[Bug 65033] New: Tomcat 8.5.60/61 User authentication with JNDIRealm failure

Sun, 27 Dec 2020 23:06:37 -0800 

https://bz.apache.org/bugzilla/show_bug.cgi?id=65033

            Bug ID: 65033
           Summary: Tomcat 8.5.60/61 User authentication with JNDIRealm
                    failure
           Product: Tomcat 8
           Version: 8.5.60
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Catalina
          Assignee: dev@tomcat.apache.org
          Reporter: rsnraju...@gmail.com
  Target Milestone: ----

Tomcat version : Tomcat 8.5.60/61 

below is applied configuration in our environment
1. Realm Configuration:
-----------------------
<Realm className="org.apache.catalina.realm.CombinedRealm">
   <Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://XX.XX.XX.XX:389"; useStartTls="true"
userPattern="uid={0},ou=people,ou=accounts,dc=netact,dc=net"/>
  <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>

2. LDAP and tomcat_users.xml has user credentials(ldapuser/ldapuser).


with the above configuration , Tomcat will try to authenticate the user against
 JNDIRealm(LDAP) first and later the UserdatabaseRealm(tomcat_users.xml).



User(ldapuser) tries to authenticates when ldap is down. User(ldapuser)
authentication successful for the 1st time. 


User(ldapuser) tries to authenticates again when ldap is down. User(ldapuser)
authentication is not successful for the 2nd time.
looks like there is an hung when JNDIRealm.authenticate being invoked from
CombinedRealm.authenticate.
JNDIRealm.authenticate not returning any response as per the generated logs.
     Principal authenticate(String username, String credentials)

Logs:
-----
Dec 27, 2020 10:59:42 PM org.apache.catalina.authenticator.AuthenticatorBase
invoke
FINE: Calling authenticate()
Dec 27, 2020 10:59:42 PM org.apache.catalina.authenticator.FormAuthenticator
doAuthenticate
FINE: Authenticating username 'ldapuser1'
Dec 27, 2020 10:59:42 PM com.nokia.oss.esymac.realm.CustomLockOutRealm
authenticate
INFO: authenticate usernameldapuser1 , credentials ldapuser1
Dec 27, 2020 10:59:42 PM com.nokia.oss.esymac.realm.CustomLockOutRealm
authenticate
INFO: before authenticate..
Dec 27, 2020 10:59:42 PM com.nokia.oss.esymac.realm.DefaultLockOutRealm
authenticate
INFO: DefaultLockouRealm start authenticate..ldapuser1
Dec 27, 2020 10:59:42 PM com.nokia.oss.esymac.realm.DefaultLockOutRealm
authenticate
INFO: DefaultLockouRealm stabefore  authenticate..ldapuser1
Dec 27, 2020 10:59:42 PM org.apache.catalina.realm.CombinedRealm authenticate
FINE: Attempting to authenticate user [ldapuser1] with realm
[org.apache.catalina.realm.CombinedRealm]
Dec 27, 2020 10:59:42 PM org.apache.catalina.realm.CombinedRealm authenticate
FINE: Attempting to authenticate user [ldapuser1] with realm
[org.apache.catalina.realm.JNDIRealm]



Note : With Tomcat 8.5.59 this issue not observed.

Please let us know if any other information needed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to