search

pwm-project / pwm

pwm
Other
911 stars 250 forks source link

5015 ERROR_UNKNOWN (unexpected error processing request: null #146

Closed mdiorio closed 7 years ago

mdiorio commented 7 years ago

Getting this logged repeatedly and have over several builds. Currently on the v1.8.0-SNAPSHOT b23158410 re4249881691d0571fd38f5eb9a4b4ce6622f732a release

I'm continuously getting errors for the test user account, but nothing is logged it seems.

Three times now, we have run into issues with users being unable to change their passwords. We get to the password change screen, the password meets the criteria, but when they submit the change, the page refreshes and doesn't proceed to the actual password change - no password is updated.

We usually have to restart services to get it to work. 

March 13, 2017 at 11:01:34 AM EDT, ERROR, pwm.PwmApplication, error retrieving key 'lastLdapError', localDB unavailable: 
March 13, 2017 at 11:01:34 AM EDT, INFO , pwm.PwmApplication, using 'DB8CDB4DF66F0F76' for instance's ID (instanceID)
March 13, 2017 at 11:01:34 AM EDT, INFO , pwm.PwmApplication, generated new random instanceID DB8CDB4DF66F0F76
March 13, 2017 at 11:01:34 AM EDT, ERROR, pwm.PwmApplication, error retrieving key 'context_instanceID', localDB unavailable: 
March 13, 2017 at 11:01:34 AM EDT, INFO , pwm.PwmApplication, configuration load completed
March 13, 2017 at 11:01:34 AM EDT, WARN , logging.PwmLogManager, unable to initialize localDBLogger: LocalDB cannot be null
March 13, 2017 at 11:01:34 AM EDT, INFO , pwm.PwmApplication, initializing, application mode=NEW, applicationPath=/var/pwm-data, configFile=null
March 13, 2017 at 10:56:12 AM EDT, FATAL, servlet.AbstractPwmServlet, 5015 ERROR_UNKNOWN (unexpected error processing request: null
java.lang.NullPointerException
    at password.pwm.health.LDAPStatusChecker.checkAdPasswordPolicyApi(LDAPStatusChecker.java:556)
    at password.pwm.health.LDAPStatusChecker.checkAd(LDAPStatusChecker.java:462)
    at password.pwm.health.LDAPStatusChecker.checkBasicLdapConnectivity(LDAPStatusChecker.java:404)
    at password.pwm.health.LDAPStatusChecker.healthForNewConfiguration(LDAPStatusChecker.java:775)
    at password.pwm.http.servlet.configeditor.ConfigEditorServlet.restLdapHealthCheck(ConfigEditorServlet.java:658)
    at password.pwm.http.servlet.configeditor.ConfigEditorServlet.processAction(ConfigEditorServlet.java:192)
    at password.pwm.http.servlet.AbstractPwmServlet.handleRequest(AbstractPwmServlet.java:110)
    at password.pwm.http.servlet.AbstractPwmServlet.doPost(AbstractPwmServlet.java:69)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:650)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:731)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138)
    at password.pwm.http.filter.ConfigAccessFilter.processFilter(ConfigAccessFilter.java:87)
    at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138)
    at password.pwm.http.filter.AuthenticationFilter.processAuthenticatedSession(AuthenticationFilter.java:184)
    at password.pwm.http.filter.AuthenticationFilter.processFilter(AuthenticationFilter.java:119)
    at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138)
    at password.pwm.http.filter.SessionFilter.processFilter(SessionFilter.java:99)
    at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138)
    at password.pwm.http.filter.ApplicationModeFilter.processFilter(ApplicationModeFilter.java:73)
    at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.AbstractPwmFilter$PwmFilterChain.doFilter(AbstractPwmFilter.java:138)
    at password.pwm.http.filter.ObsoleteUrlFilter.processFilter(ObsoleteUrlFilter.java:50)
    at password.pwm.http.filter.AbstractPwmFilter.doFilter(AbstractPwmFilter.java:89)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.RequestInitializationFilter.initializeServletRequest(RequestInitializationFilter.java:209)
    at password.pwm.http.filter.RequestInitializationFilter.doFilter(RequestInitializationFilter.java:128)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at password.pwm.http.filter.GZIPFilter.doFilter(GZIPFilter.java:73)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:436)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1078)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:318)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
)

This time, I just logged in as my test user, whose password was reset in Active Directory and marked to change at next logon. I was able to successfully log in, and change my password without issue. I then went to log in again, to change my password a second time. Logged in with the new password, click change password, entered the new password and when I went to submit the change, I got a white screen. Looking into the debug log, it shows that the password doesn't meet criteria. But it didn't bother to check on the password change screen (no green checks or anything), and no errors to the user. Just a white screen.

So far PWM has been exceedingly unreliable.

2017-03-13T11:23:10Z, DEBUG, ldap.UserStatusReader, completed user password status check for CN=max.test,OU=Users,OU=Accounts,DC=internal,DC=ieeeglobalspec,DC=com PasswordStatus {expired=false, pre-expired=false, warn=false, violatesPolicy=false} (31ms) 2017-03-13T11:23:10Z, DEBUG, ldap.LdapPermissionTester, user UserIdentity{"userDN":"CN=max.test,OU=Users,OU=Accounts,DC=internal,DC=ieeeglobalspec,DC=com","ldapProfile":"default"} is a match for '(objectClass=*)' 2017-03-13T11:23:10Z, DEBUG, ldap.UserStatusReader, checkProfiles: UserIdentity{"userDN":"CN=max.test,OU=Users,OU=Accounts,DC=internal,DC=ieeeglobalspec,DC=com","ldapProfile":"default"} profile module is not enabled 2017-03-13T11:23:10Z, DEBUG, changepw.ChangePasswordServlet, 4006 PASSWORD_BADPASSWORD (error setting password for user 'UserIdentity{"userDN":"CN=max.test,OU=Users,OU=Accounts,DC=internal,DC=ieeeglobalspec,DC=com","ldapProfile":"default"}'' com.novell.ldapchai.exception.ChaiPasswordPolicyException: javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 0000052D: AtrErr: DSID-03191083, #1: 0: 0000052D: DSID-03191083, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9005a (unicodePwd)

jrivard commented 7 years ago

Latest commit should fix the blank page after password set issue.