Uploaded image for project: 'CDAP'
  1. CDAP
  2. CDAP-13401

Better error message when LDAP login fails

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.3.3
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
    • Rank:
      1|i00cjr:

      Description

      When LDAP login fails with an exception, the UI does not indicate that exception at all. Instead it shows "Invalid user name or password". This is misleading when the problem is really a misconfigured LDAP server. 

      In this particular instance, the LdapLoginModule was throwing a NullPointerException:

      2018-04-30 16:41:44,535 - DEBUG [qtp1900702536-33 - /token:o.e.j.p.j.s.LdapLoginModule@343] - Found user roles?: false
      java.lang.NullPointerException
              at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.getNextBatch(AbstractLdapNamingEnumeration.java:130)
              at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextAux(AbstractLdapNamingEnumeration.java:258)
              at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextImpl(AbstractLdapNamingEnumeration.java:249)
              at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.next(AbstractLdapNamingEnumeration.java:203)
              at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextElement(AbstractLdapNamingEnumeration.java:106)
              at com.sun.jndi.ldap.AbstractLdapNamingEnumeration.nextElement(AbstractLdapNamingEnumeration.java:40)
              at org.eclipse.jetty.plus.jaas.spi.LdapLoginModule.getUserRolesByDn(LdapLoginModule.java:347)
              at org.eclipse.jetty.plus.jaas.spi.LdapLoginModule.bindingLogin(LdapLoginModule.java:487)
              at org.eclipse.jetty.plus.jaas.spi.LdapLoginModule.login(LdapLoginModule.java:407)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
              at java.lang.reflect.Method.invoke(Method.java:498)
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
              at javax.security.auth.login.LoginContext.login(LoginContext.java:587)
              at co.cask.cdap.security.server.JAASLoginService.login(JAASLoginService.java:216) 

      and should be surfaced better. 

       

       

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bhooshan Bhooshan Mogal
                Reporter:
                andreas Andreas Neumann
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: