Hi,
After applying this version I get following in the logs - and elasticsearch shuts down:
[2017-03-22T13:56:48,036][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [ela-coordprd01] caught exception while handling client http traffic, closing connection [id: 0x4bc3e24e, L:/10.93.37.135:9200 - R:/
137.82.5.97:38770]
com.google.common.util.concurrent.ExecutionError: java.lang.ExceptionInInitializerError
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2205) ~[?:?]
at com.google.common.cache.LocalCache.get(LocalCache.java:3953) ~[?:?]
at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4790) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry.authenticate(BackendRegistry.java:481) ~[?:?]
at com.floragunn.searchguard.filter.SearchGuardRestFilter.process(SearchGuardRestFilter.java:99) ~[?:?]
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:310) ~[elasticsearch-5.1.1.jar:5.1.1]
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:203) ~[elasticsearch-5.1.1.jar:5.1.1]
at org.elasticsearch.http.HttpServer.dispatchRequest(HttpServer.java:113) ~[elasticsearch-5.1.1.jar:5.1.1]
at org.elasticsearch.http.netty4.Netty4HttpServerTransport.dispatchRequest(Netty4HttpServerTransport.java:507) ~[transport-netty4-client-5.1.1.jar:5.1.1]
at com.floragunn.searchguard.ssl.http.netty.SearchGuardSSLNettyHttpServerTransport.dispatchRequest(SearchGuardSSLNettyHttpServerTransport.java:120) ~[search-guard-ssl-5.1.1-20.jar:5.1.1-20]
at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:69) ~[transport-netty4-client-5.1.1.jar:5.1.1]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105) ~[netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at org.elasticsearch.http.netty4.pipelining.HttpPipeliningHandler.channelRead(HttpPipeliningHandler.java:66) [transport-netty4-client-5.1.1.jar:5.1.1]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1069) [netty-handler-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) [netty-handler-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) [netty-codec-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:651) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:536) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:490) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:450) [netty-transport-4.1.6.Final.jar:4.1.6.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873) [netty-common-4.1.6.Final.jar:4.1.6.Final]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: java.lang.ExceptionInInitializerError
at com.unboundid.ldap.sdk.LDAPConnectionInternals.(LDAPConnectionInternals.java:187) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:760) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:710) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:534) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthorizationBackend.getConnection(LDAPAuthorizationBackend.java:140) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate0(LDAPAuthenticationBackend.java:90) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.access$000(LDAPAuthenticationBackend.java:44) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:74) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:71) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:71) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:487) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:481) ~[?:?]
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4793) ~[?:?]
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3542) ~[?:?]
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2323) ~[?:?]
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2286) ~[?:?]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201) ~[?:?]
… 58 more
Caused by: java.security.AccessControlException: access denied (“java.util.PropertyPermission” “" “read,write”)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_121]
at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_121]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_121]
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262) ~[?:1.8.0_121]
at java.lang.System.getProperties(System.java:630) ~[?:1.8.0_121]
at com.unboundid.util.Debug.(Debug.java:166) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnectionInternals.(LDAPConnectionInternals.java:187) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:760) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:710) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:534) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthorizationBackend.getConnection(LDAPAuthorizationBackend.java:140) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate0(LDAPAuthenticationBackend.java:90) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.access$000(LDAPAuthenticationBackend.java:44) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:74) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:71) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:71) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:487) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:481) ~[?:?]
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4793) ~[?:?]
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3542) ~[?:?]
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2323) ~[?:?]
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2286) ~[?:?]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201) ~[?:?]
… 58 more
[2017-03-22T13:56:48,037][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [ela-coordprd01] fatal error in thread [Thread-6], exiting
com.google.common.util.concurrent.ExecutionError: java.lang.ExceptionInInitializerError
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2205) ~[?:?]
at com.google.common.cache.LocalCache.get(LocalCache.java:3953) ~[?:?]
at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4790) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry.authenticate(BackendRegistry.java:481) ~[?:?]
at org.elasticsearch.http.netty4.Netty4HttpRequestHandler.channelRead0(Netty4HttpRequestHandler.java:69) ~[?:?]
at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:105) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at org.elasticsearch.http.netty4.pipelining.HttpPipeliningHandler.channelRead(HttpPipeliningHandler.java:66) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) ~[?:?]
at io.netty.handler.codec.MessageToMessageCodec.channelRead(MessageToMessageCodec.java:111) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.handler.codec.MessageToMessageDecoder.channelRead(MessageToMessageDecoder.java:102) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:293) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:267) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1069) ~[?:?]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:902) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:411) ~[?:?]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:248) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:351) ~[?:?]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:373) ~[?:?]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) ~[?:?]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926) ~[?:?]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:129) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:651) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:536) ~[?:?]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:490) ~[?:?]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:450) ~[?:?]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:873) ~[?:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: java.lang.ExceptionInInitializerError
at com.unboundid.ldap.sdk.LDAPConnectionInternals.(LDAPConnectionInternals.java:187) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:760) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:710) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:534) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthorizationBackend.getConnection(LDAPAuthorizationBackend.java:140) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate0(LDAPAuthenticationBackend.java:90) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.access$000(LDAPAuthenticationBackend.java:44) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:74) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:71) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:71) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:487) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:481) ~[?:?]
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4793) ~[?:?]
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3542) ~[?:?]
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2323) ~[?:?]
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2286) ~[?:?]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201) ~[?:?]
… 58 more
Caused by: java.security.AccessControlException: access denied (“java.util.PropertyPermission” "” “read,write”)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472) ~[?:1.8.0_121]
at java.security.AccessController.checkPermission(AccessController.java:884) ~[?:1.8.0_121]
at java.lang.SecurityManager.checkPermission(SecurityManager.java:549) ~[?:1.8.0_121]
at java.lang.SecurityManager.checkPropertiesAccess(SecurityManager.java:1262) ~[?:1.8.0_121]
at java.lang.System.getProperties(System.java:630) ~[?:1.8.0_121]
at com.unboundid.util.Debug.(Debug.java:166) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnectionInternals.(LDAPConnectionInternals.java:187) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:860) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:760) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.connect(LDAPConnection.java:710) ~[?:?]
at com.unboundid.ldap.sdk.LDAPConnection.(LDAPConnection.java:534) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthorizationBackend.getConnection(LDAPAuthorizationBackend.java:140) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate0(LDAPAuthenticationBackend.java:90) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.access$000(LDAPAuthenticationBackend.java:44) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:74) ~[?:?]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend$1.run(LDAPAuthenticationBackend.java:71) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at com.floragunn.dlic.auth.ldap.backend.LDAPAuthenticationBackend.authenticate(LDAPAuthenticationBackend.java:71) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:487) ~[?:?]
at com.floragunn.searchguard.auth.BackendRegistry$6.call(BackendRegistry.java:481) ~[?:?]
at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4793) ~[?:?]
at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3542) ~[?:?]
at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2323) ~[?:?]
at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2286) ~[?:?]
at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2201) ~[?:?]
… 58 more
Thanks,
Andreas
···
On Mar 22, 2017, at 08:53 AM, Search Guard info@search-guard.com wrote:
seems to be a problem with referrals
On Monday, 20 March 2017 20:37:55 UTC+1, Andreas Freudenreich wrote:
Hi,
I have installed the linked 5.0.8 version and it gets past the java error now - thanks!
.
Authorization fails, though, with another error:
[2017-03-20T12:30:31,302][WARN ][o.l.r.SearchReferralHandler] Could not follow referral to ldap://DomainDnsZones.ourdomain.ca/DC=DomainDnsZones,DC=our,DC=domain,DC=ca
org.ldaptive.LdapException: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1^@]; remaining name ‘DC=DomainDnsZones,DC=our,DC=domain,DC=ca’
Current authz configuration:
authz:
roles_from_myldap:
enabled: true
authorization_backend:
LDAP authorization backend (gather roles from a LDAP or Active Directory, you have to configure the above LDAP authentication backend settings too)
type: ldap # NOT FREE FOR COMMERCIAL USE
config:
enable_ssl: false
enable_start_tls: false
enable_ssl_client_auth: false
verify_hostnames: false
hosts:
bind_dn: ‘CN=AS-svcuser,OU=ServiceAccounts,OU=ES,OU=SERVICES,DC=our,DC=domain,DC=ca’
password: ‘our_pw’
rolebase: ‘OU=role,OU=groups,OU=ES,OU=SERVICES,DC=our,DC=domain,DC=ca’
Filter to search for roles (currently in the whole subtree beneath rolebase)
{0} is substituted with the DN of the user
{1} is substituted with the username
{2} is substituted with an attribute value from user’s directory entry, of the authenticated user. Use userroleattribute to specify the name of the attribute
rolesearch: ‘(uniqueMember={0})’
Specify the name of the attribute which value should be substituted with {2} above
userroleattribute: member
Roles as an attribute of the user entry
userrolename: memberOf
The attribute in a role entry containing the name of that role
rolename: distinguishedName
Resolve nested roles transitive (roles which are members of other roles and so on …)
resolve_nested_roles: true
userbase: ‘DC=our,DC=domain,DC=ca’
Filter to search for users (currently in the whole subtree beneath userbase)
{0} is substituted with the username
usersearch: ‘(samaccountname={0})’
I can perform an ldapsearch successfully with the same bind credentials.
Thanks for any hints,
Andreas
On Monday, 13 March 2017 10:42:50 UTC-7, Search Guard wrote:
can you check if https://oss.sonatype.org/content/repositories/snapshots/com/floragunn/dlic-search-guard-authbackend-ldap/5.0-8-SNAPSHOT/dlic-search-guard-authbackend-ldap-5.0-8-20170313.174111-1-jar-with-dependencies.jar fixes your issue (or at least print out more details)?
On Saturday, 11 March 2017 01:25:15 UTC+1, Andreas Freudenreich wrote:
Hi,
I get errors like the following when adding ldap authentication/authorization to searchguard. Authentication works, but authorization does not:
[2017-03-10T16:02:28,327][WARN ][o.l.SearchOperation ] org.ldaptive.referral.SearchReferralHandler$SearchReferenceHandler@2735818d threw unexpected exception
java.security.AccessControlException: access denied (“java.lang.RuntimePermission” “getClassLoader”)
Here the startup logs:
[2017-03-10T15:32:18,699][INFO ][c.f.s.SearchGuardPlugin ] FLS/DLS module not available
[2017-03-10T15:32:18,753][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL OpenSSL 1.0.1e-fips 11 Feb 2013 available
[2017-03-10T15:32:18,753][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL OpenSSL 1.0.1e-fips 11 Feb 2013 available
[2017-03-10T15:32:18,753][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.version: 1.8.0_121
[2017-03-10T15:32:18,753][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vendor: Oracle Corporation
[2017-03-10T15:32:18,753][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.version: 1.8
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.vendor: Oracle Corporation
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.name: Java Virtual Machine Specification
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.name: Java HotSpot™ 64-Bit Server VM
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.vendor: Oracle Corporation
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.version: 1.8
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.vendor: Oracle Corporation
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.name: Java Platform API Specification
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.name: Linux
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.arch: amd64
[2017-03-10T15:32:18,754][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.version: 3.10.0-514.6.1.el7.x86_64
[2017-03-10T15:32:18,760][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] JVM supports the following 57 ciphers
…
[2017-03-10T15:32:18,803][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Config directory is /etc/elasticsearch/, from there the key- and truststore files are resolved relatively
[2017-03-10T15:32:19,303][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] HTTPS client auth mode OPTIONAL
[2017-03-10T15:32:19,356][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] AES-256 not supported, max key length for AES is 128 bit… That is not an issue, it just limits possible encryption strength. To enable AES 256 install ‘Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files’
[2017-03-10T15:32:19,356][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransportClientProvider:OPENSSL with ciphers
…
[2017-03-10T15:32:19,357][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]
[2017-03-10T15:32:19,357][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [aggs-matrix-stats]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [ingest-common]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [lang-expression]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [lang-groovy]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [lang-mustache]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [lang-painless]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [percolator]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [reindex]
[2017-03-10T15:32:19,359][INFO ][o.e.p.PluginsService ] [mynode] loaded module [transport-netty3]
[2017-03-10T15:32:19,360][INFO ][o.e.p.PluginsService ] [mynode] loaded module [transport-netty4]
[2017-03-10T15:32:19,360][INFO ][o.e.p.PluginsService ] [mynode] loaded plugin [search-guard-5]
[2017-03-10T15:32:19,360][INFO ][o.e.p.PluginsService ] [mynode] loaded plugin [x-pack]
[2017-03-10T15:32:22,402][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL OpenSSL 1.0.1e-fips 11 Feb 2013 available
[2017-03-10T15:32:22,402][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] Open SSL OpenSSL 1.0.1e-fips 11 Feb 2013 available
[2017-03-10T15:32:22,402][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.version: 1.8.0_121
[2017-03-10T15:32:22,402][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vendor: Oracle Corporation
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.version: 1.8
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.vendor: Oracle Corporation
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.specification.name: Java Virtual Machine Specification
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.name: Java HotSpot™ 64-Bit Server VM
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.vm.vendor: Oracle Corporation
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.version: 1.8
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.vendor: Oracle Corporation
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] java.specification.name: Java Platform API Specification
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.name: Linux
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.arch: amd64
[2017-03-10T15:32:22,403][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] os.version: 3.10.0-514.6.1.el7.x86_64
[2017-03-10T15:32:22,478][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]
[2017-03-10T15:32:22,478][INFO ][c.f.s.s.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]
[2017-03-10T15:32:24,922][INFO ][c.f.s.c.ConfigurationModule] FLS/DLS valve not bound (noop)
[2017-03-10T15:32:24,923][INFO ][c.f.s.c.ConfigurationModule] Privileges interceptor not bound (noop)
[2017-03-10T15:32:24,924][INFO ][c.f.s.a.AuditLogModule ] Auditlog not available
[2017-03-10T15:32:26,411][INFO ][o.e.n.Node ] [mynode] initialized
[2017-03-10T15:32:26,411][INFO ][o.e.n.Node ] [mynode] starting …
[2017-03-10T15:32:27,195][INFO ][o.e.t.TransportService ] [mynode] publish_address {10.93.37.135:9300}, bound_addresses {127.0.0.1:9300}, {10.93.37.135:9300}
[2017-03-10T15:32:27,200][INFO ][o.e.b.BootstrapCheck ] [mynode] bound or publishing to a non-loopback or non-link-local address, enforcing bootstrap checks
[2017-03-10T15:32:27,205][INFO ][c.f.s.a.c.TransportConfigUpdateAction] [mynode] Check if searchguard index exists …
[2017-03-10T15:32:27,211][DEBUG][o.e.a.a.i.e.i.TransportIndicesExistsAction] [mynode] no known master node, scheduling a retry
[2017-03-10T15:32:31,030][INFO ][o.e.c.s.ClusterService ] [mynode] detected_master
…
[2017-03-10T15:32:33,398][INFO ][o.e.h.HttpServer ] [mynode] publish_address {10.93.37.135:9200}, bound_addresses {127.0.0.1:9200}, {10.93.37.135:9200}
[2017-03-10T15:32:33,398][INFO ][o.e.n.Node ] [mynode] started
[2017-03-10T15:32:33,462][INFO ][c.f.s.a.c.TransportConfigUpdateAction] [mynode] Node ‘mynode’ initialized
[2017-03-10T15:32:38,797][WARN ][o.l.SearchOperation ] org.ldaptive.referral.SearchReferralHandler$SearchReferenceHandler@5b45e788 threw unexpected exception
java.security.AccessControlException: access denied (“java.lang.RuntimePermission” “getClassLoader”)
We are using ES 5.1.1-1 and the ldap backend module 5.0-7 (we have an education license).
Thanks for any hints,
Andreas
–
You received this message because you are subscribed to a topic in the Google Groups “Search Guard” group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/BCo7OXboqD4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/05e25456-b4ef-4666-b6f4-95c8a341289d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
