-
Bug
-
Resolution: Done
-
Major
-
7.4.4.GA
-
False
-
None
-
False
-
-
-
-
-
-
+
When a mapping in a ldap realm is configured to use the option extract-rdn, for example something like the following:
/subsystem=elytron/ldap-realm=ldap_realm:add(dir-context=ldap_dir-context, direct-verification=true, identity-mapping=\{search-base-dn="cn=Users,dc=example,dc=com", rdn-identifier="samacountname", attribute-mapping=[{from="memberOf", to="Roles", extract-rdn="cn"}]})
The RDN farthest to the right with name cn is selected. For example with a group name cn=Role1,cn=Roles,dc=example,dc=com the value Roles is returned instead of Role1. This makes no sense because all the roles inside that branch will be transformed in the same role name Roles. The RDN situated furthest to the left should be selected instead, Role1 in the example.
- is caused by
-
ELY-2358 Option extract-rdn selects the rightmost matching RDN instead of the leftmost one
- Resolved
- is incorporated by
-
JBEAP-23794 (7.4.z) Upgrade Elytron from 1.15.13.Final-redhat-00001 to 1.15.14.Final-redhat-00001
- Closed