Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-3555

LdapExtLoginModule fails if no initial bind credentials are supplied but anonymous login would be possible

    XMLWordPrintable

Details

    • Workaround Exists
    • Hide

      Well, you could create a dummy user to avoid an anonymous bind at all.

      Show
      Well, you could create a dummy user to avoid an anonymous bind at all.

    Description

      If an anonymous bind to the LDAP-Server is allowed no bindDN and bindCredential is supplied in login-context.xml. This causes the LoginModule to fail due to an NPE. The responsible lines are around 485:

      env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      env.put(Context.SECURITY_CREDENTIALS, credential);

      The HashMap.put fails if dn or credetials are null. The obvious solution is to change the lines to:

      if (dn != null)
      env.setProperty(Context.SECURITY_PRINCIPAL, dn);
      if (credential != null)
      env.put(Context.SECURITY_CREDENTIALS, credential);

      Attachments

        Activity

          People

            dandread1@redhat.com Dimitrios Andreadis
            fhh_jira fhh (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Time Tracking

                Estimated:
                Original Estimate - 30 minutes
                30m
                Remaining:
                Remaining Estimate - 30 minutes
                30m
                Logged:
                Time Spent - Not Specified
                Not Specified