pwm
pwm copied to clipboard
pwm-project
Error when trying to reset locked user's password.
When a locked user (by means of PwdAccountLockedTime set to 000001010000Z) tries to reset his password this error appears on the forgotten password page:
PWM 5015
An error has occurred. If this error occurs repeatedly please contact your help desk. { 5015 ERROR_UNKNOWN (unexpected error during action handler for 'password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet:search', error: unable to parse zulu time-string: Text '000001010000Z' could not be parsed at index 12) }
exception in catalina.out
java.lang.IllegalArgumentException: unable to parse zulu time-string: Text '000001010000Z' could not be parsed at index 12
at com.novell.ldapchai.impl.edir.entry.EdirEntries.convertZuluToInstant(EdirEntries.java:120)
at com.novell.ldapchai.impl.openldap.entry.OpenLDAPEntries.convertZuluToDate(OpenLDAPEntries.java:40)
at com.novell.ldapchai.impl.openldap.entry.OpenLDAPVendorFactory.stringToInstant(OpenLDAPVendorFactory.java:96)
at com.novell.ldapchai.impl.AbstractChaiEntry.readDateAttribute(AbstractChaiEntry.java:467)
at com.novell.ldapchai.impl.openldap.entry.OpenLDAPUser.isPasswordLocked(OpenLDAPUser.java:146)
at password.pwm.http.servlet.forgottenpw.ForgottenPasswordUtil.initForgottenPasswordBean(ForgottenPasswordUtil.java:747)
at password.pwm.http.servlet.forgottenpw.ForgottenPasswordServlet.processSearch(ForgottenPasswordServlet.java:470)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at password.pwm.http.servlet.ControlledPwmServlet.dispatchMethod(ControlledPwmServlet.java:121)
at password.pwm.http.servlet.ControlledPwmServlet.processAction(ControlledPwmServlet.java:161)
at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:125)
at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:75)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:661)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:155)
at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:112)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:155)
at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:82)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:155)
at password.pwm.http.filter.ObsoleteUrlFilter.processFilter(ObsoleteUrlFilter.java:52)
at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:99)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at password.pwm.http.filter.RequestInitializationFilter.initializeServletRequest(RequestInitializationFilter.java:238)
at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:162)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.github.ziplet.filter.compression.CompressingFilter.doFilter(CompressingFilter.java:263)
at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:81)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
PWM v1.8.0-SNAPSHOT b36236818r5a4bfc34176d6ad91f87b1b3810fd5b088ea6376
LDAP impl: OpenLDAP 2.4.44
let me know if you need more info. thanks!
I would have expected a message saying "Your account is locked" or something similar.
github/ldapchai/ldapchai API doesn't have an OpenLDAP aware time parser, that's what is needed to fix this.
In mycase - i have the same error like above... Because the format strings was "yyyyMMddHHmmss'Z'" but openldap return the timestamp like '20190805223352.724Z'. So i decided to modify and rebuild the lib ldapchai-0.7.5.jar to remove the part after ".". The code is listed bellow. change file: java/com/novell/ldapchai/impl/edir/entry/EdirEntries.java line 114:
try { final LocalDateTime localDateTime = LocalDateTime.parse( input, EDIR_TIMESTAMP_FORMATTER ); final ZonedDateTime zonedDateTime = localDateTime.atZone( ZoneOffset.UTC ); return Instant.from( zonedDateTime ); } catch ( DateTimeParseException e ) { throw new IllegalArgumentException( "unable to parse zulu time-string: " + e.getMessage() ); }
to
try { if (input.contains(".")) { input = input.split("\\.")[0].concat("Z"); } final LocalDateTime localDateTime = LocalDateTime.parse( input, EDIR_TIMESTAMP_FORMATTER ); final ZonedDateTime zonedDateTime = localDateTime.atZone( ZoneOffset.UTC ); return Instant.from( zonedDateTime ); } catch ( DateTimeParseException e ) { throw new IllegalArgumentException( "unable to parse zulu time-string: " + e.getMessage() ); }
Then rebuild with maven:
mvn clean package -Dcheckstyle.skip
