Announcement Announcement Module
Collapse
No announcement yet.
LDAP: error code 34 - invalid DN while bind, but lookup and search are working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAP: error code 34 - invalid DN while bind, but lookup and search are working

    Hi all,
    after 6 hours of searching the internet in the deepest places I give up and ask you for any help.

    Litte update:
    I've checked this also in my company. I am using spring-ldap 1.3.0, my co-workers simple java. We use the same configuration, settings etc.. Their code works, context is created without any problem, but for Spring no. Even search doesn't work. We tried really deep debugging with trying to create InitialDirContext with the same environment. Spring throw an exception

    Really for me it looks like a bug.

    I got this error:
    Code:
    org.springframework.ldap.InvalidNameException: [LDAP: error code 34 - invalid DN]; nested exception is javax.naming.InvalidNameException: [LDAP: error code 34 - invalid DN]
    	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:126)
    	at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:266)
    	at org.springframework.ldap.core.support.AbstractContextSource.getContext(AbstractContextSource.java:106)
    	at org.springframework.ldap.core.support.AbstractContextSource.getReadWriteContext(AbstractContextSource.java:138)
    	at org.springframework.ldap.core.LdapTemplate.executeReadWrite(LdapTemplate.java:801)
    	at org.springframework.ldap.core.LdapTemplate.bind(LdapTemplate.java:996)
    	at org.springframework.ldap.core.LdapTemplate.bind(LdapTemplate.java:1354)
    	at eu.gruchala.addressbook.ldap.server.dao.DefaultPersonDao.create(DefaultPersonDao.java:60)
    	at eu.gruchala.addressbook.ldap.server.dao.DefaultPersonDaoIntegrationTest.create(DefaultPersonDaoIntegrationTest.java:64)
    I'm trying to invoke this code:
    Code:
    public class DefaultPersonDao implements PersonDao {
    
    	private LdapTemplate m_ldapTemplate;
    
    	public void setLdapTemplate(final LdapTemplate ldapTemplate) {
    		m_ldapTemplate = ldapTemplate;
    	}
    
    	public void create(final Person person) {
    		final Name dn = buildDn(person);
    		final DirContextAdapter context = new DirContextAdapter(dn);
    		mapToContext(person, context);
    		m_ldapTemplate.bind(context);
    	}
    	private Name buildDn(final Person person) {
    		return buildDn(person.getFullName());
    	}
    
    	private Name buildDn(final String fullname) {
    		final DistinguishedName dn = new DistinguishedName("dc=ldap,dc=gruchala,dc=eu");
    		dn.add(LdapAttributes.FULL_NAME.getCode(), fullname);
    		return dn;
    	}
    
    	private void mapToContext(final Person person, final DirContextAdapter context) {
    		context.setAttributeValues("objectclass", new String[]{"top", "person"});
    		context.setAttributeValue(LdapAttributes.FULL_NAME.getCode(), person.getFullName());
    		context.setAttributeValue(LdapAttributes.NAME.getCode(), person.getName());
    		context.setAttributeValue(LdapAttributes.SURNAME.getCode(), person.getSurname());
    		context.setAttributeValue(LdapAttributes.COMPANY.getCode(), person.getCompany());
    		context.setAttributeValue(LdapAttributes.COUNTRY.getCode(), person.getCountry());
    		context.setAttributeValue(LdapAttributes.DESCRIPTION.getCode(), person.getDescription());
    		context.setAttributeValue(LdapAttributes.HOME_PHONE.getCode(), person.getHomePhone());
    		context.setAttributeValue(LdapAttributes.BUSINESS_PHONE.getCode(), person.getBusinessPhone());
    		context.setAttributeValue(LdapAttributes.MOBILE_PHONE.getCode(), person.getMobilePhone());
    		context.setAttributeValue(LdapAttributes.DEPARTMENT.getCode(), person.getDepartment());
    		context.setAttributeValue(LdapAttributes.JOB_TITLE.getCode(), person.getJobTile());
    		context.setAttributeValue(LdapAttributes.E_MAIL.getCode(), person.getEmail());
    		context.setAttributeValue(LdapAttributes.NOTES.getCode(), person.getNotes());
    	}
    my xml configuration:
    Code:
     <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <property name="url" value="ldap://10.0.1.10:389"/>
        <property name="base" value="dc=ldap,dc=gruchala,dc=eu"/>
        <property name="userDn" value="cn=admin,dc=ldap,dc=gruchala,dc=eu"/>
        <property name="password" value="****"/>
      </bean>
    
