Starting authentication gets hung when enabling LDAP authentication for OpsManager 3.0.x
search cancel

Starting authentication gets hung when enabling LDAP authentication for OpsManager 3.0.x

book

Article ID: 298135

calendar_today

Updated On:

Products

VMware Tanzu Application Service for VMs

Issue/Introduction

Users may find starting authentication system get stuck in the following scenarios when logging into Ops Manager web console for version 3.0.x. 

1) LDAP authentication is enabled when configuring Ops Manager right after it's deployed
2) Internal authentication is enabled first, but later changes it LDAP authentication

The following error messages can be found in UAA logs. 
[2023-05-04 12:41:13.321] uaa/uaa - 1651 [main] ....  INFO --- DefaultSpringSecurityContextSource: Configure with URL ldaps://ldaps.tas.example.com:3269 and root DN
[2023-05-04 12:41:13.358] uaa/uaa - 1651 [main] ....  WARN --- XmlWebApplicationContext: Exception encountered during context initialization - cancelling refresh attempt: org.springframewor
k.beans.factory.BeanCreationException: Error creating bean with name 'nestedLdapAuthoritiesPopulator' defined in class path resource [org/cloudfoundry/identity/uaa/impl/config/LdapGroupsCon
fig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.ldap.
userdetails.LdapAuthoritiesPopulator]: Factory method 'nestedLdapAuthoritiesPopulator' threw exception; nested exception is java.lang.NumberFormatException: null
[2023-05-04 12:41:13.517] uaa/uaa - 1651 [main] .... ERROR --- DispatcherServlet: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'nestedLdapAuthoritiesPopulator' defined in class path resource [org/cloudfoundry/identity/uaa/impl/co
nfig/LdapGroupsConfig.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframew
ork.security.ldap.userdetails.LdapAuthoritiesPopulator]: Factory method 'nestedLdapAuthoritiesPopulator' threw exception; nested exception is java.lang.NumberFormatException: null
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:658) ~[spring-beans-5.3.25.jar:5.3.25]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:638) ~[spring-beans-5.3.25.jar:5.3.25]
......
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185) ~[spring-beans-5.3.25.jar:5.3.25]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.25.jar:5.3.25]
        ... 63 more
Caused by: java.lang.NumberFormatException: null
        at java.lang.Integer.parseInt(Integer.java:614) ~[?:?]
        at java.lang.Integer.parseInt(Integer.java:770) ~[?:?]
        at org.cloudfoundry.identity.uaa.impl.config.LdapGroupsConfig.nestedLdapAuthoritiesPopulator(LdapGroupsConfig.java:26) ~[cloudfoundry-identity-server-76.8.0.jar:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
        at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
        at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
        at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
        at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:154) ~[spring-beans-5.3.25.jar:5.3.25]
        at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653) ~[spring-beans-5.3.25.jar:5.3.25]
        ... 63 more
This is an issue that was recently reported against OpsMan 3.0.x. When LDAP is configured for earlier versions of Ops Manager 2.10.x, the option "Group Max Search Depth (min: 1, max: 10)" is not a required field. However with the recent version of Ops Manager 3.0.x this field is a requirement. As of Ops Manager 3.0.7 this filed will be set to NULL value if it's not explicitly configured, which would cause this problem. 


Environment

Product Version: 3.0

Resolution

When enabling LDAP authentication on Ops Manager 3.0.7 and its previous 3.0.x releases, make sure "Group Max Search Depth" option is set to a value (min: 1, max: 10).  

There will be no such issue since Ops Manager 3.0.8 due to the following fix.
  • [Bug Fix] Default ldap “Group Max Search Depth” to 1


Powered by Wolken Software