Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDIF file on official documentation breaks the startup process #15089

Closed
aekarakus opened this issue May 17, 2024 · 0 comments
Closed

LDIF file on official documentation breaks the startup process #15089

aekarakus opened this issue May 17, 2024 · 0 comments
Assignees
@jzheaux
Labels
in: ldap An issue in spring-security-ldap type: bug A general bug
Milestone
5.8.13

Comments

@aekarakus
Copy link

aekarakus commented May 17, 2024
edited
Loading

On the documentation section for LDAP Authentication, the ldif file with a embedded server is invalid even with a minimal configuration. When starting project, the following error is received:

org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'ldapTemplate' defined in class path resource [org/springframework/boot/autoconfigure/ldap/LdapAutoConfiguration.class]: Unsatisfied dependency expressed through method 'ldapTemplate' parameter 1: Error creating bean with name 'contextSourceFactoryBean': FactoryBean threw exception on object creation
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:795) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:542) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1335) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1165) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:562) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:522) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:326) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:324) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:975) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:962) ~[spring-context-6.1.6.jar:6.1.6]
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:624) ~[spring-context-6.1.6.jar:6.1.6]
	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:146) ~[spring-boot-3.2.5.jar:3.2.5]
	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:754) ~[spring-boot-3.2.5.jar:3.2.5]
	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:456) ~[spring-boot-3.2.5.jar:3.2.5]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:334) ~[spring-boot-3.2.5.jar:3.2.5]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1354) ~[spring-boot-3.2.5.jar:3.2.5]
	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1343) ~[spring-boot-3.2.5.jar:3.2.5]
	at io.aekarakus.sssamples.ldapserver.LdapServerApplication.main(LdapServerApplication.java:14) ~[classes/:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
	at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
	at org.springframework.boot.devtools.restart.RestartLauncher.run(RestartLauncher.java:50) ~[spring-boot-devtools-3.2.5.jar:3.2.5]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'contextSourceFactoryBean': FactoryBean threw exception on object creation
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:188) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:124) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1850) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getObjectForBeanInstance(AbstractAutowireCapableBeanFactory.java:1276) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:259) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:200) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.config.DependencyDescriptor.resolveCandidate(DependencyDescriptor.java:254) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.addCandidateEntry(DefaultListableBeanFactory.java:1696) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:1653) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1397) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1353) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.ConstructorResolver.resolveAutowiredArgument(ConstructorResolver.java:904) ~[spring-beans-6.1.6.jar:6.1.6]
	at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:782) ~[spring-beans-6.1.6.jar:6.1.6]
	... 24 common frames omitted
Caused by: java.lang.IllegalStateException: Unable to load LDIF classpath*:*.ldif
	at org.springframework.security.ldap.server.UnboundIdContainer.importLdif(UnboundIdContainer.java:128) ~[spring-security-ldap-6.2.4.jar:6.2.4]
	at org.springframework.security.ldap.server.UnboundIdContainer.start(UnboundIdContainer.java:103) ~[spring-security-ldap-6.2.4.jar:6.2.4]
	at org.springframework.security.ldap.server.UnboundIdContainer.afterPropertiesSet(UnboundIdContainer.java:78) ~[spring-security-ldap-6.2.4.jar:6.2.4]
	at org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean.getContainer(EmbeddedLdapServerContextSourceFactoryBean.java:172) ~[spring-security-config-6.2.4.jar:6.2.4]
	at org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean.getObject(EmbeddedLdapServerContextSourceFactoryBean.java:133) ~[spring-security-config-6.2.4.jar:6.2.4]
	at org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean.getObject(EmbeddedLdapServerContextSourceFactoryBean.java:40) ~[spring-security-config-6.2.4.jar:6.2.4]
	at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:182) ~[spring-beans-6.1.6.jar:6.1.6]
	... 36 common frames omitted
Caused by: com.unboundid.ldap.sdk.LDAPException: Unable to add entry 'cn=user,ou=groups,dc=springframework,dc=org' because it violates the provided schema:  The entry contains attribute uniqueMember which is not allowed by its object classes and/or DIT content rule.
	at com.unboundid.ldap.listener.InMemoryRequestHandler.addEntry(InMemoryRequestHandler.java:5022) ~[unboundid-ldapsdk-6.0.11.jar:6.0.11]
	at com.unboundid.ldap.listener.InMemoryRequestHandler.importFromLDIF(InMemoryRequestHandler.java:4730) ~[unboundid-ldapsdk-6.0.11.jar:6.0.11]
	at com.unboundid.ldap.listener.InMemoryDirectoryServer.importFromLDIF(InMemoryDirectoryServer.java:1340) ~[unboundid-ldapsdk-6.0.11.jar:6.0.11]
	at org.springframework.security.ldap.server.UnboundIdContainer.importLdif(UnboundIdContainer.java:123) ~[spring-security-ldap-6.2.4.jar:6.2.4]
	... 42 common frames omitted

To Reproduce

LDIF File

dn: ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=springframework,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=admin,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: admin
userPassword: password

dn: uid=user,ou=people,dc=springframework,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: user
userPassword: password

dn: cn=user,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
uniqueMember: uid=admin,ou=people,dc=springframework,dc=org
uniqueMember: uid=user,ou=people,dc=springframework,dc=org

dn: cn=admin,ou=groups,dc=springframework,dc=org
objectclass: top
objectclass: groupOfNames
cn: admin
uniqueMember: uid=admin,ou=people,dc=springframework,dc=org

Configuration Class

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.ldap.EmbeddedLdapServerContextSourceFactoryBean;

@Configuration
public class EmbeddedContextConfiguration {

    /*
    * Builds a minimum ldap server with dn: dc=springframework,dc=org
    * Note: with this configuration user.ldif does not work for some reason.
    * */
    @Bean
    public EmbeddedLdapServerContextSourceFactoryBean contextSourceFactoryBean() {
        return EmbeddedLdapServerContextSourceFactoryBean.fromEmbeddedLdapServer();
    }
}

Dependencies

        <dependency>
            <groupId>com.unboundid</groupId>
            <artifactId>unboundid-ldapsdk</artifactId>
            <version>6.0.11</version>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-ldap</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.ldap</groupId>
            <artifactId>spring-ldap-core</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-ldap</artifactId>
        </dependency>

jdk17
Spring Boot 3.2.5

Expected behavior
The embedded server is expected to start without problems.

Suggested Solution
As per my experiments with the sample config files, changing groupOfnames with groupOfUniqueNames in LDIF file resolves the problem. But I'm not sure if it breaks anything else for now.
@aekarakus aekarakus added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels May 17, 2024
@jzheaux jzheaux added in: ldap An issue in spring-security-ldap and removed status: waiting-for-triage An issue we've not yet triaged labels May 21, 2024
@jzheaux jzheaux self-assigned this May 21, 2024
@jzheaux jzheaux mentioned this issue May 24, 2024
Closed
@jzheaux jzheaux added this to the 5.8.13 milestone May 24, 2024
@jzheaux jzheaux moved this to Done in Spring Security Team May 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jzheaux jzheaux

Labels
in: ldap An issue in spring-security-ldap type: bug A general bug
Projects
Spring Security Team
Status: Done
Milestone
5.8.13
Development

No branches or pull requests
2 participants
@jzheaux @aekarakus