Project

General

Profile

Bug #7469

Logon to CN-DEV fails with LDAP error. Unable to add account details.

Added by Dave Vieglais about 9 years ago. Updated almost 9 years ago.

Status:
Rejected
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
d1_portal_servlet
Target version:
CCI-2.0.0
Start date:
2015-11-05
Due date:
% Done:

30%

Milestone:
CCI-2.0
Product Version:
*
Story Points:
Sprint:

Description

Attempting to logon to cn-dev using the portal application presents the "account details" page, however filling in the additional attributes and clicking register returns to the same page with no account details preserved.

When authenticating, there are many warnings in /var/log/tomcat7/catalina.out, for example:

[WARN]: Could not find: CN=Dave Vieglais A335,O=Google,C=US,DC=cilogon,DC=org : in Ldap: [LDAP: error code 32 - No Such Object] [org.dataone.service.cn.impl.v2.CNIdentityLDAPImpl]

Then an error:

20151105-14:57:13: [ERROR]: Problem looking up entry: CN=Dave Vieglais A335,O=Google,C=US,DC=cilogon,DC=org : [LDAP: error code 32 - No Such Object] [org.dataone.service.cn.impl.v2.CNIdentityLDAPImpl]
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'CN=Dave Vieglais A335,O=Google,C=US,DC=cilogon,DC=org'
at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3112)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840)
at com.sun.jndi.ldap.LdapCtx.c_getAttributes(LdapCtx.java:1332)
at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_getAttributes(ComponentDirContext.java:231)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:139)
at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.getAttributes(PartialCompositeDirContext.java:127)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:142)
at javax.naming.directory.InitialDirContext.getAttributes(InitialDirContext.java:137)
at org.dataone.service.cn.impl.v2.CNIdentityLDAPImpl.getPendingMapIdentity(CNIdentityLDAPImpl.java:1323)
at org.dataone.service.cn.impl.v1.CNIdentityLDAPImpl.getPendingMapIdentity(CNIdentityLDAPImpl.java:179)
at org.dataone.cn.rest.web.identity.v1.IdentityController.getPendingMapIdentity(IdentityController.java:170)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod(HandlerMethodInvoker.java:176)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:436)
at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:424)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.dataone.cn.rest.filter.PortalCertificateFilter.doFilter(PortalCertificateFilter.java:82)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.dataone.cn.rest.filter.CNServiceDisableFilter.doFilter(CNServiceDisableFilter.java:78)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.ajp.AjpProcessor.process(AjpProcessor.java:200)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:307)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)

History

#1 Updated by Ben Leinfelder about 9 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30

Adding another stack trace, I see that the authentication is successful and a certificate is in the portal for the user. The problem seems to be when we try to make calls to the CN using libclient proxied as that user.

org.dataone.service.exceptions.ServiceFailure: class org.dataone.client.exception.ClientSideException: /Received fatal alert: decrypt_error
at org.dataone.client.rest.HttpMultipartRestClient.doGetRequest(HttpMultipartRestClient.java:339)
at org.dataone.client.rest.HttpMultipartRestClient.doGetRequest(HttpMultipartRestClient.java:318)
at org.dataone.client.v1.impl.MultipartCNode.getSubjectInfo(MultipartCNode.java:1498)
at org.apache.jsp.account_jsp._jspService(account_jsp.java:130)

Been trying to track down this decrypt_error but with no luck. I cannot replicate this when making a similar call with libclient running standalone on my machine (using CILogon certificate+key for myself).

I'm also confused why this is only happening on cn-dev and not other environments.

#2 Updated by Ben Leinfelder about 9 years ago

Connecting with curl and openssl are both successful when using a client certificate, as well.

openssl s_client -connect cn-dev-ucsb-1.test.dataone.org:443 -cert /tmp/x509up_u503 -CAfile /Users/leinfelder/workspace/cn-buildout/dataone-cn-os-core/etc/ssl/certs/geotrust_intermediate.crt -no_ssl2 -no_ssl3

#3 Updated by Ben Leinfelder almost 9 years ago

  • Status changed from In Progress to Rejected

Works for me now.

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)