Bug 65330 - NullPointerException on LDAP auth since tomcat 9.0.46 (works on 9.0.45)
Summary: NullPointerException on LDAP auth since tomcat 9.0.46 (works on 9.0.45)
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 9
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 9.0.46
Hardware: PC Linux
: P2 regression (vote)
Target Milestone: -----
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-25 17:43 UTC by slash
Modified: 2021-05-25 18:24 UTC (History)
0 users


Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description slash 2021-05-25 17:43:17 UTC 
I suppose this regression is due to Bug 65224 .

This is the relevant server.xml configuration:
################################################################################
      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
        <Realm className="org.apache.catalina.realm.JNDIRealm"
                authentication="simple"
                connectionURL="ldaps://ldap.example.com:636"
                connectionName="uid=REDACTED,ou=servers,dc=example,dc=com"
                connectionPassword="REDACTED"
                userSearch="(|(&amp;(uid={0})(objectClass=REDACTED)(REDACTEDStatus=active))(&amp;(uid={0})(objectClass=REDACTED)))"
                userBase="ou=people,dc=example,dc=com"
                userSubtree="true"
                roleBase="ou=groups,dc=example,dc=com"
                roleSubtree="true"
                roleName="cn"
                roleSearch="(memberUid={1})"
          />
      </Realm>
################################################################################

This configuration works on tomcat 9.0.45, I use it to log users to the manager context.

On 9.0.46, it doesn't work and it raises the following exception:
################################################################################
25-May-2021 19:36:08.098 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio2-8080"]
25-May-2021 19:36:08.101 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["https-openssl-apr-8443"]
25-May-2021 19:36:08.106 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [1095] milliseconds
25-May-2021 19:36:17.828 INFO [http-nio2-8080-exec-2] org.apache.catalina.realm.JNDIRealm.authenticate Exception performing authentication. Retrying...
        java.lang.NullPointerException
                at org.apache.catalina.realm.JNDIRealm.doAttributeValueEscaping(JNDIRealm.java:2884)
                at org.apache.catalina.realm.JNDIRealm.getRoles(JNDIRealm.java:1892)
                at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1350)
                at org.apache.catalina.realm.JNDIRealm.authenticate(JNDIRealm.java:1232)
                at org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:191)
                at org.apache.catalina.realm.LockOutRealm.authenticate(LockOutRealm.java:154)
                at org.apache.catalina.authenticator.BasicAuthenticator.doAuthenticate(BasicAuthenticator.java:101)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:632)
                at org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:378)
                at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:56)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:143)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
                at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
                at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:764)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357)
                at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:374)
                at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
                at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:893)
                at org.apache.tomcat.util.net.Nio2Endpoint$SocketProcessor.doRun(Nio2Endpoint.java:1685)
                at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
                at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1167)
                at org.apache.tomcat.util.net.Nio2Endpoint.setSocketOptions(Nio2Endpoint.java:331)
                at org.apache.tomcat.util.net.Nio2Endpoint$Nio2Acceptor.completed(Nio2Endpoint.java:451)
                at org.apache.tomcat.util.net.Nio2Endpoint$Nio2Acceptor.completed(Nio2Endpoint.java:387)
                at java.base/sun.nio.ch.Invoker.invokeUnchecked(Invoker.java:127)
                at java.base/sun.nio.ch.Invoker$2.run(Invoker.java:219)
                at java.base/sun.nio.ch.AsynchronousChannelGroupImpl$1.run(AsynchronousChannelGroupImpl.java:112)
                at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
                at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
                at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
                at java.base/java.lang.Thread.run(Thread.java:829)
################################################################################
Comment 1 Mark Thomas 2021-05-25 17:54:59 UTC 
As a workaround adding the following to the JNDIRealm should fix this:

userRoleAttribute="cn"

*** This bug has been marked as a duplicate of bug 65308 ***
Comment 2 slash 2021-05-25 18:24:42 UTC 
Thank you for the workaround!