Uploaded image for project: 'Qpid'
  1. Qpid
  2. QPID-8623

[Broker-J] AESKeyFile encryption breaks SimpleLDAPAuthenticationManager user search

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • qpid-java-broker-9.0.0
    • qpid-java-broker-9.1.0
    • Broker-J
    • None

    Description

      When enabling AESKeyFile configuration encryption and trying to authenticate via SimpleLDAPAuthenticationManager an error happens with the following stacktrace:

       

      2023-02-14T20:58:22,270Z WARN [qtp453021524-123] (o.a.q.s.s.a.m.SimpleLDAPAuthenticationManagerImpl) - Retrieving LDAP name for user 'xxxxxx' resulted in error.
javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090439, comment: AcceptSecurityContext error, data 52e, v4563 ]
at java.naming/com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3259)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3205)
at java.naming/com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2991)
at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2905)
at java.naming/com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:348)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:266)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:226)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:284)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:185)
at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:115)
at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:730)
at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305)
at java.naming/javax.naming.InitialContext.init(InitialContext.java:236)
at java.naming/javax.naming.InitialContext.<init>(InitialContext.java:208)
at java.naming/javax.naming.directory.InitialDirContext.<init>(InitialDirContext.java:101)
at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.lambda$createInitialDirContext$2(SimpleLDAPAuthenticationManagerImpl.java:602)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.Subject.doAs(Subject.java:423)
at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.invokeContextOperationAs(SimpleLDAPAuthenticationManagerImpl.java:796)
at org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationManagerImpl.createInitialDirContext(SimpleLDAPAuthenticationManagerImpl.java:602)

      It seems that AESKeyFile encryption might not be working correctly with SimpleLDAP: perhaps the password is encrypted in the config.json isn't being decrypted before LDAP is checked.

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            daniel.kirilyuk Daniil Kirilyuk
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: