Detect non-AD server at initialization time and throw an InvalidConfigurationException upon detection. This fixes b/7061071.

commit: 18c07080d8b7b76111025067293edfc8c74b278d [log] [tgz]
author: Marc Kriguer <myk@google.com> Wed Jun 25 15:46:19 2014 -0700
committer: Marc Kriguer <myk@google.com> Wed Jun 25 15:46:19 2014 -0700
tree: 13866ba27faa8e18cc1c1813122ba730a952d69f
parent: 6f6a930fdec746fef3d301f196539aed0fd82fbb [diff]
diff --git a/src/com/google/enterprise/adaptor/ad/AdServer.java b/src/com/google/enterprise/adaptor/ad/AdServer.java
index 5d5aaa1..de93e5b 100644
--- a/src/com/google/enterprise/adaptor/ad/AdServer.java
+++ b/src/com/google/enterprise/adaptor/ad/AdServer.java

@@ -16,6 +16,7 @@
 
 import com.google.common.annotations.VisibleForTesting;
 
+import com.google.enterprise.adaptor.InvalidConfigurationException;
 import com.google.enterprise.adaptor.StartupException;
 
 import java.io.IOException;
@@ -53,7 +54,8 @@
   // properties necessary for connection and reconnection
   private Method connectMethod;
   private final String hostName;
-  private int port;
+  @VisibleForTesting
+  int port;
   private String principal;
   private String password;
 
@@ -213,7 +215,7 @@
         "configurationNamingContext").get(0).toString();
   }
 
-  public void initialize() {
+  public void initialize() throws InvalidConfigurationException {
     try {
       ensureConnectionIsCurrent();
       sid = AdEntity.getTextSid((byte[]) get(
@@ -223,6 +225,15 @@
           "invocationID;binary", dsServiceName));
     } catch (NamingException e) {
       throw new RuntimeException(e);
+    } catch (NullPointerException npe) {
+      String reason = "non-AD LDAP server detected.  AD Adaptor must be run "
+          + "against an Active Directory domain controller.";
+      if ((port == 3268) || (port == 3269)) {
+        reason = "AD Adaptor must be run against the Domain Controller "
+            + "(typically, port 389 for HTTP or port 636 for SSL), not the "
+            + "Global Catalog.";
+      }
+      throw new InvalidConfigurationException(reason);
     }
 
     LOGGER.info("Successfully created an Initial LDAP context");

diff --git a/test/com/google/enterprise/adaptor/ad/AdServerTest.java b/test/com/google/enterprise/adaptor/ad/AdServerTest.java
index 349d0fc..66973d1 100644
--- a/test/com/google/enterprise/adaptor/ad/AdServerTest.java
+++ b/test/com/google/enterprise/adaptor/ad/AdServerTest.java

@@ -20,6 +20,9 @@
 import org.junit.Test;
 import org.junit.rules.ExpectedException;
 
+import com.google.enterprise.adaptor.InvalidConfigurationException;
+import com.google.enterprise.adaptor.StartupException;
+
 import javax.naming.*;
 import javax.naming.directory.*;
 import javax.naming.ldap.*;
@@ -131,6 +134,66 @@
   }
 
   @Test
+  public void testNonADInitialize() throws Exception {
+    MockLdapContext ldapContext = new MockLdapContext() {
+      @Override
+      public NamingEnumeration<SearchResult> search(String base, String filter,
+        SearchControls searchControls) throws NamingException {
+          throw new NullPointerException("non-AD server");
+      }
+    };
+    AdServer adServer = new AdServer("localhost", ldapContext);
+    try {
+      adServer.initialize();
+      fail("Did not catch expected InvalidConfigurationException.");
+    } catch (InvalidConfigurationException ice) {
+      assertTrue(ice.toString().contains("non-AD LDAP"));
+    }
+  }
+
+  @Test
+  // this test uses port 3268 -- the Global Catalog port -- to get a
+  // specific exception thrown.
+  public void testGlobalCatalogInitialize() throws Exception {
+    final MockLdapContext ldapContext = new MockLdapContext() {
+      @Override
+      public NamingEnumeration<SearchResult> search(String base, String filter,
+        SearchControls searchControls) throws NamingException {
+          throw new NullPointerException("non-AD server");
+      }
+    };
+    AdServer adServer = new AdServer("localhost", ldapContext);
+    try {
+      adServer.port = 3268;
+      adServer.initialize();
+      fail("Did not catch expected InvalidConfigurationException.");
+    } catch (InvalidConfigurationException ice) {
+      assertTrue(ice.toString().contains("not the Global Catalog"));
+    }
+  }
+
+  @Test
+  // this test uses port 3269 -- the SSL Global Catalog port -- to get the
+  // same specific exception thrown.
+  public void testSSLGlobalCatalogInitialize() throws Exception {
+    final MockLdapContext ldapContext = new MockLdapContext() {
+      @Override
+      public NamingEnumeration<SearchResult> search(String base, String filter,
+        SearchControls searchControls) throws NamingException {
+          throw new NullPointerException("non-AD server");
+      }
+    };
+    AdServer adServer = new AdServer("localhost", ldapContext);
+    try {
+      adServer.port = 3269;
+      adServer.initialize();
+      fail("Did not catch expected InvalidConfigurationException.");
+    } catch (InvalidConfigurationException ice) {
+      assertTrue(ice.toString().contains("not the Global Catalog"));
+    }
+  }
+
+  @Test
   /*
    * This tests a code path that the author doesn't think can actually happen
    *
commit	18c07080d8b7b76111025067293edfc8c74b278d	[log] [tgz]
author	Marc Kriguer <myk@google.com>	Wed Jun 25 15:46:19 2014 -0700
committer	Marc Kriguer <myk@google.com>	Wed Jun 25 15:46:19 2014 -0700
tree	13866ba27faa8e18cc1c1813122ba730a952d69f
parent	6f6a930fdec746fef3d301f196539aed0fd82fbb [diff]