Incorrect Filter Sent to OpenLDAP Server: (?=undefined) When BPA Publisher Tries to Authenticate a User (Doc ID 850186.1)

Last updated on NOVEMBER 03, 2016

Applies to:

Oracle Business Process Analysis Suite - Version: 10.1.3.4.0 and later   [Release: and later ]
Information in this document applies to any platform.

Symptoms

You have configured BPA to use LDAP for authentication using OpenLDAP Server following the BPA Administration Guide:

Oracle BPA Suite
Business Process Architect
Oracle BPA Suite 10.1.3.4
Administration Guide

When an authentication query is sent to the LDAP server by the BPA Publisher one of the filter fields is undefined causing the query to fail.  An example from the LDAP server log will look as follows:

Jun 19 18:04:20 infra slapd[25393]: conn=2657 fd=51 ACCEPT from IP=10.10.10.10:2000 (IP=10.20.10.40:636)
Jun 19 18:04:20 infra slapd[25393]: conn=2657 fd=51 TLS established tls_ssf=128 ssf=128
Jun 19 18:04:20 infra slapd[25393]: conn=2657 op=0 BIND dn="" method=128
Jun 19 18:04:20 infra slapd[25393]: conn=2657 op=0 RESULT tag=97 err=0 text=
Jun 19 18:04:20 infra slapd[25393]: conn=2657 op=1 SRCH base="ou=users,ou=auth,o=oracle" scope=2 deref=3 filter="(&(objectClass=inetOrgPerson)(?=undefined))"
Jun 19 18:04:20 infra slapd[25393]: conn=2657 op=1 SRCH attr=distinguishedName mail givenName sn objectClass javaSerializedData javaClassName javaFactory javaCodeBase javaReferenceAddress javaClassNames javaRemoteLocation
Jun 19 18:04:20 infra slapd[25393]: conn=2657 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

The problem is the filter where the second element is undefined:

filter="(&(objectClass=inetOrgPerson)(?=undefined))"

You may also see this type of error in the ldap-10.1.3.4.271679_0.log:

2009-06-19T18:12:11,183 com.idsscheer.aris.businesspublisher.logic.context.login.ABPLdapAccess.authenticateUser
Login error: User "test1" does not exist or the technical LDAP user from webappserver.cfg is not ok.

2009-06-19T18:12:11,183 com.idsscheer.aris.businesspublisher.logic.context.login.ABPLoginContext.authenticateUser
Exception from 'ldaps://ldap.us.oracle.com'.
javax.naming.NamingException
at com.idsscheer.aris.businesspublisher.logic.context.login.ABPLdapAccess.authenticateUser(ABPLdapAccess.java:125)
at com.idsscheer.aris.businesspublisher.logic.context.login.ABPLoginContext.authenticateUser(ABPLoginContext.java:404)
at com.idsscheer.aris.businesspublisher.actions.ALoginAction.execute(ALoginAction.java:37)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.idsscheer.aris.businesspublisher.waf.AStatisticFilter.doFilter(AStatisticFilter.java:74)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.idsscheer.aris.businesspublisher.waf.ASessionFilter.doFilter(ASessionFilter.java:91)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at com.idsscheer.aris.businesspublisher.waf.AEncodingFilter.doFilter(AEncodingFilter.java:22)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)

2009-06-19T18:12:11,183 com.idsscheer.aris.businesspublisher.logic.context.login.ABPLoginContext.authenticateUser
User wisslet could not be authenticated using LDAP.


Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms