Fix a SimpleBindRequest bug

Fixed a bug in SimpleBindRequest that prevented it from rejecting a bind request that includes a DN without a password (when it is appropriate to do so, based on the LDAPConnectionOptions.bindWithDNRequiresPassword() setting) when operating in synchronous mode. The setting was properly honored in the default asynchronous mode.
pingidentity · Mar 9, 2018 · 8471904 · 8471904
1 parent 41df758
commit 8471904
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 15 deletions.
diff --git a/docs/release-notes.html b/docs/release-notes.html
@@ -13,6 +13,15 @@ <h3>Version 4.0.5</h3>
               </p>
 
               <ul>
+                <li>
+                  Fixed a bug in simple bind request processing in which the LDAP SDK would only
+                  reject a bind request that contains a DN but no password (subject to the
+                  <tt>LDAPConnectionOptions.bindWithDNRequiresPassword()</tt> setting) when using
+                  the default asynchronous mode, but not when configured to operate in synchronous
+                  mode.
+                  <br><br>
+                </li>
+
                 <li>
                   Added support for two new UnboundID/Ping-proprietary request controls.  The
                   reject unindexed search request control can be used to indicate that the server

diff --git a/src/com/unboundid/ldap/sdk/SimpleBindRequest.java b/src/com/unboundid/ldap/sdk/SimpleBindRequest.java
@@ -513,14 +513,6 @@ public ASN1Element encodeProtocolOp()
   protected BindResult process(final LDAPConnection connection, final int depth)
             throws LDAPException
   {
-    if (connection.synchronousMode())
-    {
-      @SuppressWarnings("deprecation")
-      final boolean autoReconnect =
-           connection.getConnectionOptions().autoReconnect();
-      return processSync(connection, autoReconnect);
-    }
-
     // See if a bind DN was provided without a password.  If that is the case
     // and this should not be allowed, then throw an exception.
     if (password != null)
@@ -536,6 +528,14 @@ protected BindResult process(final LDAPConnection connection, final int depth)
     }
 
 
+    if (connection.synchronousMode())
+    {
+      @SuppressWarnings("deprecation")
+      final boolean autoReconnect =
+           connection.getConnectionOptions().autoReconnect();
+      return processSync(connection, autoReconnect);
+    }
+
     // Create the LDAP message.
     messageID = connection.nextMessageID();
     final LDAPMessage message = new LDAPMessage(messageID, this, getControls());

diff --git a/tests/unit/src/com/unboundid/ldap/sdk/SimpleBindRequestTestCase.java b/tests/unit/src/com/unboundid/ldap/sdk/SimpleBindRequestTestCase.java
@@ -27,6 +27,7 @@
 import org.testng.annotations.Test;
 
 import com.unboundid.asn1.ASN1OctetString;
+import com.unboundid.ldap.listener.InMemoryDirectoryServer;
 import com.unboundid.ldap.protocol.LDAPMessage;
 
 
@@ -1393,22 +1394,72 @@ public void testFailedAdminBind()
 
   /**
    * Tests to ensure that the LDAP SDK will reject attempts to perform a simple
-   * bind with a DN but without a password.  Note that processing for this test
-   * will only be performed if a Directory Server instance is available.
+   * bind with a DN but without a password, when operating in synchronous mode.
    *
    * @throws  Exception  If an unexpected problem occurs.
    */
   @Test()
-  public void testRejectBindWithDNButNoPassword()
+  public void testRejectBindWithDNButNoPasswordSyncMode()
          throws Exception
   {
-    if (! isDirectoryInstanceAvailable())
+    final InMemoryDirectoryServer ds = getTestDS(true, true);
+
+    final LDAPConnectionOptions options = new LDAPConnectionOptions();
+    options.setUseSynchronousMode(true);
+
+    final LDAPConnection conn = ds.getConnection(options);
+    final SimpleBindRequest bindRequest =
+         new SimpleBindRequest("cn=Directory Manager", "");
+
+    try
     {
-      return;
+      bindRequest.process(conn, 1);
+      fail("Expected an exception when binding with a DN but no password");
+    }
+    catch (LDAPException le)
+    {
+      assertEquals(le.getResultCode(), ResultCode.PARAM_ERROR);
     }
 
-    LDAPConnection conn = getUnauthenticatedConnection();
-    SimpleBindRequest bindRequest = new SimpleBindRequest(getTestBindDN(), "");
+
+    // Reconfigure the connection so that it will allow binds with a DN but no
+    // password.
+    conn.getConnectionOptions().setBindWithDNRequiresPassword(false);
+    try
+    {
+      bindRequest.process(conn, 1);
+    }
+    catch (LDAPException le)
+    {
+      // The server will still likely reject the operation, but we should at
+      // least verify that it wasn't a parameter error.
+      assertFalse(le.getResultCode() == ResultCode.PARAM_ERROR);
+    }
+
+    conn.getConnectionOptions().setBindWithDNRequiresPassword(true);
+    conn.close();
+  }
+
+
+
+  /**
+   * Tests to ensure that the LDAP SDK will reject attempts to perform a simple
+   * bind with a DN but without a password, when operating in asynchronous mode.
+   *
+   * @throws  Exception  If an unexpected problem occurs.
+   */
+  @Test()
+  public void testRejectBindWithDNButNoPasswordAsyncMode()
+         throws Exception
+  {
+    final InMemoryDirectoryServer ds = getTestDS(true, true);
+
+    final LDAPConnectionOptions options = new LDAPConnectionOptions();
+    options.setUseSynchronousMode(false);
+
+    final LDAPConnection conn = ds.getConnection(options);
+    final SimpleBindRequest bindRequest =
+         new SimpleBindRequest("cn=Directory Manager", "");
 
     try
     {