Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
Elytron ldap-realm allows to use DN as username (e.g. full uid=jduke,ou=People,dc=jboss,dc=org can be used instead of jduke). However implementation requires that used DN must start with rdn-identifier in the same case sensitivity as is used in server configuration. Otherwise authentication fails. It means when server configuration uses rdn-identifier=uid then only uid=jduke,... can be correctly used, UID=jduke,... will fail.
LDAP specification does not talk about case sensitivity of attributes, but most of LDAP servers work with attributes as case insensitive.
Attachments
Issue Links
- clones
-
JBEAP-6420 Getting identity by DN in Elytron ldap-realm should be case insensitive
- Verified
- is related to
-
ELY-671 Usernames started with rdn-identifier works incorrectly in Elytron ldap-realm
- Resolved