      <bean id="ldapTemplateBean" class="org.springframework.ldap.core.LdapTemplate">
        <constructor-arg ref="contextSource"/>
        <property name="ignoreNameNotFoundException" value="true" />
        <property name="ignorePartialResultException" value="true" />
      </bean>
    After debugging I can show you what is in my environment:
    Code:
    {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, 
    java.naming.provider.url=ldap://10.0.1.10:389/dc=ldap,dc=gruchala,dc=eu, 
    java.naming.security.principal=cn=admin,dc=ldap,dc=gruchala,dc=eu, 
    java.naming.security.authentication=simple, 
    java.naming.security.credentials=******, 
    org.springframework.ldap.base.path=dc=ldap,dc=gruchala,dc=eu, 
    java.naming.factory.object=org.springframework.ldap.core.support.DefaultDirObjectFactory}
    just before invoking this code from AbstractContextSource class:
    Code:
    	protected DirContext createContext(Hashtable environment) {
    		DirContext ctx = null;
    
    		try {
    			ctx = getDirContextInstance(environment); //<-- here I've got an exception
    
    			if (log.isInfoEnabled()) {
    				Hashtable ctxEnv = ctx.getEnvironment();
    				String ldapUrl = (String) ctxEnv.get(Context.PROVIDER_URL);
    				log.debug("Got Ldap context on server '" + ldapUrl + "'");
    			}
    
    			return ctx;
    		}
    		catch (NamingException e) {
    			closeContext(ctx);
    			throw LdapUtils.convertLdapException(e);
    		}
    	}
    I will be really thankful for any help.
    Last edited by leszekgruchala; Jun 5th, 2009, 05:25 AM.

  • #2
    I've tried also snapshot build 1.3.1.CI-SNAPSHOT. The same result :/

    Of course it is possible that I have bad configuration, but I used the same as in another ldap code & application and it does not work with spring.

    What can I do to help you check if it is a bug?

    Comment


    • #3
      From a quick glance your configuration seems OK. Your environment looks fine, so the context creation should work without problems. The only idea I have is that there might be some invisible character somewhere the user DN or base path that screws it up. You might want to re-type the text to make sure there's no invisible characters in there. Spring LDAP really doesn't have anything to do with this - the configured values are sent right down to the Java LDAP provider, which in turn passes it on to the LDAP server. You might want to check the server logs to see if you can get some more information there.

      Comment


      • #4
        To clarify: Spring LDAP does not throw this exception - the root exception is from the Java LDAP provider - all Spring LDAP does is wrap the exception to a runtime equivalent.

        Comment


        • #5
          Thank you for the reply.

          I have this log in my slapd server:
          Code:
          slapd[6536]: conn=2 op=0 do_bind: invalid dn (cn=admin,dc=ldap,dc=gruchala,dc=eu)
          It cannot be true, because the same string is defined in Evolution application and it works there.

          Here you have my ldap server conf:
          Code:
          root@leszek-laptop:/etc/ldap# more slapd.conf 
          # This is the main slapd configuration file. See slapd.conf(5) for more
          # info on the configuration options.
          
