Uploaded image for project: 'Directory ApacheDS'
  1. Directory ApacheDS
  2. DIRSERVER-1910

NullPointerException while adding entries when password policy is disabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.0.0-M15
    • Fix Version/s: 2.0.0-M16
    • Component/s: ppolicy
    • Labels:
      None

      Description

      Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio) containing entries that have a pwdPolicySubEntry attribute a null pointer exception occurs.
      The policy defined in the in attribute exists and when ads-enabled=TRUE is set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.

      Maybe this is the expected behavior? We would in some situations like to bulk load users without the policy enabled, then after everyone is in there, enable the policy.

      Thanks!

      #!RESULT ERROR
      #!CONNECTION ldap://localhost:10389
      #!DATE 2013-10-30T15:32:25.999
      #!ERROR [LDAP: error code 80 - OTHER: failed for MessageType : ADD_REQUEST Message ID : 19
      Add Request : Entry dn[n]: uid=1336598819633,ou=users,ou=int,o=cpro
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      uid: 1336598819633
      mail: test@test.com
      sn: Test
      givenName: Test
      pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
      userPassword: '0x7B 0x53 0x53 0x48 0x41 0x7D 0x32 0x78 0x62 0x6B 0x4E 0x77 0x30 0x39 0x4B 0x77 ...'
      title: none
      employeeNumber: Test.Test
      cn: Test, Test
      displayName: Test, Test:
      null: java.lang.NullPointerException at org.apache.directory.server.core.authn.AuthenticationInterceptor.check(AuthenticationInterceptor.java:1262)
      at org.apache.directory.server.core.authn.AuthenticationInterceptor.add(AuthenticationInterceptor.java:364)
      at org.apache.directory.server.core.api.interceptor.BaseInterceptor.next(BaseInterceptor.java:422)
      at org.apache.directory.server.core.normalization.NormalizationInterceptor.add(NormalizationInterceptor.java:127)
      at org.apache.directory.server.core.DefaultOperationManager.add(DefaultOperationManager.java:394)
      at org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:233)
      at org.apache.directory.server.core.shared.DefaultCoreSession.add(DefaultCoreSession.java:217)
      at org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:57)
      at org.apache.directory.server.ldap.handlers.request.AddRequestHandler.handle(AddRequestHandler.java:39)
      at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
      at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
      at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
      at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:690)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:417)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1200(DefaultIoFilterChain.java:47)
      at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:765)
      at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
      at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
      at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:474)
      at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:428)
      at java.lang.Thread.run(Unknown Source) ]
      dn: uid=1336598819633,ou=users,ou=int,o=cpro
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      uid: 1336598819633
      mail: test@test.com
      sn: Test
      givenName: Test
      pwdPolicySubEntry: ads-pwdId=cproint,ou=passwordPolicies,ads-interceptorId=authenticationInterceptor,ou=interceptors,ads-directoryServiceId=default,ou=config
      userPassword:: e1NTSEF9Mnhia053MDlLd1dVZE0xMTFXUzQ3K2s5N3JzS3o4UHlYbGF2VUE9PQ==
      title: none
      employeeNumber: Test.Test
      cn: Test, Test
      displayName: Test, Test

      Carlo.Accorsi@ibs-ag.com <Carlo.Accorsi@ibs-ag.com> Sat, Nov 2, 2013 at 12:55 AM
      Reply-To: users@directory.apache.org
      To: users@directory.apache.org
      Hi, When we upgrade between versions of apacheDS, we dump out an LDIF of all the users including the pwdChangedTime and pwdPolicySubEntry attributes.

      We they all get imported back in, their password are all set to expire (as defined in the policy) in 30 days (+/-) the hour
      or however long it takes to import. We were looking to preserve the current period the passwords are valid when uplifting the system.

      One idea was to import the pwdChangedTime along with their password policy as defined in pwdPolicySubEntry but keep the policy itself disabled. (thereby leaving pwdChangedTime alone)
      When we tried this, the null pointer occurs that I sent below the other day. (that example did not include pwdChangedTime)

      We thought this might allow us to restore each user's actual password expiry. Then Once everyone is imported, we would re-enable the password policies.

      Am I going down a trail here? Thanks.

      From: Accorsi, Carlo
      Sent: Wednesday, October 30, 2013 3:55 PM
      To: users@directory.apache.org
      Subject: Null Pointer when importing Ldif entry with pwdPolicySubEntry attribute

      Hi, we're testing M16-SNAPSHOT . When we import an LDIF (from Directory Studio) containing entries that have a pwdPolicySubEntry attribute a null pointer exception occurs.
      The policy defined in the in attribute exists and when ads-enabled=TRUE is set, the entry imports ok. If the policy ads-enabled=FALSE, the NPE is thrown.

      Maybe this is the expected behavior? We would in some situations like to bulk load users without the policy enabled, then after everyone is in there, enable the policy.

      Thanks!

        Attachments

          Activity

            People

            • Assignee:
              akiran Kiran Ayyagari
              Reporter:
              akiran Kiran Ayyagari
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: