Graylog and LDAP: NullPointerException

patcable · May 29, 2019, 7:04pm

After upgrading to Graylog 3.0 everyone is able to authenticate and use the platform fine, but my server logs have a lot of NullPointerExceptions in them related to LDAP. I’m not entirely sure where to start debugging this one since everything seems to work except - there’s a lot of log noise. When I test the connection on the LDAP settings page, it works fine and picks up all my groups as well.

I’m using OpenLDAP 2.4.47. Our user object type is inetOrgPerson (all accounts are also posixAccount and shadowAccount - we search by inetOrgPerson since those are human users), and the groups have objectClass posixGroup which have memberUid as attributes.

Setting	Value
User BaseDN	`ou=users,dc=blah`
User Search Pattern	`(&(objectClass=inetOrgPerson)(uid={0}))`
Display Name Attribute	`uid`
Group BaseDN	`ou=groups,dc=blah`
Group Search Pattern	`(&(objectClass=posixGroup)(cn=gl-*))`
Group Name Attribute	`cn`

Stack trace follows:

2019-05-29T18:47:40.231Z WARN  [LdapNetworkConnection] null
java.lang.NullPointerException: null
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.messageReceived(LdapNetworkConnection.java:2040) ~[graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:997) ~[graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:641) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1114) [graylog.jar:?]
	at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:641) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1114) [graylog.jar:?]
	at org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:326) [graylog.jar:?]
	at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:712) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:767) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1141) [graylog.jar:?]
	at org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:145) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:767) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1141) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.filterClose(DefaultIoFilterChain.java:1025) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:767) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:760) [graylog.jar:?]
	at org.apache.mina.core.session.AbstractIoSession.closeNow(AbstractIoSession.java:353) [graylog.jar:?]
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.close(LdapNetworkConnection.java:883) [graylog.jar:?]
	at org.graylog2.security.realm.LdapUserAuthenticator.$closeResource(LdapUserAuthenticator.java:133) [graylog.jar:?]
	at org.graylog2.security.realm.LdapUserAuthenticator.doGetAuthenticationInfo(LdapUserAuthenticator.java:133) [graylog.jar:?]
	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571) [graylog.jar:?]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219) [graylog.jar:?]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) [graylog.jar:?]
	at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [graylog.jar:?]
	at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [graylog.jar:?]
	at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274) [graylog.jar:?]
	at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [graylog.jar:?]
	at org.graylog2.shared.security.ShiroSecurityContext.loginSubject(ShiroSecurityContext.java:107) [graylog.jar:?]
	at org.graylog2.shared.security.ShiroAuthenticationFilter.filter(ShiroAuthenticationFilter.java:48) [graylog.jar:?]
	at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132) [graylog.jar:?]
	at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68) [graylog.jar:?]
	at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197) [graylog.jar:?]
	at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:318) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?]
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?]
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?]
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?]
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?]
	at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?]
	at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) [graylog.jar:?]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_102]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_102]
	at java.lang.Thread.run(Thread.java:745) [?:1.8.0_102]

patcable · May 31, 2019, 1:17pm

Forgot to mention - this is on Graylog 3.0.0 - I should give it an upgrade, but wasnt sure if folks who have more knowledge could identify something in that stacktrace that may be an issue.

jan · June 3, 2019, 2:39pm

did you have an admin account in your LDAP? Try set the root_username to something like graylog-admin (that is not used in your ldap)…

at least that would be the first I try.

patcable · June 3, 2019, 3:43pm

Hey, thanks for taking a look @jan!

I bumped Graylog to 3.0.2 and changed the admin username. I dont have any users named admin (at least, not in those search bases I listed) but I changed the username to gladmin anyways.

This stack trace looks similar, pasting it here in case i’m missing something:

