aws-iam-ldap-bridge
aws-iam-ldap-bridge copied to clipboard
denismo
Users with no access key, no password are imported
I have used the provided ami to run ApacheDS + the IAM-LDAP bridge code. I updated the ~/apacheds directory to the latest apacheds-0.2.1.zip and created a /etc/iam_ldap.conf with "validator=iam_password". In my system, I have 10 IAM users of which 5 have passwords and 2 have access keys.
When it runs, I see 10 IAM users in my system. The first bug is that the service should check to see if the IAM user has a password and skip if it is not there. There should only have been 5 users imported.
The second bug is that after a while, the sync runs again, and the users that have no access key are deleted from the system. A typical apacheds.log entry is as follows:
[00:04:12] ERROR [org.apache.directory.api.ldap.model.entry.Modification] - ERR_04472 The attribute 'accesskey' is incorrect [00:04:12] ERROR [com.denismo.aws.iam.LDAPIAMPoller] - Exception processing user potal java.lang.NullPointerException at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:211) at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:883) at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:629) at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:594) at com.denismo.aws.iam.LDAPIAMPoller.addUser(LDAPIAMPoller.java:527) at com.denismo.aws.iam.LDAPIAMPoller.populateUsersFromIAM(LDAPIAMPoller.java:473) at com.denismo.aws.iam.LDAPIAMPoller.pollIAM(LDAPIAMPoller.java:220) at com.denismo.aws.iam.LDAPIAMPoller.access$000(LDAPIAMPoller.java:77) at com.denismo.aws.iam.LDAPIAMPoller$1.run(LDAPIAMPoller.java:600) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) [00:04:13] ERROR [org.apache.directory.api.ldap.model.entry.Modification] - ERR_04472 The attribute 'accesskey' is incorrect [00:04:13] ERROR [com.denismo.aws.iam.LDAPIAMPoller] - Exception processing user tborger java.lang.NullPointerException at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:211) at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:883) at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:629) at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:594) at com.denismo.aws.iam.LDAPIAMPoller.addUser(LDAPIAMPoller.java:527) at com.denismo.aws.iam.LDAPIAMPoller.populateUsersFromIAM(LDAPIAMPoller.java:473) at com.denismo.aws.iam.LDAPIAMPoller.pollIAM(LDAPIAMPoller.java:220) at com.denismo.aws.iam.LDAPIAMPoller.access$000(LDAPIAMPoller.java:77) at com.denismo.aws.iam.LDAPIAMPoller$1.run(LDAPIAMPoller.java:600) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) [00:04:13] ERROR [org.apache.directory.api.ldap.model.entry.Modification] - ERR_04472 The attribute 'accesskey' is incorrect [00:04:13] ERROR [com.denismo.aws.iam.LDAPIAMPoller] - Exception processing user tgumto java.lang.NullPointerException at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:211) at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:883) at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:629) at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:594) at com.denismo.aws.iam.LDAPIAMPoller.addUser(LDAPIAMPoller.java:527) at com.denismo.aws.iam.LDAPIAMPoller.populateUsersFromIAM(LDAPIAMPoller.java:473) at com.denismo.aws.iam.LDAPIAMPoller.pollIAM(LDAPIAMPoller.java:220)
