Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-13377

LDAP authentication fails when syncing multi-values attributes

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Blocker
    • 8.1-rc-1, 7.4.4
    • 7.3-rc-1
    • {Unused} LDAP
    • Debian 8 amd64
      PostgreSQL
      Oracle JDK 1.8.0_b92
    • Integration
    • Unknown
    • N/A
    • N/A

    Description

      After upgrading from 7.1.4, the LDAPĀ authentication for some users does not work.

      Enabling TRACE log level on LDAP related components reveals the following error :

      2016-04-29 08:12:12,334 [http://192.168.56.52:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] TRACE u.i.L.XWikiLDAPAuthServiceImpl - Starting LDAP authentication
2016-04-29 08:12:12,359 [http://192.168.56.52:8080/xwiki/bin/loginsubmit/XWiki/XWikiLogin] DEBUG u.i.L.XWikiLDAPAuthServiceImpl - Local LDAP authentication failed.
java.lang.ClassCastException: java.util.ArrayList cannot be cast to java.lang.String
        at com.xpn.xwiki.objects.BaseStringProperty.setValue(BaseStringProperty.java:45)
        at com.xpn.xwiki.objects.classes.PropertyClass.fromValue(PropertyClass.java:615)
        at com.xpn.xwiki.objects.classes.BaseClass.fromMap(BaseClass.java:413)
        at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.updateUserFromLDAP(XWikiLDAPUtils.java:1183)
        at com.xpn.xwiki.plugin.ldap.XWikiLDAPUtils.syncUser(XWikiLDAPUtils.java:997)
        at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.syncUser(XWikiLDAPAuthServiceImpl.java:453)
        at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticateInContext(XWikiLDAPAuthServiceImpl.java:417)
        at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.ldapAuthenticate(XWikiLDAPAuthServiceImpl.java:182)
        at com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl.authenticate(XWikiLDAPAuthServiceImpl.java:129)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:272)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:192)
        at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:174)
        at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239)
        at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:3623)
        at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241)
        at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271)
        at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:3641)
        at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:4715)
        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:346)
        at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:191)
        at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:425)
        at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:228)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913)
        at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:644)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:291)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:115)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.xwiki.wysiwyg.server.filter.ConversionFilter.doFilter(ConversionFilter.java:127)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:137)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:506)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:610)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1081)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658)
        at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1566)
        at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1523)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)

      The LDAP settings (except server and bind info) are the following : 

      xwiki.authentication.ldap=1
xwiki.authentication.ldap.UID_attr=uid
xwiki.authentication.ldap.fields_mapping=last_name=sn,first_name=cn,email=mail
xwiki.authentication.ldap.update_user=1
xwiki.authentication.ldap.trylocal=1

      When removing the synchronization for the mail LDAP attribute, connection is possible. This attribute has multiple values for the concerned accounts. When using an account with only one value, connection succeeds.

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            fcharton Florent Charton
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: