Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-8584

Missing username in LDAP entry for legacy ldap realm returns 500 instead of 401

    XMLWordPrintable

Details

    • Regression
    • Hide

      1. Start LDAP server with following ldif:

      dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
 
dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password

dn: uid=jduke2,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke2
cn: Java Duke2
userPassword: Password

      2. Add outbound connection to standalone.xml

      <outbound-connections>
    <ldap search-dn="uid=admin,ou=system" name="ldap-connection" search-credential="secret" url="ldap://localhost:10389"/>
</outbound-connections>

      3. Add ldap security-realm

      <security-realm name="ldap-realm">
    <authentication>
        <ldap connection="ldap-connection" base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
            <advanced-filter filter="(uid={0})"/>
        </ldap>
    </authentication>
</security-realm>

      4. Set ldap-realm for http-interface

      <management-interfaces>
    <http-interface security-realm="ldap-realm">
        <http-upgrade enabled="true"/>
        <socket-binding http="management-http"/>
    </http-interface>
</management-interfaces>

      5. try to access to Management Console with user jduke2 => HTTP status 500 is returned

      Show
      1. Start LDAP server with following ldif: dn: ou=People,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: People dn: uid=jduke,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke cn: Java Duke sn: Duke userPassword: Password dn: uid=jduke2,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke2 cn: Java Duke2 userPassword: Password 2. Add outbound connection to standalone.xml <outbound-connections> <ldap search-dn= "uid=admin,ou=system" name= "ldap-connection" search-credential= "secret" url= "ldap: //localhost:10389" /> </outbound-connections> 3. Add ldap security-realm <security-realm name= "ldap-realm" > <authentication> <ldap connection= "ldap-connection" base-dn= "ou=People,dc=jboss,dc=org" username-load= "sn" > <advanced-filter filter= "(uid={0})" /> </ldap> </authentication> </security-realm> 4. Set ldap-realm for http-interface <management-interfaces> <http- interface security-realm= "ldap-realm" > <http-upgrade enabled= " true " /> <socket-binding http= "management-http" /> </http- interface > </management-interfaces> 5. try to access to Management Console with user jduke2 => HTTP status 500 is returned

    Description

      In case when legacy LDAP Realm uses username-load attribute and its value does not exist in LDAP entry then current implementation returns status code 500. This is different behaviour from EAP 7.0.x where status code 401 is returned.

      This issue can be related to JBEAP-8106 (500 return for nonexistent user in legacy ldap security realm).

      Due to regression we request blocker.

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-8106 500 return for nonexistent user in legacy ldap security realm

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2257 Missing username in LDAP entry for legacy ldap realm returns 500 instead of 401

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: