Major Description
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio) containing entries that have a pwdPolicySubEntry attribute a null pointer exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk load users without the policy enabled, then after everyone is in there, enable the policy.
Thanks!
#!RESULT ERROR
#!CONNECTION ldap://localhost:10389
#!DATE 2013-10-30T15:32:25.999
#!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 19
Add Request : Entry dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: test@test.com
sn: Test
givenName: Test
pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77 0x30 0x39 0x4B 0x77 ...'
title:none
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test:
null: java.lang.NullPointerException at org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
at org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
at org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
at org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
at org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
at org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
at org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
at org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
at java.lang.Thread.run(Unknown Source) ]
dn: uid=1336598819633,ou=users,ou=int,o=cpro
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: 1336598819633
mail: test@test.com
sn: Test
givenName: Test
pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
userPassword:: e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
title:none
employeeNumber: Test.Test
cn: Test, Test
displayName: Test, Test
Carlo.Accorsi@ibs-ag.com <Carlo.Accorsi@ibs-ag.com> Sat, Nov 2, 2013 at 12:55 AM
Reply-To: users@directory.apache.org
To: users@directory.apache.org
Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all the users including the pwdChangedTime and pwdPolicySubEntry attributes.
We they all get imported back in, their password are all set to expire (as defined in the policy) in 30 days (+/-) the hour
or however long it takes to import. We were looking to preserve the current period the passwords are valid when uplifting the system.
One idea was to import the pwdChangedTime along with their password policy as defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby leaving pwdChangedTime alone)
When we tried this, the null pointer occurs that I sent below the other day. (that example did not include pwdChangedTime)
We thought this might allow us to restore each user's actual password expiry. Then Once everyone is imported, we would re-enable the password policies.
Am I going down a trail here? Thanks.
From: Accorsi, Carlo
Sent: Wednesday, October 30, 2013 3:55 PM
To: users@directory.apache.org
Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry attribute
Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio) containing entries that have a pwdPolicySubEntry attribute a null pointer exception occurs.
The policy defined in the in attribute exists and when ads-enabled=TRUE is set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.
Maybe this is the expected behavior? We would in some situations like to bulk load users without the policy enabled, then after everyone is in there, enable the policy.
Thanks!