          #######################################################################
          # Global Directives:
          
          # Features to permit
          #allow bind_v2
          
          # Schema and objectClass definitions
          include         /etc/ldap/schema/core.schema
          include         /etc/ldap/schema/cosine.schema
          include         /etc/ldap/schema/nis.schema
          include         /etc/ldap/schema/inetorgperson.schema
          include		/etc/ldap/schema/misc.schema
          
          # Where the pid file is put. The init.d script
          # will not stop the server if you change this.
          pidfile         /var/run/slapd/slapd.pid
          
          # List of arguments that were passed to the server
          argsfile        /var/run/slapd/slapd.args
          
          # Read slapd.conf(5) for possible values
          loglevel         -1
          #loglevel        256
          
          # Where the dynamically loaded modules are stored
          modulepath	/usr/lib/ldap
          moduleload	back_bdb
          moduleload	dynlist
          
          # The maximum number of entries that is returned for a search operation
          sizelimit 500
          
          # The tool-threads parameter sets the actual amount of cpu's that is used
          # for indexing.
          tool-threads 1
          
          #######################################################################
          # Specific Backend Directives for bdb:
          # Backend specific directives apply to this backend until another
          # 'backend' directive occurs
          backend		bdb
          
          #######################################################################
          # Specific Directives for database #1, of type bdb:
          # Database specific directives apply to this databasse until another
          # 'database' directive occurs
          database        bdb
          
          # The base of your directory in database #1
          suffix          "dc=ldap,dc=gruchala,dc=eu"
          checkpoint 512 30
          
          # Where the database file are physically stored for database #1
          directory       "/var/lib/ldap"
          
          # For the Debian package we use 2MB as default but be sure to update this
          # value if you have plenty of RAM
          dbconfig set_cachesize 0 2097152 0
          
          # Number of objects that can be locked at the same time.
          dbconfig set_lk_max_objects 1500
          # Number of locks (both requested and granted)
          dbconfig set_lk_max_locks 1500
          # Number of lockers
          dbconfig set_lk_max_lockers 1500
          
          # Indexing options for database #1
          index           objectClass eq,pres
          index		uid,memberUid eq,sub
          index		uidNumber,gidNumber eq
          
          # Save the time that the entry gets modified, for database #1
          lastmod         on
          
          #DYNLISTS
          overlay dynlist
          dynlist-attrset labeledURIObject labeledURI
          
          # password hash
          password-hash {SSHA}
          
          # The userPassword by default can be changed
          # by the entry owning it if they are authenticated.
          # Others should not be able to see it, except the
          # admin entry below
          # These access lines apply to database #1 only
          access to attrs=userPassword,shadowLastChange
                  by dn="cn=admin,dc=ldap,dc=gruchala,dc=eu" write
                  by anonymous auth
                  by self write
                  by * none
          
          # Ensure read access to the base for things like
          # supportedSASLMechanisms.  Without this you may
          # have problems with SASL not knowing what
          # mechanisms are available and the like.
          # Note that this is covered by the 'access to *'
          # ACL below too but if you change that as people
          # are wont to do you'll still need this if you
          # want SASL (and possible other things) to work 
          # happily.
          access to dn.base="" by * read
          
          # The admin dn has full write access, everyone else
          # can read everything.
          access to *
                  by dn="cn=admin,dc=ldap,dc=gruchala,dc=eu" write
                  by * read
          Here you can see what I have from the server command line:
          Code:
          root@leszek-laptop:/home/leszek# ldapsearch -x -b dc=ldap,dc=gruchala,dc=eu objectclass=*
          # extended LDIF
          #
          # LDAPv3
          # base <dc=ldap,dc=gruchala,dc=eu> with scope subtree
          # filter: objectclass=*
          # requesting: ALL
          #
          
          # ldap.gruchala.eu
          dn: dc=ldap,dc=gruchala,dc=eu
          objectClass: top
          objectClass: dcObject
          objectClass: organization
          o: gruchala
          dc: ldap
          
          # admin, ldap.gruchala.eu
          dn: cn=admin,dc=ldap,dc=gruchala,dc=eu
          objectClass: simpleSecurityObject
          objectClass: organizationalRole
          cn: admin
          description: LDAP administrator
          
          # Leszek Gruchala, ldap.gruchala.eu
          dn: cn=Leszek Gruchala,dc=ldap,dc=gruchala,dc=eu
          cn: Leszek Gruchala
          sn: Gruchala
          displayName: Leszek
          objectClass: top
          objectClass: person
          objectClass: organizationalPerson
          objectClass: inetOrgPerson
          
          # search result
          search: 1
          result: 0 Success
          
          # numResponses: 5
          # numEntries: 4
          Any idea?

          Comment


          • #6
            I installed Apache Directory Studio and without any problem connect to the sladp server.

            There is a possibility to get a lot of information i.e. dn for admin user. So this is:

            cn=admin,dc=ldap,dc=gruchala,dc=eu

            The same as in my configuration.

            Maybe you have some very simple application properly works, which I can download and try?

            Comment


            • #7
              I made this sample class:
              Code:
              public class SimpleAuthInitialDirContext {
              
              	public static void main(String[] args) {
              		Hashtable<String, Object> env = new Hashtable<String, Object>();
              
              		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
              		env.put(Context.PROVIDER_URL, "ldap://10.0.1.10:389/dc=ldap,dc=gruchala,dc=eu");
              		env.put(Context.SECURITY_AUTHENTICATION, "simple");
              		env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=ldap,dc=gruchala,dc=eu");
              		env.put(Context.SECURITY_CREDENTIALS, "****");
              
              		try {
              			DirContext ctx = new InitialDirContext(env);
              			System.out.println(ctx.lookup("cn=admin"));
              
              			ctx.close();
              		} catch (NamingException e) {
              			e.printStackTrace();
              		}
              	}
              }

              And it works.........

              PS. Lookup and search were working because I had set
              <property name="anonymousReadOnly" value="true"/>
              If it isn't, it doesn't work also.
              Last edited by leszekgruchala; Jun 5th, 2009, 06:05 PM.

              Comment


              • #8
                As you point out yourself, the Hastable environment does look quite OK just before the call to getDirContextInstance(). Now, all that happens in getDirContextInstance() the instantiation of the DirContext instance. From what I can tell the only thing that's different between your code and the Spring LDAP code is that you create an InitialDirContext instance (only LdapV2 compatible), whereas the LdapContextSource creates an InitialLdapContext (LdapV3 compatible; will not work with an LdapV2 server). You might want to try using DirContextSource instead to eliminate that being a problem.

                If that doesn't do the trick I would like to urge you to re-type the DNs in your configuration files, to make perfectly sure there is nothing in there is invalid (like an invalid hidden character).

                Comment


                • #9
                  Thank you very much for your reply.

                  The InitialLdapContext context works as well. Now the LDAP: error code 34 is funnier...

                  Code:
                  public class SimpleAuthInitialDirContext {
                  
                  	public static void main(String[] args) {
                  		Hashtable<String, Object> env = new Hashtable<String, Object>();
                  
                  		env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                  		env.put(Context.PROVIDER_URL, "ldap://10.0.1.10:389/dc=ldap,dc=gruchala,dc=eu");
                  		env.put(Context.SECURITY_AUTHENTICATION, "simple");
                  		env.put(Context.SECURITY_PRINCIPAL, "cn=admin,dc=ldap,dc=gruchala,dc=eu");
                  		env.put(Context.SECURITY_CREDENTIALS, "0mar2tek");
                  
                  		try {
                  			DirContext ctx = new InitialLdapContext(env, null);
                  			System.out.println(ctx.lookup("cn=admin"));
                  			
                  			InitialLdapContext ctx2 = new InitialLdapContext(env, null);
                  			System.out.println(ctx2.lookup("cn=admin"));
                  
                  			ctx.close();
                  		} catch (NamingException e) {
                  			e.printStackTrace();
                  		}
                  	}
                  }

                  Comment


                  • #10
                    Solved

                    I removed the whole configuration from xls file. Wrote again only by fingers and... it works! I have got the context

                    But, I really don't understand why the app didn't work with really different configuration with different ldap server. I checked and changed the configuration many times and just now it works...

                    I'm really sorry for taking your free time to trying resolve this issue and really I'm thankful for your help.

                    Comment

                    Working...
                    X