Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-4760

NullPointerException in AciContainer.java when a Password Modify Extended Op is issued



    • Bug
    • Status: Done
    • Major
    • Resolution: Fixed
    • 3.5.1
    • 6.0.0
    • access control


      An NPE is seen when usingĀ Password ModifyĀ Extended Operation (OID

      The following is observed only when backend based ACI's are used; global ACI's have no effect on the issue.

      The offending ACI is likely blocking Anonymous access in some way.

      The client connections are issued by either RedHat SSSD or OpenDJ's ldappasswordmodify.Ā 

      [07/Feb/2018:19:09:43 +0000] BIND REQ conn=12 op=0 msgID=1 version=3 type=SIMPLE dn="uid=ltest,ou=people,dc=example,dc=com"
      [07/Feb/2018:19:09:43 +0000] BIND RES conn=12 op=0 msgID=1 result=0 authDN="uid=ltest,ou=people,dc=example,dc=com" etime=4 
      [07/Feb/2018:19:09:43 +0000] EXTENDED REQ conn=12 op=1 msgID=2 name="Password Modify" oid="" 
      [07/Feb/2018:19:09:43 +0000] EXTENDED RES conn=12 op=1 msgID=2 result=-1 etime=4 
      [07/Feb/2018:19:09:43 +0000] DISCONNECT conn=12 reason="Server Error" msg="Worker Thread 0 encountered an uncaught exception while processing operation ExtendedOperation(connID=12, opID=1, oid= NullPointerException (AciContainer.java:551 AciLDAPOperationContainer.java:28 DNS.java:146 BindRule.java:467 BindRule.java:469 BindRule.java:469 AciBody.java:256 Aci.java:397 Aci.java:408 AciHandler.java:1081 AciHandler.java:536 AciHandler.java:724 AciHandler.java:374 LocalBackendModifyOperation.java:529 LocalBackendModifyOperation.java:436 LocalBackendModifyOperation.java:279 LocalBackendWorkflowElement.java:744 LocalBackendWorkflowElement.java:1051 LocalBackendWorkflowElement.java:894 ModifyOperationBasis.java:337 InternalClientConnection.java:1431 ...)" 
      [07/Feb/2018:19:09:43 +0000] UNBIND REQ conn=12 op=2 msgID=3 

      This does not NPE with a default install. Note: unsuppressed internal logging below.

      opendj; bin/$ ./ldappasswordmodify --authzID dn:uid=user.0,ou=People,dc=example,dc=com --hostname localhost --bindDN uid=user.0,ou=People,dc=example,dc=com --bindPassword 'Jn2h$hs8kjsd2dQ' --currentPassword 'Jn2h$hs8kjsd2dQ' --newPassword 'Jn2h!hs1kjsd2dZ' --port 1636 --useSsl --trustAll
      The LDAP password modify operation was successful
      [08/Feb/2018:12:44:52 -0700] CONNECT conn=3 from= to= protocol=LDAPS
      [08/Feb/2018:12:44:52 -0700] BIND REQ conn=3 op=0 msgID=1 version=3 type=SIMPLE dn="uid=user.0,ou=People,dc=example,dc=com"
      [08/Feb/2018:12:44:52 -0700] BIND RES conn=3 op=0 msgID=1 result=0 authDN="uid=user.0,ou=People,dc=example,dc=com" etime=1
      [08/Feb/2018:12:44:52 -0700] EXTENDED REQ conn=3 op=1 msgID=2 name="Password Modify" oid=""
      [08/Feb/2018:12:44:52 -0700] MODIFY REQ conn=-4 op=51 msgID=52 dn="uid=user.0,ou=People,dc=example,dc=com"
      [08/Feb/2018:12:44:52 -0700] MODIFY RES conn=-4 op=51 msgID=52 result=0 etime=2
      [08/Feb/2018:12:44:52 -0700] MODIFY REQ conn=-1 op=52 msgID=53 dn="uid=user.0,ou=People,dc=example,dc=com"
      [08/Feb/2018:12:44:52 -0700] MODIFY RES conn=-1 op=52 msgID=53 result=0 etime=1
      [08/Feb/2018:12:44:52 -0700] EXTENDED RES conn=3 op=1 msgID=2 result=0 etime=5
      [08/Feb/2018:12:44:52 -0700] UNBIND REQ conn=3 op=2 msgID=3
      [08/Feb/2018:12:44:52 -0700] DISCONNECT conn=3 reason="Client Unbind"

      Removing all ACI's in the backend allows theĀ ldappasswordmodify to properly modify the users password.





            ludo Ludovic Poitou
            lee.trujillo Lee Trujillo
            Ondrej Fuchsik Ondrej Fuchsik
            0 Vote for this issue
            3 Start watching this issue