Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-3373

Log lower level root cause exception in LDAPLoginModule.doLogin()



    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 3.0.3, 2.3.10, 2.4.2, 4.0.0.M3
    • Component/s: karaf
    • Labels:
    • Environment:

      LDAP based JAAS login module


      Method org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.doLogin() catches any exception and raises a new LoginException

      } catch (Exception e) {
        throw new LoginException("Can't connect to the LDAP server: " + e.getMessage());
      } finally {

      However in case something is wrong with the LDAP configuration (e.g. wrong SSL certificates) the root cause will be lost as e.getMessage() only returns a fairly generic message, like

      Can't connect to the LDAP server: simple bind failed: localhost:10636

      whereas the root cause really is

      sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

      We should somehow ensure this root cause is getting logged as well.
      Unfortunately the call stack to calling LDAPLoginModule.doLogin() includes the javax.security.auth.login.LoginContext which completely swallows the original LoginException raised in doLogin(). It only re-raises a very generic LoginException with the message:

      javax.security.auth.login.FailedLoginException: User doesn't exist

      The original exception message is lost.

      So there is no point in wrapping the root cause exception message in the LoginException to be thrown by LDAPLoginModule.doLogin().
      Instead I suggest to log the root cause in doLogin() as a warning as in the attached patch.


        1. KARAF-3373.patch
          1 kB
          Torsten Mielke

          Issue Links



              • Assignee:
                jbonofre Jean-Baptiste Onofré
                tmielke Torsten Mielke
              • Votes:
                0 Vote for this issue
                2 Start watching this issue


                • Created: