Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8584

Missing username in LDAP entry for legacy ldap realm returns 500 instead of 401

XMLWordPrintable

    • Regression
    • Hide

      1. Start LDAP server with following ldif:

      dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
 
dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password

dn: uid=jduke2,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke2
cn: Java Duke2
userPassword: Password

      2. Add outbound connection to standalone.xml

      <outbound-connections>
    <ldap search-dn="uid=admin,ou=system" name="ldap-connection" search-credential="secret" url="ldap://localhost:10389"/>
</outbound-connections>

      3. Add ldap security-realm

      <security-realm name="ldap-realm">
    <authentication>
        <ldap connection="ldap-connection" base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
            <advanced-filter filter="(uid={0})"/>
        </ldap>
    </authentication>
</security-realm>

      4. Set ldap-realm for http-interface

      <management-interfaces>
    <http-interface security-realm="ldap-realm">
        <http-upgrade enabled="true"/>
        <socket-binding http="management-http"/>
    </http-interface>
</management-interfaces>

      5. try to access to Management Console with user jduke2 => HTTP status 500 is returned

      Show
      1. Start LDAP server with following ldif: dn: ou=People,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: People dn: uid=jduke,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke cn: Java Duke sn: Duke userPassword: Password dn: uid=jduke2,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke2 cn: Java Duke2 userPassword: Password 2. Add outbound connection to standalone.xml <outbound-connections> <ldap search-dn= "uid=admin,ou=system" name= "ldap-connection" search-credential= "secret" url= "ldap: //localhost:10389" /> </outbound-connections> 3. Add ldap security-realm <security-realm name= "ldap-realm" > <authentication> <ldap connection= "ldap-connection" base-dn= "ou=People,dc=jboss,dc=org" username-load= "sn" > <advanced-filter filter= "(uid={0})" /> </ldap> </authentication> </security-realm> 4. Set ldap-realm for http-interface <management-interfaces> <http- interface security-realm= "ldap-realm" > <http-upgrade enabled= " true " /> <socket-binding http= "management-http" /> </http- interface > </management-interfaces> 5. try to access to Management Console with user jduke2 => HTTP status 500 is returned

      In case when legacy LDAP Realm uses username-load attribute and its value does not exist in LDAP entry then current implementation returns status code 500. This is different behaviour from EAP 7.0.x where status code 401 is returned.

      This issue can be related to JBEAP-8106 (500 return for nonexistent user in legacy ldap security realm).

      Due to regression we request blocker.

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: