Hello,
I work for ASIP Santé (french gouvernment agency for digital health), and i am about to make an identity provider from several LDAPs.
i am trying to proxyfy the public ldap :
annuaire.asipsante.fr:389
with the config below (at the end of this message) but i get this error when browsing o=GIP-CPS / ou=Sage-Femme:
[2019-11-19 11:00:56,894][pool-4-thread-1] DEBUG IoFilterEvent - Event MESSAGE_RECEIVED has been fired for session 1
[2019-11-19 11:00:56,897][NioProcessor-2] DEBUG LdapResponseHandler - Message Sent : MessageType : SEARCH_RESULT_DONE
Message ID : 663
Search Result Done
Ldap Result
Result code : (OTHER) other
Matched Dn : 'null'
Diagnostic message : 'OTHER: failed for MessageType : SEARCH_REQUEST
Message ID : 663
SearchRequest
baseDn : 'ou=Sage-Femme,o=GIP-CPS,c=fr'
filter : '(&(!(|(objectClass=country)(objectClass=organization)(objectClass=organizationalUnit))))'
scope : single level
typesOnly : false
Size Limit : 250
Time Limit : no limit
Deref Aliases : never Deref Aliases
attributes : 'objectClass', 'subschemaSubentry', 'groupType', 'userAccountControl', 'isAccountEnabled', 'loginDisabled', 'acctFlags', 'sambaAcctFlags', 'nsAccountLock', 'orclIsEnabled', 'msDS-UserAccountDisabled', 'ds-pwp-account-disabled', 'accountExpires'
org.apache.directory.api.ldap.model.message.SearchRequestImpl@c53e0972: org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: ERR_04215 Unescaped special characters are not allowed:
org.apache.directory.api.ldap.model.cursor.CursorException: org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: ERR_04215 Unescaped special characters are not allowed
at net.sourceforge.myvd.server.apacheds.MyVDCursor.get(MyVDCursor.java:133)
at net.sourceforge.myvd.server.apacheds.MyVDCursor.get(MyVDCursor.java:22)
at net.sourceforge.myvd.server.apacheds.MyVDBaseCursor.next(MyVDBaseCursor.java:360)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.writeResults(SearchRequestHandler.java:397)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.doSimpleSearch(SearchRequestHandler.java:857)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleIgnoringReferrals(SearchRequestHandler.java:1179)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handleWithReferrals(SearchRequestHandler.java:1273)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:223)
at org.apache.directory.server.ldap.handlers.request.SearchRequestHandler.handle(SearchRequestHandler.java:93)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:207)
at org.apache.directory.server.ldap.handlers.LdapRequestHandler.handleMessage(LdapRequestHandler.java:56)
at org.apache.mina.handler.demux.DemuxingIoHandler.messageReceived(DemuxingIoHandler.java:221)
at org.apache.directory.server.ldap.LdapProtocolHandler.messageReceived(LdapProtocolHandler.java:217)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:854)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:542)
at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48)
at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:943)
at org.apache.mina.core.filterchain.IoFilterEvent.fire(IoFilterEvent.java:74)
at org.apache.mina.core.session.IoEvent.run(IoEvent.java:63)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.runTask(UnorderedThreadPoolExecutor.java:475)
at org.apache.mina.filter.executor.UnorderedThreadPoolExecutor$Worker.run(UnorderedThreadPoolExecutor.java:429)
at java.lang.Thread.run(Thread.java:748)
Caused by: org.apache.directory.api.ldap.model.exception.LdapInvalidDnException: ERR_04215 Unescaped special characters are not allowed
at org.apache.directory.api.ldap.model.name.ComplexDnParser.parseDn(ComplexDnParser.java:58)
at org.apache.directory.api.ldap.model.name.Dn.parseInternal(Dn.java:1372)
at org.apache.directory.api.ldap.model.name.Dn.(Dn.java:285)
at org.apache.directory.api.ldap.model.name.Dn.(Dn.java:211)
at org.apache.directory.api.ldap.model.entry.DefaultEntry.setDn(DefaultEntry.java:2321)
at net.sourceforge.myvd.server.apacheds.MyVDCursor.get(MyVDCursor.java:112)
... 21 more
Caused by: java.lang.IllegalArgumentException: ERR_04215 Unescaped special characters are not allowed
at org.apache.directory.api.ldap.model.name.Rdn.unescapeValue(Rdn.java:1264)
at org.apache.directory.api.ldap.model.name.AntlrDnParser.attributeTypeAndValue(AntlrDnParser.java:442)
at org.apache.directory.api.ldap.model.name.AntlrDnParser.relativeDistinguishedName(AntlrDnParser.java:236)
at org.apache.directory.api.ldap.model.name.AntlrDnParser.relativeDistinguishedNames(AntlrDnParser.java:301)
at org.apache.directory.api.ldap.model.name.ComplexDnParser.parseDn(ComplexDnParser.java:54)
... 26 more
the config is :
`#Listen on port 50389
server.listener.port=50389
server.globalChain=
Hello, I work for ASIP Santé (french gouvernment agency for digital health), and i am about to make an identity provider from several LDAPs. i am trying to proxyfy the public ldap : annuaire.asipsante.fr:389 with the config below (at the end of this message) but i get this error when browsing o=GIP-CPS / ou=Sage-Femme:
the config is :
`#Listen on port 50389 server.listener.port=50389 server.globalChain=
Configure global chains
server.globalChain=LogAllTransactions server.globalChain.LogAllTransactions.className=net.sourceforge.myvd.inserts.DumpTransaction server.globalChain.LogAllTransactions.config.logLevel=info server.globalChain.LogAllTransactions.config.label=Global
Configure namespaces
server.nameSpaces=Root,LDAPCPS
Define RootDSE
server.Root.chain=RootDSE server.Root.nameSpace= server.Root.weight=0 server.Root.RootDSE.className=net.sourceforge.myvd.inserts.RootDSE server.Root.RootDSE.config.namingContexts=ou=ldapcps
Schema Declare
server.Schema.chain=schema
server.Schema.nameSpace=cn=schema
server.Schema.weight=50
server.Schema.schema.className=net.sourceforge.myvd.inserts.SchemaInsert
server.Schema.schema.config.schemaLDIF=Export_Schema_original_cps.ldif
Acces au LDAP CPS
server.LDAPCPS.chain=LDAP2 server.LDAPCPS.nameSpace=ou=ldapcps server.LDAPCPS.weight=100
server.LDAPCPS.SCHEMACPS.className=net.sourceforge.myvd.inserts.SchemaInsert
server.LDAPCPS.SCHEMACPS.config.schemaLDIF=Export_Schema_original_cps.ldif
server.LDAPCPS.LDAP2.className=net.sourceforge.myvd.inserts.ldap.LDAPInterceptor server.LDAPCPS.LDAP2.config.host=annuaire.asipsante.fr server.LDAPCPS.LDAP2.config.port=389 server.LDAPCPS.LDAP2.config.remoteBase=c=fr `
Can you help me to fix this problem ? Thanks a lot Stephane PS: the LDAP Browser shows an error message when trying to fetch the schema