Issues
- LDAP lib throws exception when starting ESPHPCC-25684Resolved issue: HPCC-25684Kanghua Wang
- Alpha dev thor sasha reporting errors from queue monitorHPCC-25503Resolved issue: HPCC-25503Jacob Cobbett-Smith
- Cannot download logs in new preflight widgetHPCC-24918Resolved issue: HPCC-24918Miguel Vazquez
- ecl bundle install <gitfile.git> fails using 7.12 Client ToolsHPCC-24810Resolved issue: HPCC-24810Richard Chapman
- Roxie IBYTI handling needs reworking for dynamic topologyHPCC-24790Resolved issue: HPCC-24790Richard Chapman
- wuget tries to fetch archive resource even if -a not specifiedHPCC-24784Resolved issue: HPCC-24784Richard Chapman
- Fix ganglia-monitoring build isssue caused by persistent.hppHPCC-24779Resolved issue: HPCC-24779Yanrui Ma
- Tagging a new minor version was not quite rightHPCC-24776Resolved issue: HPCC-24776Richard Chapman
- Std.DataPatterns.Benford(): Incorrect digit selection, fails to handle trailing zerosHPCC-24773Resolved issue: HPCC-24773Dan Camper
- Add DataPatterns.Benford() to Std libraryHPCC-24761Resolved issue: HPCC-24761Dan Camper
- wuget may core if archive resource is emptyHPCC-24757Resolved issue: HPCC-24757Richard Chapman
- layoutTranslation hint should support 'all'HPCC-24756Resolved issue: HPCC-24756Richard Chapman
- Document ECL Standard library support for generating a globally unique idHPCC-24748Resolved issue: HPCC-24748Jim DeFabia
- windows build error - clash on ssize_tHPCC-24739Resolved issue: HPCC-24739Gavin Halliday
- Fix build problem in containerized modeHPCC-24730Resolved issue: HPCC-24730Gavin Halliday
- roxie stand alone fails with EXCEPTION CONNECTING TO DALIHPCC-24722Resolved issue: HPCC-24722Gavin Halliday
- Decoupled logging function called in non-decoupled logging environmentHPCC-24717Resolved issue: HPCC-24717Kanghua Wang
- Directory path incorrect (scope directories being duplicated) in Thor published file in cloudHPCC-24658Resolved issue: HPCC-24658Jacob Cobbett-Smith
- logHandler is not defined for containerizedHPCC-24618Resolved issue: HPCC-24618Jacob Cobbett-Smith
- HPCC NFS Server only supports default namespace.HPCC-24611Resolved issue: HPCC-24611Xiaoming Wang
- Seclib interface correctionsHPCC-24589Resolved issue: HPCC-24589Tim Klemm
- pyembed: _new_() takes 2 positional arguments but 6 were givenHPCC-24552Resolved issue: HPCC-24552Richard Chapman
LDAP lib throws exception when starting ESP
Description
Conclusion
Details
Components
Assignee
Kanghua WangKanghua Wang(Deactivated)Reporter
Kanghua WangKanghua Wang(Deactivated)Priority
MajorCompatibility
PointFix versions
Pull Request URL
Roadmap
Not applicableAffects versions
Details
Details
Components
Assignee
Reporter
Priority
MajorCompatibility
Fix versions
Pull Request URL
Roadmap
Affects versions
Activity
Kanghua Wang April 5, 2021 at 12:17 PM
For LDAP security, there is a systemUser setting in esp xml.
Tim Klemm April 2, 2021 at 9:28 PM
Considering these adds are in response to service load, and not attributable to a user, you either have to allow no user or require a system user just to start.
Kanghua Wang April 2, 2021 at 8:59 PM
Should we allow an empty user as the input of the addResources()? I think that ldap server has to log who adds the resource.
Tim Klemm April 2, 2021 at 6:41 PM
More precisely, the auth map dereferences a NULL pointer for the ISecUser parameter of addResources and the exception appears to be caused by this. I saw this error last year with my external plugin and after confirming that every other parameter was valid and knowing that my manager's implementation of addResources was empty, the only thing left was dereferenced NULL pointer. I never identified which change caused the exception to start occurring, but one day it worked and the next it didn't and I'm not convinced that dereferencing NULL is supposed to work.
In my case, because addResources does nothing, I was able to get around the problem by removing the auth map call. Since LDAP does use the resource data, there are a couple options for fixing the problem. One would be to change the ISecManager interface to provide an addResources method that accepts ISecUser* instead of ISecUser&, effectively breaking all plugins. Another, which would be my preference, would be for the manager to use internal methods to process the resources as they are created instead of expecting the auth map to pass everything created by the manager to the manager so the manager can know what the manager has created.
Kanghua Wang April 2, 2021 at 5:37 PM
Similar issue is also found when the secmgr->addResourcesEx() is called in the
Cws_accessEx::onResourceAdd().
My ESP cannot be started when the LDAP security enabled. By tracing into the code, I found that an exception is thrown when the manager.addResources() is called inside the authmap.cpp.
,