Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.
Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #7391 (closed)

Opened 12 years ago

Closed 12 years ago

Bug: Better handling of LDAP referrals

Reported by: cxallan Owned by: cxallan
Priority: blocker Milestone: OMERO-4.4
Component: Security Version: n.a.
Keywords: n.a. Cc: jamoore, rfb@…
Resources: n.a. Referenced By: n.a.
References: n.a. Remaining Time: 0.0d
Sprint: 2012-04-10 (12)

Description

In certain cases, notably with more sophisticated AD setups, extensive use of LDAP referrals is made. The current Spring Security and Spring LDAP configuration does not support referrals early in the hierarchy. Example error from http://www.openmicroscopy.org/community/viewtopic.php?f=5&t=941:

2011-12-07 09:47:41,610 INFO [ ome.services.util.ServiceHandler] (l.Server-8) Excp: org.springframework.ldap.PartialResultException: Unprocessed Continuation
Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''
2011-12-07 09:47:41,611 ERROR [services.blitz.fire.PermissionsVerifierI] (l.Server-8) Exception thrown while checking password for:####
ome.conditions.InternalException: Wrapped Exception: (org.springframework.ldap.PartialResultException):
Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s); remaining name ''

Change History (11)

comment:1 Changed 12 years ago by cxallan

  • Owner set to cxallan
  • Remaining Time set to 1.0
  • Sprint set to 2011-12-27 (5)
  • Status changed from new to accepted

comment:2 Changed 12 years ago by cxallan

The first step, making LDAP referral handling configurable is now on my GitHub branch:

comment:3 Changed 12 years ago by jburel

  • Sprint changed from 2012-01-03 (5) to 2012-01-17 (6)

Moved from sprint 2012-01-03 (5)

comment:4 Changed 12 years ago by jmoore <josh@…>

(In [94707751638aedea9625c86bbd184c7fa5ec8848/ome.git]) Make LDAP referral handling configurable. (See #7391)

comment:5 Changed 12 years ago by jburel

  • Sprint changed from 2012-01-17 (6) to 2012-01-31 (7)

Moved from sprint 2012-01-17 (6)

comment:6 Changed 12 years ago by jmoore

  • Sprint changed from 2012-01-31 (7) to 2012-02-14 (8)

Moved from sprint 2012-01-31 (7)

comment:7 Changed 12 years ago by jburel

  • Sprint changed from 2012-02-14 (8) to 2012-02-28 (9)

Moved from sprint 2012-02-14 (8)

comment:8 Changed 12 years ago by jburel

  • Sprint changed from 2012-02-28 (9) to 2012-03-13 (10)

Moved from sprint 2012-02-28 (9)

comment:9 Changed 12 years ago by jburel

  • Sprint changed from 2012-03-13 (10) to 2012-03-27 (11)

Moved from sprint 2012-03-13 (10)

comment:10 Changed 12 years ago by jburel

  • Sprint changed from 2012-03-27 (11) to 2012-04-10 (12)

Chris is off, moving to next sprint

comment:11 Changed 12 years ago by cxallan

  • Remaining Time changed from 1.0 to 0
  • Resolution set to fixed
  • Status changed from accepted to closed

The code for this is in and we've tested as best we can without having an exact replica of the AD referral in place. Closing. The fixes will released as part of milestone:OMERO-Beta4.4.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

1.3.13-PRO © 2008-2011 Agilo Software all rights reserved (this page was served in: 0.93781 sec.)

© 2000-2014 University of Dundee & Open Microscopy Environment. Creative Commons Attribution 3.0 Unported License
OME source code is available under the GNU General public license or through commercial license from Glencoe Software

We're Hiring!