceptor$1.unbind(BaseInterceptor.java:266) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:690) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.core.authn.AuthenticationInterceptor.unbind(AuthenticationInterceptor.java:1159) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.core.DefaultOperationManager.unbind(DefaultOperationManager.java:1230) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.core.shared.DefaultCoreSession.unbind(DefaultCoreSession.java:1073) ~[org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:50) [org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.ldap.handlers.request.UnbindRequestHandler.handle(UnbindRequestHandler.java:38) [org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:219) [org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56) [org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:232) [org.apache.mina.core-2.0.4.jar:na]
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217) [org.apache.directory.server-2.0.0-M11.jar:2.0.0-M11]
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:716) [org.apache.mina.core-2.0.4.jar:na]
Debugging reveals that when using anonymous connection, DN in UnbindOperationContext is empty. If I connect using admin account, this errors stop appearing.
This is not just a matter of printing out an exception: looking at UnbindRequestHandler source code, the exception is thrown from
session.getCoreSession().unbind( unbindRequest );
so the following lines will not be executed due to the exception:
session.getIoSession().close( true );
ldapServer.getLdapSessionManager().removeLdapSession( session.getIoSession() );
I don't know how important are the two last ones. Please consider using Java 'finally' block if omitting these operations may leave server in an unstable state.
To fix the bug, I suggest skipping unbind operation for an empty DN from UnbindOperationContext - see the attached patch. I leave UnbindRequestHandler changes for your own decision, as I don't know the code good enough.