Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-23793

[GSS](7.4.z) ELY-2358 - Option extract-rdn selects the rightmost matching RDN instead of the leftmost one

    XMLWordPrintable

Details

    Description

      When a mapping in a ldap realm is configured to use the option extract-rdn, for example something like the following:

      /subsystem=elytron/ldap-realm=ldap_realm:add(dir-context=ldap_dir-context, direct-verification=true, identity-mapping=\{search-base-dn="cn=Users,dc=example,dc=com", rdn-identifier="samacountname", attribute-mapping=[{from="memberOf", to="Roles", extract-rdn="cn"}]})

      The RDN farthest to the right with name cn is selected. For example with a group name cn=Role1,cn=Roles,dc=example,dc=com the value Roles is returned instead of Role1. This makes no sense because all the roles inside that branch will be transformed in the same role name Roles. The RDN situated furthest to the left should be selected instead, Role1 in the example.

      Attachments

        Issue Links

          is caused by

          Bug - A problem that impairs or prevents the functions of the product. ELY-2358 Option extract-rdn selects the rightmost matching RDN instead of the leftmost one

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-23794 (7.4.z) Upgrade Elytron from 1.15.13.Final-redhat-00001 to 1.15.14.Final-redhat-00001

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-support-rmartinc Ricardo Martin Camarero
              rhn-support-orivat Olivier Rivat
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: