Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-7821

Regression in EAP 7.1.0.DR9: username-load attribute of legacy LDAP Realm stop to work

    XMLWordPrintable

Details

    • Regression
    • Not Required
    • Hide

      1. Start LDAP server with following ldif:

      dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password

      2. Add outbound connection to standalone.xml

      <outbound-connections>
    <ldap search-dn="uid=admin,ou=system" name="ldap-connection" search-credential="secret" url="ldap://localhost:10389"/>
</outbound-connections>

      3. Add ldap security-realm

      <security-realm name="ldap-realm">
    <authentication>
        <ldap connection="ldap-connection" base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
            <advanced-filter filter="(uid={0})"/>
        </ldap>
    </authentication>
</security-realm>

      4. Set ldap-realm for http-interface

      <management-interfaces>
    <http-interface security-realm="ldap-realm">
        <http-upgrade enabled="true"/>
        <socket-binding http="management-http"/>
    </http-interface>
</management-interfaces>

      5. start Application Server and run CLI command

      ./jboss-cli.sh -c -u=jduke -p=Password ':whoami'
{
    "outcome" => "success",
    "result" => {"identity" => {"username" => "jduke"}}
}

      In correct behavior (in EAP 7.0.x) username "Duke" should be assigned.

      Show
      1. Start LDAP server with following ldif: dn: ou=People,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: People dn: uid=jduke,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke cn: Java Duke sn: Duke userPassword: Password 2. Add outbound connection to standalone.xml <outbound-connections> <ldap search-dn= "uid=admin,ou=system" name= "ldap-connection" search-credential= "secret" url= "ldap: //localhost:10389" /> </outbound-connections> 3. Add ldap security-realm <security-realm name= "ldap-realm" > <authentication> <ldap connection= "ldap-connection" base-dn= "ou=People,dc=jboss,dc=org" username-load= "sn" > <advanced-filter filter= "(uid={0})" /> </ldap> </authentication> </security-realm> 4. Set ldap-realm for http-interface <management-interfaces> <http- interface security-realm= "ldap-realm" > <http-upgrade enabled= " true " /> <socket-binding http= "management-http" /> </http- interface > </management-interfaces> 5. start Application Server and run CLI command ./jboss-cli.sh -c -u=jduke -p=Password ':whoami' { "outcome" => "success" , "result" => { "identity" => { "username" => "jduke" }} } In correct behavior (in EAP 7.0.x) username "Duke" should be assigned.

    Description

      username-load attribute of legacy LDAP Realm stop to work in EAP 7.1.0.DR9. This attribute is used for assigning username from some LDAP entry attribute. In current behavior in EAP 7.1.0.DR9 username passed in credential is used as username even if username-load attribute is configured.

      Due to regression we request blocker. Taking EAP 7.0.x configuration and put it into EAP 7.1.x will causes that username-load feature stop to work.

      Attachments

        Issue Links

          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2161 username-load attribute of legacy LDAP Realm stop to work

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-7960 (7.1.0) Upgrade to WildFly Core to 3.0.0.Alpha22

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: