[Bug 63213] New: Logging Unbalanced parenthesis error in catalina log during user login

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=63213

            Bug ID: 63213
           Summary: Logging Unbalanced parenthesis error in catalina log
                    during user login
           Product: Tomcat 8
           Version: 8.0.53
          Hardware: PC
                OS: All
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: hemanth.kum...@cerner.com
  Target Milestone: ----

Created attachment 36471
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=36471&action=edit
catalina log with Unbalanced parenthesis error

The error below is logged when a user is attempting to log in.
It appears that the user is a member of a group with DN that contains a left
paren but no matching right paren. With roleNested attribute set to "TRUE" in
Realm className, this seems to indicate that tomcat is not properly escaping
characters. 

CN=LklApptCoordSched(RX,OU=Groups,DC=mfldclin,DC=org

org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis;
remaining name 'DC=mfldclin,DC=org'
at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:143)
at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:546)
at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1844)
at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1769)
at
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
at
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1790)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1203)
at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1052)
at
com.siemens.cto.security.tomcat.RoleMapperRealm.authenticate(RoleMapperRealm.java:24)
at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:146)
at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:180)

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org