Bug #1127

Sharing with external user is impossible when a single LDAP server is unreachable

Added by Florent Angebault almost 2 years ago. Updated almost 2 years ago.

Status:Resolved Start date:01/08/2016
Priority:High Due date:
Assignee:Alioune KONE % Done:

100%

Category:-
Target version:1.11.4
Reproductible:Yes Browsers:
Product version:1.11.x criticity:major

Description

On a linshare platform with multiple LDAP connections, if a single LDAP server is temporarily unreachable, sharing with an external user is broken.

The following error message is displayed in the Web UI: "Share operation failed. Cannot share to external persons."

And here are

ERROR [2016-01-11 10:01:34] [core.service.impl.UserProviderServiceImpl#throwError] Error while searching for a user with ldap connection 1fff349b-c06e-4b7a-928f-c37e956d027e
ERROR [2016-01-11 10:01:34] [core.service.impl.UserProviderServiceImpl#throwError] localhost:389; nested exception is javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException: Connexion refusée]
ERROR [2016-01-11 10:01:34] [tapestry.pages.files.Upload#onSubmitFromUploaderForm] Could not create sharing, caught a BusinessException.
ERROR [2016-01-11 10:01:34] [tapestry.pages.files.Upload#onSubmitFromUploaderForm] Couldn't connect to the directory.

Related issues

related to LinShare - Bug #1126: Auto-completion is totally broken when only one LDAP serv... Resolved 01/08/2016

History

Updated by Frédéric MARTIN almost 2 years ago

  • Status changed from New to Assigned
  • Assignee set to Alioune KONE

Can you look at it the evaluate the time to fix it ? Please.

Updated by Frédéric MARTIN almost 2 years ago

  • Project changed from linshare-core to LinShare

Updated by Alioune KONE almost 2 years ago

Proposed solution:

1 - For the auto-completion : the execution of the process will not be stopped when a LDAP entity is not reachable.

2 - For the share :

If all the users to share with are found in the database, the share will continue.

If one of the users are not find in the database, and one of the LDAP entities is not reachable, since we can not know if the 'not found mail address' is an external or an internal coming from the unreachable LDAP entity, the sharing process will stop.

Updated by Florent Angebault almost 2 years ago

  • % Done changed from 0 to 50

After some internal arguing, it appears that linshare should explicitely forbid sharing files if at least one LDAP lookup fails.
When some LDAP directories are unavailable, the only use case allowed to work properly is when all recipients are already found in database (and therefore no LDAP lookup is needed).

Here is the fix we are about to implement:
- sharing with recipients already known in database will work as usual
- if any recipient requires LDAP lookup and at least one of the LDAP servers is down then sharing is aborted with the following explicit message:
"Critical error: some ldap directory are unreachable. File sharing is impossible, please contact your administrator."

Error log will indicate which ldap directory are unreachable.

Updated by Alioune KONE almost 2 years ago

  • Status changed from Assigned to Resolved
  • % Done changed from 50 to 100

Updated by Florent Angebault almost 2 years ago

  • Target version set to 1.11.4

Also available in: Atom PDF