Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-3555

LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible

XMLWordPrintable

    • Workaround Exists
    • Hide

      Well, you could create a dummy user to avoid an anonymous bind at all.

      Show
      Well, you could create a dummy user to avoid an anonymous bind at all.

      If an anonymous bind to the LDAP-Server is allowed no bindDN and bindCredential is supplied in login-context.xml. This causes the LoginModule to fail due to an NPE. The responsible lines are around 485:

      env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      env.put(Context.SECURITY_CREDENTIALS, credential);

      The HashMap.put fails if dn or credetials are null. The obvious solution is to change the lines to:

      if (dn != null)
      env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      if (credential != null)
      env.put(Context.SECURITY_CREDENTIALS, credential);

              dandread1@redhat.com Dimitrios Andreadis
              fhh_jira fhh (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved:

                  Estimated:
                  Original Estimate - 30 minutes
                  30m
                  Remaining:
                  Remaining Estimate - 30 minutes
                  30m
                  Logged:
                  Time Spent - Not Specified
                  Not Specified