2019-06-03T15:29:21.976Z WARN  [LdapNetworkConnection] null
java.lang.NullPointerException: null
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.messageReceived(LdapNetworkConnection.java:2040) ~[graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.messageReceived(DefaultIoFilterChain.java:997) ~[graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:641) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1114) [graylog.jar:?]
	at org.apache.mina.filter.codec.ProtocolCodecFilter.messageReceived(ProtocolCodecFilter.java:236) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callNextMessageReceived(DefaultIoFilterChain.java:641) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1300(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.messageReceived(DefaultIoFilterChain.java:1114) [graylog.jar:?]
	at org.apache.mina.filter.ssl.SslHandler.flushScheduledEvents(SslHandler.java:326) [graylog.jar:?]
	at org.apache.mina.filter.ssl.SslFilter.filterClose(SslFilter.java:712) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:767) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1141) [graylog.jar:?]
	at org.apache.mina.core.filterchain.IoFilterAdapter.filterClose(IoFilterAdapter.java:145) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:767) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.access$1600(DefaultIoFilterChain.java:48) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$EntryImpl$1.filterClose(DefaultIoFilterChain.java:1141) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain$TailFilter.filterClose(DefaultIoFilterChain.java:1025) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.callPreviousFilterClose(DefaultIoFilterChain.java:767) [graylog.jar:?]
	at org.apache.mina.core.filterchain.DefaultIoFilterChain.fireFilterClose(DefaultIoFilterChain.java:760) [graylog.jar:?]
	at org.apache.mina.core.session.AbstractIoSession.closeNow(AbstractIoSession.java:353) [graylog.jar:?]
	at org.apache.directory.ldap.client.api.LdapNetworkConnection.close(LdapNetworkConnection.java:883) [graylog.jar:?]
	at org.graylog2.security.realm.LdapUserAuthenticator.$closeResource(LdapUserAuthenticator.java:133) [graylog.jar:?]
	at org.graylog2.security.realm.LdapUserAuthenticator.doGetAuthenticationInfo(LdapUserAuthenticator.java:133) [graylog.jar:?]
	at org.apache.shiro.realm.AuthenticatingRealm.getAuthenticationInfo(AuthenticatingRealm.java:571) [graylog.jar:?]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doMultiRealmAuthentication(ModularRealmAuthenticator.java:219) [graylog.jar:?]
	at org.apache.shiro.authc.pam.ModularRealmAuthenticator.doAuthenticate(ModularRealmAuthenticator.java:269) [graylog.jar:?]
	at org.apache.shiro.authc.AbstractAuthenticator.authenticate(AbstractAuthenticator.java:198) [graylog.jar:?]
	at org.apache.shiro.mgt.AuthenticatingSecurityManager.authenticate(AuthenticatingSecurityManager.java:106) [graylog.jar:?]
	at org.apache.shiro.mgt.DefaultSecurityManager.login(DefaultSecurityManager.java:274) [graylog.jar:?]
	at org.apache.shiro.subject.support.DelegatingSubject.login(DelegatingSubject.java:260) [graylog.jar:?]
	at org.graylog2.shared.security.ShiroSecurityContext.loginSubject(ShiroSecurityContext.java:107) [graylog.jar:?]
	at org.graylog2.shared.security.ShiroAuthenticationFilter.filter(ShiroAuthenticationFilter.java:48) [graylog.jar:?]
	at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:132) [graylog.jar:?]
	at org.glassfish.jersey.server.ContainerFilteringStage.apply(ContainerFilteringStage.java:68) [graylog.jar:?]
	at org.glassfish.jersey.process.internal.Stages.process(Stages.java:197) [graylog.jar:?]
	at org.glassfish.jersey.server.ServerRuntime$2.run(ServerRuntime.java:318) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:271) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors$1.call(Errors.java:267) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:315) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:297) [graylog.jar:?]
	at org.glassfish.jersey.internal.Errors.process(Errors.java:267) [graylog.jar:?]
	at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:317) [graylog.jar:?]
	at org.glassfish.jersey.server.ServerRuntime.process(ServerRuntime.java:305) [graylog.jar:?]
	at org.glassfish.jersey.server.ApplicationHandler.handle(ApplicationHandler.java:1154) [graylog.jar:?]
	at org.glassfish.jersey.grizzly2.httpserver.GrizzlyHttpContainer.service(GrizzlyHttpContainer.java:384) [graylog.jar:?]
	at org.glassfish.grizzly.http.server.HttpHandler$1.run(HttpHandler.java:224) [graylog.jar:?]
	at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:181) [graylog.jar:?]

system · June 17, 2019, 3:56pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog LDAP- NullPointerException Graylog Central (peer support)	1	492	December 30, 2019
org.apache.directory.ldap.client.api.LdapNetworkConnection - null java.lang.NullPointerException: null Graylog Central (peer support)	2	670	August 9, 2019
LdapNetworkConnection Exception Graylog Central (peer support)	2	889	May 25, 2020
[SOLVED] Problems with LDAP Graylog Central (peer support)	9	2344	April 20, 2019
LDAPConnector trying to connect to LDAP Server null Graylog Central (peer support)	2	592	October 17, 2019

Graylog and LDAP: NullPointerException

Related topics