opensso
  1. opensso
  2. OPENSSO-2575

Policy service configuration is referring to global configuration instead of realm config

    Details

    • Type: Improvement Improvement
    • Status: Open
    • Priority: Blocker Blocker
    • Resolution: Unresolved
    • Affects Version/s: current
    • Fix Version/s: FAM-8.0-EA-1
    • Component/s: qatest
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: All

    • Issuezilla Id:
      2,575

      Description

      Policy configuration is referring to the global configuration of the policy
      service at run time for the ldap server information while evaluating the
      policies with ldap subjects. Policy global configuration does not have the
      password. Hence the binding is failing
      Reproduced this 509 build on 3 machines , 515 build on 1 machine. LDAP subject
      related policy and agents tests in automation are failing

      SubjectManager locale=en_US I18nFileName = amPolicy
      05/15/2008 02:00:18:501 PM PDT: Thread[httpSSLWorkerThread-8080-0,10,Grizzly]
      Organization.initialize(): getting params
      ldapServer: is-x86-06.red.iplanet.com:1389
      authid: cn=amldapuser,ou=DSAME Users,dc=red,dc=iplanet,dc=com
      baseDN: dc=red,dc=iplanet,dc=com
      userSearchFilter: (objectclass=inetorgperson)
      userRDNAttrName: uid
      orgSearchFilter: (objectclass=sunismanagedorganization)
      orgRDNAttrName: o
      timeLimit: 5
      maxResults: 100
      minPoolSize: 1
      maxPoolSize: 10
      SSLEnabled: false
      OrgName: dc=red,dc=iplanet,dc=com
      05/15/2008 02:00:18:501 PM PDT: Thread[httpSSLWorkerThread-8080-0,10,Grizzly]
      Create LDAPConnectionPool: is-x86-06.red.iplanet.com:1389
      05/15/2008 02:00:18:506 PM PDT: Thread[httpSSLWorkerThread-8080-0,10,Grizzly]
      Unable to create LDAPConnectionPool
      netscape.ldap.LDAPException: error result (48); binds with a dn require a password
      at netscape.ldap.LDAPConnection.checkMsg(Unknown Source)
      at netscape.ldap.LDAPConnection.simpleBind(Unknown Source)
      at netscape.ldap.LDAPConnection.authenticate(Unknown Source)
      at netscape.ldap.LDAPConnection.authenticate(Unknown Source)
      at netscape.ldap.LDAPConnection.connect(Unknown Source)
      at netscape.ldap.LDAPConnection.connect(Unknown Source)
      at
      com.sun.identity.policy.plugins.LDAPConnectionPools.initConnectionPool(LDAPConnectionPools.java:105)
      at
      com.sun.identity.policy.plugins.Organization.initialize(Organization.java:208)
      at
      com.sun.identity.policy.SubjectTypeManager.getSubject(SubjectTypeManager.java:236)
      at
      com.sun.identity.console.policy.model.PolicyModelImpl.getActiveSubjectTypes(PolicyModelImpl.java:1081)
      at
      com.sun.identity.console.policy.PolicyOpViewBeanBase.populateSubjectsTable(PolicyOpViewBeanBase.java:381)
      at
      com.sun.identity.console.policy.PolicyNormalViewBeanBase.populateTables(PolicyNormalViewBeanBase.java:102)
      at
      com.sun.identity.console.policy.PolicyOpViewBeanBase.createChild(PolicyOpViewBeanBase.java:270)
      at
      com.sun.identity.console.policy.PolicyNormalViewBeanBase.createChild(PolicyNormalViewBeanBase.java:57)
      at
      com.iplanet.jato.view.ContainerViewBase.ensureChild(ContainerViewBase.java:187)
      at
      com.iplanet.jato.view.ContainerViewBase.getChild(ContainerViewBase.java:541)
      at
      com.iplanet.jato.view.ContainerViewBase.getDisplayField(ContainerViewBase.java:1207)
      at
      com.iplanet.jato.view.ContainerViewBase.setDisplayFieldValue(ContainerViewBase.java:1252)
      at
      com.sun.identity.console.base.AMViewBeanBase.beginDisplay(AMViewBeanBase.java:239)
      at
      com.sun.identity.console.base.AMPrimaryMastHeadViewBean.beginDisplay(AMPrimaryMastHeadViewBean.java:181)
      at
      com.sun.identity.console.base.AMPrimaryMastHeadViewBean.beginDisplay(AMPrimaryMastHeadViewBean.java:175)
      at
      com.sun.identity.console.policy.PolicyOpViewBeanBase.beginDisplay(PolicyOpViewBeanBase.java:289)
      at
      com.sun.identity.console.policy.PolicyNormalViewBeanBase.beginDisplay(PolicyNormalViewBeanBase.java:65)
      at
      com.iplanet.jato.taglib.UseViewBeanTag.doStartTag(UseViewBeanTag.java:149)
      at
      org.apache.jsp.console.policy.PolicyNormalEdit_jsp._jspService(PolicyNormalEdit_jsp.java
      from :100)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:93)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
      at
      org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373)

