[OPENAM-13100] LDAP Decision node fails with NPE when used with Active Directory - ForgeRock JIRA

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 6.0.0
Fix Version/s: 6.0.0.2, 6.5.0, 6.0.1
Component/s: authentication
Labels:
- AME
- Must-Fix
- TESLA

Target Version/s:

6.0.0.2, 6.5.0, 6.0.1

Support Ticket IDs:

Verified Version/s:

6.0.0.2

Description

Bug description

LDAP Decision node fails with NPE when used with Active Directory.

ERROR: Node processing failed
java.lang.NullPointerException
    at org.forgerock.openam.auth.nodes.LdapDecisionNode.process(LdapDecisionNode.java:280)
    at org.forgerock.openam.auth.trees.engine.AuthTreeExecutor.process(AuthTreeExecutor.java:105)
..

How to reproduce the issue

1). Edit the sample 'Example' authentication tree and replace the data store node with an LDAP Decision node.

2). Configure the LDAP Decision node to point to an AD instance.

3). Attempt to login using the tree which fails and note the NPE in the Authentication debug log.

Expected behaviour

Login should work with Active Directory

Current behaviour

Login fails with Active Directory

Code analysis

LdapDecisionNode.java:280

String userStatus = ldapUtil.getUserAttributeValues().get(USER_STATUS_ATTRIBUTE).iterator().next();

...where USER_STATUS_ATTRIBUTE is set as:

private static final String USER_STATUS_ATTRIBUTE = "inetuserstatus";

...an attribute which doesn't exist in Active Directory.

Attachments

Issue Links

is duplicated by

OPENAM-13164 LDAP Decision node fails with NPE when used with eDirectory

Closed

Activity

People

Assignee:

Sean ONeill [X] (Inactive)

Reporter:

Andy Itter

Votes:

0 Vote for this issue

Watchers:

11 Start watching this issue

Dates

Created:

17/May/18 2:15 PM

Updated:

01/Nov/18 3:00 PM

Resolved:

29/May/18 2:33 PM