Announcement Announcement Module
Collapse
No announcement yet.
Problem adding a user with authorities and special (eg '+') characters Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem adding a user with authorities and special (eg '+') characters

    Hi,

    I'm facing a problem when adding a user with special characters (such as '+') in ldap using the createUser method of LdapUserDetailsManager. I use spring-ldap 1.3.0.RELEASE.

    I might be missing something, and my code or configuration might be wrong in some way, but here is what I found :

    The first part of the method runs successfuly, and the user is added, but an exception is thrown in the addAuthorities method.

    Code:
    org.springframework.ldap.InvalidAttributeValueException: [LDAP: error code 21 - member: value #0 invalid per syntax]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - member: value #0 invalid per syntax]; remaining name 'cn=user,ou=Group'
    I explored the source in debug mode and it appends that the username is correctly protected by the DistinguishedName class (test+a@test becomes test\+a@test), but in the following call (lines 328 to 331 of LdapUserDetailsManager), the fullDn.toUrl() returns an unprotected dn (back to test+a@test), leading the exception above.


    Code:
    ModificationItem addGroup = new ModificationItem(modType,
                                new BasicAttribute(groupMemberAttributeName, fullDn.toUrl()));

    The full trace is :

    Code:
    Exception in thread "main" org.springframework.ldap.InvalidAttributeValueException: [LDAP: error code 21 - member: value #0 invalid per syntax]; nested exception is javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - member: value #0 invalid per syntax]; remaining name 'cn=user,ou=Group'
    	at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:122)
    	at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:810)
    	at org.springframework.ldap.core.LdapTemplate.executeReadWrite(LdapTemplate.java:802)
    	at org.springframework.security.ldap.userdetails.LdapUserDetailsManager.modifyAuthorities(LdapUserDetailsManager.java:323)
    	at org.springframework.security.ldap.userdetails.LdapUserDetailsManager.addAuthorities(LdapUserDetailsManager.java:315)
    	at org.springframework.security.ldap.userdetails.LdapUserDetailsManager.createUser(LdapUserDetailsManager.java:243)
    	at com.mycompany.project.core.application.manager.impl.LdapRepositoryUserManager.saveUser(LdapRepositoryUserManager.java:294)
    	at com.mycompany.project.core.application.manager.impl.LdapRepositoryUserManager.saveClient(LdapRepositoryUserManager.java:114)
    	at com.mycompany.project.apps.webapps.LdapTestMain.main(LdapTestMain.java:36)
    Caused by: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 21 - member: value #0 invalid per syntax]; remaining name 'cn=user,ou=Group'
    	at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3054)
    	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2987)
    	at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2794)
    	at com.sun.jndi.ldap.LdapCtx.c_modifyAttributes(LdapCtx.java:1455)
    	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_modifyAttributes(ComponentDirContext.java:255)
    	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.modifyAttributes(PartialCompositeDirContext.java:172)
    	at javax.naming.directory.InitialDirContext.modifyAttributes(InitialDirContext.java:153)
    	at org.springframework.security.ldap.userdetails.LdapUserDetailsManager$5.executeWithContext(LdapUserDetailsManager.java:331)
    	at org.springframework.ldap.core.LdapTemplate.executeWithContext(LdapTemplate.java:807)
    	... 7 more
    I'm currently looking for a workaround, maybe using another method of the API.
    Last edited by Raphael_Lemaire; Jul 6th, 2010, 04:32 AM.
Working...
X