aws-iam-ldap-bridge icon indicating copy to clipboard operation
aws-iam-ldap-bridge copied to clipboard

Published 20 hours ago verified publisher icon denismo

If the User doesn't have an accessKey, that User would be deleted and created repeatly.

Open mystria opened this issue 7 years ago • 0 comments

Hi, I'm using version 0.2.2 addUser() method in LDAPIAMPoller.java makes bug when user doesn't have an accesskey. Modification failure would delete the entity, and next schedule create it again.

        if (accessKey == null) {
            if (AWSIAMAuthenticator.getConfig().isSecretKeyLogin()) {
                LOG.debug("User " + user.getUserName() + " has no active access keys");
                return;
            } else {
                accessKey = "";  // empty accessKey makes null pointer exception.
            }
        }
        Entry existingUser = getExistingUser(user);
        if (existingUser != null) {
            directory.getAdminSession().modify(existingUser.getDn(),
                    new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "accessKey", accessKey),
                    new DefaultModification(ModificationOperation.REPLACE_ATTRIBUTE, "gidNumber", group.get("gidNumber").getString())
            );
            // TODO If gidNumber changed for user, shouldn't groups memberUid list be updated?
            updateUserMemberOf(existingUser, otherGroups);
            return;
        }

below exception occurred.

[10:34:33] ERROR [org.apache.directory.api.ldap.model.entry.DefaultAttribute] - ERR_04449 The value '' cant be normalized, it hasn't been added
[10:34:34] ERROR [org.apache.directory.api.ldap.model.entry.Modification] - ERR_04472 The attribute 'accesskey' is incorrect
[10:34:34] ERROR [com.denismo.aws.iam.LDAPIAMPoller] - Exception processing user d.ga#####
java.lang.NullPointerException
        at org.apache.directory.server.core.normalization.NormalizationInterceptor.modify(NormalizationInterceptor.java:211)
        at org.apache.directory.server.core.DefaultOperationManager.modify(DefaultOperationManager.java:883)
        at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:629)
        at org.apache.directory.server.core.shared.DefaultCoreSession.modify(DefaultCoreSession.java:594)
        at com.denismo.aws.iam.LDAPIAMPoller.addUser(LDAPIAMPoller.java:548)
        at com.denismo.aws.iam.LDAPIAMPoller.populateUsersFromIAM(LDAPIAMPoller.java:473)
        at com.denismo.aws.iam.LDAPIAMPoller.pollIAM(LDAPIAMPoller.java:220)
        at com.denismo.aws.iam.LDAPIAMPoller.access$000(LDAPIAMPoller.java:77)
        at com.denismo.aws.iam.LDAPIAMPoller$1.run(LDAPIAMPoller.java:645)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
        at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178)
        at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:745)

ModificationOperation maybe doesn't allow empty string.

Best Regards,

mystria avatar Jun 19 '17 14:06 mystria