        Activity

        Hide
        pluo added a comment -

        Fix in EA

        Show
        pluo added a comment - Fix in EA
        Hide
        goodearth added a comment -

        With QA's fix (Rahul Misra) for "issue id [Issue 2554] Change policy
        configuration service"-as he fixed as well rearranged the qatest code to
        populate the PolicyConfig service at root level,
        the issue in 2575 (reading the bind credentials from incorrect place) got
        fixed-i don't see the error msg. related to bind failure, but still the QA
        automation policy tests fail during authentication with 'Invalid Domain.jsp' and
        'Invalid Configure.jsp'..., sometimes and goes through fine (100% pass) other
        times. Not sure as mentioned in 2554, the datastores are cleaned and
        ldapconnection gets released. (Observed these after executing the tests many
        times yesterday night after updating the qatest WS with Rahul Misra's fix).

        Even in pass/fail case, the datastore created by the policy testcases still
        remain in my instance. Manually i'll have to delete lot of things before each
        run. I would like Dilli,Rahul,Aruna to revisit the policy testcases and validate
        them.
        -Sujatha.

        Show
        goodearth added a comment - With QA's fix (Rahul Misra) for "issue id [Issue 2554] Change policy configuration service"-as he fixed as well rearranged the qatest code to populate the PolicyConfig service at root level, the issue in 2575 (reading the bind credentials from incorrect place) got fixed-i don't see the error msg. related to bind failure, but still the QA automation policy tests fail during authentication with 'Invalid Domain.jsp' and 'Invalid Configure.jsp'..., sometimes and goes through fine (100% pass) other times. Not sure as mentioned in 2554, the datastores are cleaned and ldapconnection gets released. (Observed these after executing the tests many times yesterday night after updating the qatest WS with Rahul Misra's fix). Even in pass/fail case, the datastore created by the policy testcases still remain in my instance. Manually i'll have to delete lot of things before each run. I would like Dilli,Rahul,Aruna to revisit the policy testcases and validate them. -Sujatha.
        Hide
        kanduls added a comment -

        Policy testcases in delegation module are also failing with the same exception.
        additionally there are errors in amSDK log file
        05/20/2008 10:00:17:860 AM PDT: Thread[service-j2ee-5,5,main]
        ERROR: JCEEncryption:: Unsported version: -79

        Show
        kanduls added a comment - Policy testcases in delegation module are also failing with the same exception. additionally there are errors in amSDK log file 05/20/2008 10:00:17:860 AM PDT: Thread [service-j2ee-5,5,main] ERROR: JCEEncryption:: Unsported version: -79
        Hide
        goodearth added a comment -

        If any of you see

        ERROR: JCEEncryption:: failed to decrypt data
        java.lang.NullPointerException

        in amSDK debug file, you are hitting issue 2560 policy subjects page reports
        error if LDAPUsers subject is enabed

        The code to fix the issue is being reviewed and I can check it in today.
        The work around for now is to run the server in message mode.
        Changing to message mode in a running server may not be sufficient as there is
        some latency.
        Change to message mode and restart the server to work around the issue.

        Thanks.
        -Dilli

        Show
        goodearth added a comment - If any of you see ERROR: JCEEncryption:: failed to decrypt data java.lang.NullPointerException in amSDK debug file, you are hitting issue 2560 policy subjects page reports error if LDAPUsers subject is enabed The code to fix the issue is being reviewed and I can check it in today. The work around for now is to run the server in message mode. Changing to message mode in a running server may not be sufficient as there is some latency. Change to message mode and restart the server to work around the issue. Thanks. -Dilli
        Hide
        inthanga added a comment -

        Bug council decision on 06/13/08
        QA to validate

        Show
        inthanga added a comment - Bug council decision on 06/13/08 QA to validate
        Hide
        inthanga added a comment -

        This issue has not been noticed in the latest few builds, we need to address
        this in the framework , making it RFE so that we can fix it later

        Show
        inthanga added a comment - This issue has not been noticed in the latest few builds, we need to address this in the framework , making it RFE so that we can fix it later

          People

          • Assignee:
            arunav
            Reporter:
            arunav
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated: