Uploaded image for project: 'Service Packs and Hot Fixes'
  1. Service Packs and Hot Fixes
  2. MNT-1232

when using several ldap subsystems with the same principal, a ldap bind request is made by alfresco for each element of the chain leading to locked principal account

    Details

    • Type: Service Pack Request
    • Status: Closed
    • Resolution: Not a bug
    • Affects Version/s: 3.3.3
    • Fix Version/s: 3.4.1
    • Component/s: Installer
    • Labels:
      None
    • Environment:
      any alfresco with ldap with more than one ldap subs0sytem having the same principal
    • Bug Priority:
      Category 3
    • ACT Numbers:

      23894

      Description

      when using several ldap subsystems with the same principal, a ldap bind request is made by alfresco for each element of the chain leading to locked principal account

      How to reproduce?
      ==================
      1) build a 3.3.3
      2) using JMX set the chain to
      ldap1:ldap,ldap2:ldap

      each of the subsystems point to the same ldap server with the same principal but on different branches
      3) triger a sync using JMX while running a network dump

      Result:
      =======
      A bind request with the wrong password is sent for each element.
      If you have N elements with the same principal, we trigger N bind request with a bad password for the same principal. If N>4, then AD by default lock the account leading to a sync failure.

      Expected result:
      ================
      No account is locked.
      Could we come with a more clever way of testing LDAP connectivity?
      E.g If we already tested agaisnt the same ldap server with the same principal, why retest it within a fraction of second?

      Analysis:
      ========
      The wrong password is sent in file:

      root/projects/repository/source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java

      at line:
      env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123");

      tkt 23894
      related to ALFCOM-1211

        Attachments

          Issue Links

            Structure

              Activity

                People

                • Assignee:
                  closedissues Closed Issues
                  Reporter:
                  amadon Alex Madon [X] (Inactive)
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  2 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:

                    Structure Helper Panel