zzOzz / pwm

Automatically exported from code.google.com/p/pwm
0 stars 0 forks source link

Storing a token in LDAP generates a timeout on first try #553

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Click "Forgotten Password"
2. Search for username
3. Answer challenge

What is the expected output? What do you see instead?
A token should be generated, stored into LDAP and then sent to the user's email 
address. The following error pops up:
--snip--
Incorrect code, please try again. { 5037 ERROR_TOKEN_INCORRECT (unexpected 
error trying to store token in datastore: 5037 ERROR_TOKEN_INCORRECT 
(unexpected ldap error searching for token: Request: 48 cancelled)) }
--snip--
A mail is not sent to the user, because the token could not be stored 
successfully in LDAP. If I try the whole procedure again immediately it works 
flawlessly.

What version of PWM are you using?
v1.7.1 b1232 (Release). I will try the latest daily build asap.

What ldap directory and version are you using?
eDirectory 8.8.6

Please paste any error log messages below:
Thu Apr 10 13:10:04 CEST 2014, DEBUG, password.pwm.ws.server.RestServerHelper, 
REST WebService Request: GET request for: /pwm/public/rest/app-data/client (no 
params)  [192.168.101.45]
Thu Apr 10 13:10:04 CEST 2014, ERROR, password.pwm.servlet.TopServlet, pwm 
error during page generation: 5037 ERROR_TOKEN_INCORRECT (unexpected error 
trying to store token in datastore: 5037 ERROR_TOKEN_INCORRECT (unexpected ldap 
error searching for token: Request: 48 cancelled)) [192.168.101.45]
Thu Apr 10 13:10:04 CEST 2014, DEBUG, null, exiting LDAP Chai WatchdogWrapper 
timer thread, no connections requiring monitoring are in use
Thu Apr 10 13:10:04 CEST 2014, WARN , null, ldap operation timeout detected, 
discarding questionable connection for ChaiProvider #10 (JNDIProviderImpl), 
OPEN ldaps://192.168.101.165:636 cn=PwmProxy,ou=Proxy,o=Admin
Thu Apr 10 13:08:48 CEST 2014, DEBUG, 
password.pwm.util.operations.UserSearchEngine, beginning user search process
Thu Apr 10 13:08:48 CEST 2014, DEBUG, 
password.pwm.util.operations.UserSearchEngine, performing ldap search for user, 
base=ou=Active,ou=People,ou=Identities,o=Company filter=SearchHelper: filter: 
(&(pwmToken=BB03E293FFCE552FE294332B436DB1A1-hash*)(objectClass=inetOrgPerson)),
 scope: SUBTREE, attributes: []
Thu Apr 10 13:08:48 CEST 2014, TRACE, 
password.pwm.util.operations.UserStatusHelper, read pwmPassswordChangeTime as: 
Thu Apr 10 13:07:47 CEST 2014 [192.168.101.45]
Thu Apr 10 13:08:48 CEST 2014, DEBUG, 
password.pwm.servlet.ForgottenPasswordServlet, user 
'cn=USER1234,ou=P0,ou=Active,ou=People,ou=Identities,o=Company' has supplied 
correct responses [192.168.101.45]

The proxy user has the necessary rights to read/write the pwmToken attribute as 
well as all other attributes used by PWM.

Original issue reported on code.google.com by nils.rekow on 10 Apr 2014 at 11:41

GoogleCodeExporter commented 9 years ago
I checked the latest daily build 701 and for now the issue did not occur again. 
Even after restarting Tomcat it did not occur. So, maybe it's a problem with 
eDirectory. I will check this tomorrow.

Original comment by nils.rekow on 10 Apr 2014 at 1:16

GoogleCodeExporter commented 9 years ago

Original comment by jrivard on 10 Apr 2014 at 9:07