[DIRSERVER-1743] ReplicationConsumerImpl fails to connect when startTLS is enabled - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 2.0.0-M7
Fix Version/s: 2.0.0-RC1
Component/s: replication
Labels:
- patch
Environment:
All

Description

When running syncrepl client (ReplicationConsumerImpl) with startTLS enabled the first connection attempt fails with the the exception below. This occurs because there is no TCP connection established when the LDAP Start TLS extended request is attempted.

16:42:04,349 | ERROR | Thread-24 | ReplicationConsumerImpl[249] Failed to bind with the given bindDN and credentials
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: Cannot connect on the server, the connection is null
at org.apache.directory.ldap.client.api.LdapNetworkConnection.checkSession(LdapNetworkConnection.java:267)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at org.apache.directory.ldap.client.api.LdapNetworkConnection.startTls(LdapNetworkConnection.java:3536)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:228)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]

Subsequent connection attempts fail if confidentiality is enabled as the ReplicationConsumerImpl connect() code bypasses the startTLS if the LdapNetworkConnection has already been created. This results in the following exception.

16:42:09,452 | WARN | Thread-24 | ReplicationConsumerImpl[244]
org.apache.directory.shared.ldap.model.exception.LdapAuthenticationNotSupportedException: Confidentiality (TLS secured connection) is required.
at org.apache.directory.shared.ldap.model.message.ResultCodeEnum.processResponse(ResultCodeEnum.java:2105)[28:org.apache.directory.shared.ldap.model:1.0.0.M12]
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:122)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at org.apache.directory.ldap.client.api.AbstractLdapConnection.bind(AbstractLdapConnection.java:105)[43:org.apache.directory.shared.ldap.client.api:1.0.0.M12]
at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.connect(ReplicationConsumerImpl.java:237)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at org.apache.directory.server.ldap.replication.consumer.ReplicationConsumerImpl.start(ReplicationConsumerImpl.java:534)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at org.apache.directory.server.ldap.LdapServer$2.run(LdapServer.java:660)[15:org.apache.directory.server.protocol.ldap:2.0.0.M7]
at java.lang.Thread.run(Thread.java:680)[:1.6.0_33]

A fix to both exceptions is to ensure that the LDAPNetworkConnection startTls() call is preceeded with a call to LDAPNetworkConnection connect() and and also ensure that if startTLS is enabled, the calls to connect() and startTls() are made for each ReplicationConsumerImpl connection attempt.

I will attach an svn diff of the fix that works within my development environment.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ReplicationConsumerImpl.diff
16/Aug/12 20:57
1 kB
Paul Bayliss

Activity

People

Assignee:: Unassigned

Reporter:: Paul Bayliss

Votes:: 1 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/Aug/12 20:53

Updated:: 16/Jun/19 21:21