Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Critical
Fix Version/s: JBossAS-4.0.4RC1
Affects Version/s: JBossAS-4.0.3 Final, JBossAS-4.0.3 SP1
Component/s: Security
Labels:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

The is a bug in the class org.jboss.security.auth.spi.LdapLoginModule whereby once the user is authenticated, it assigns all roles listed under the role context DN to the user.

The following patch fixes the problem. Please apply it to future releases:

— jboss-4.0.3SP1-src/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2005-08-30 06:23:07.000000000 +1000
+++ jboss-4.0.3SP1-src-new/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2005-11-19 22:30:27.000000000 +1100
@@ -329,7 +329,7 @@
roleAttrName = "roles";
StringBuffer roleFilter = new StringBuffer("(");
roleFilter.append(uidAttrName);

roleFilter.append("=*)");
+ roleFilter.append("= {0}
)");
//BasicAttributes matchAttrs = new BasicAttributes(true);
String userToMatch = username;
if (matchOnUserDN == true)

duplicates

JBAS-2452 The LdapLoginModule supplies the user with ALL roles from LDAP-server instead of constraining it by the membership.

Closed

relates to

JBAS-2388 NPE on connecting to Active Directory

Closed

Assignee:: Unassigned

Reporter:: Eric Yeo (Inactive)

Votes:: 3 Vote for this issue

Watchers:: 0 Start watching this issue

Created:: 2005/11/19 10:48 PM

Updated:: 2006/01/26 8:01 PM

Resolved:: 2006/01/26 8:00 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide