Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-12403

LDAP response controls are not logged which complicates troubleshooting

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 13.0.0, 13.5.0, 13.5.1, 14.0.0, 14.1.0, 14.1.1, 14.5.0, 14.5.1, 5.5.1
    • Fix Version/s: 13.5.3, 14.1.2, 6.5.0, 6.0.1, 5.5.2
    • Component/s: authentication
    • Labels:
    • Target Version/s:
    • Rank:
      1|hzv9u7:
    • Sprint:
      AM Sustaining Sprint 49, AM Sustaining Sprint 50, AM Sustaining Sprint 51
    • Story Points:
      1
    • Needs backport:
      Yes
    • Support Ticket IDs:
    • Needs QA verification:
      No
    • Functional tests:
      No
    • Are the reproduction steps defined?:
      Yes and I used the same an in the description

      Description

      Bug description

      using LDAP authentication module, response controls received from the LDAP server are not logged in Authentication debug log

      How to reproduce the issue

      1. Configure AM
      2. Configure OpenLDAP as user data store
      3. Configure LDAP Auth module to use OpenLDAP
      4. Use LDAP auth module for authentication
      Expected behaviour
      The response controls sent by the Directory Server should be seen in Authentication debug log in 'message' level for troubleshooting purpose.
      Current behaviour
      Response Controls do not show up in Authentication debug logs.

      Code analysis

      org.forgerock.openam.ldap.LDAPAuthUtils.java
      ...
    private List<Control> processControls(Result result) {
        if (result == null) {
            return Collections.EMPTY_LIST;
        }

        List<Control> controls = new ArrayList<Control>();
        DecodeOptions options = new DecodeOptions();
        Control c;

        try {
            c = result.getControl(PasswordExpiredResponseControl.DECODER, options);

            if (c != null) {
                controls.add(c);
            }
        } catch (DecodeException de) {
            if (debug.warningEnabled()) {
                debug.warning("unable to decode PasswordExpiredResponseControl", de);
            }
        }

        try {
            c = result.getControl(PasswordExpiringResponseControl.DECODER, options);

            if (c != null) {
                controls.add(c);
            }
        } catch (DecodeException de) {
            if (debug.warningEnabled()) {
                debug.warning("unable to decode PasswordExpiringResponseControl", de);
            }
        }

        try {
            c = result.getControl(PasswordPolicyResponseControl.DECODER, options);

            if (c != null) {
                controls.add(c);
            }
        } catch (DecodeException de) {
            if (debug.warningEnabled()) {
                debug.warning("unable to decode PasswordPolicyResponseControl", de);
            }
        }

        return controls;
    }
...

        Attachments

          Activity

            People

            • Assignee:
              lawrence.yarham Lawrence Yarham
              Reporter:
              bthalmayr Bernhard Thalmayr
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: