Loading...

Details

Type: Bug
Resolution: Done
Priority: Blocker
Fix Version/s: 7.1.0.DR16
Affects Version/s: 7.1.0.DR12
Component/s: Security
Labels:

Affects Testing:

Regression
Target Release:

7.1.0.GA
Git Pull Request:
https://github.com/wildfly-security-incubator/wildfly-core/pull/108
Steps to Reproduce:

Hide

Use the same reproducer as ~~JBEAP-7821~~

Show
Use the same reproducer as JBEAP-7821

SFDC Cases Counter:
SFDC Cases Links:

Description

username-load attribute of legacy LDAP Realm stop to work in EAP 7.1.0.DR12. This attribute is used for assigning username from some LDAP entry attribute. In current behavior in EAP 7.1.0.DR12 it seems that it tries to search user in LDAP through value obtained from entry 'username-load' attribute. See mentioned below logs for more details.

Due to regression we request blocker. Taking EAP 7.0.x configuration and put it into EAP 7.1.x will causes that username-load feature stop to work.

Despite username-load attribute of legacy LDAP Realm was fixed in EAP 7.1.0.DR11 (~~JBEAP-7821~~) it has been broken again in EAP 7.1.0.DR12.

Server log for DR12:

2017-02-20 16:17:22,440 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:17:22,441 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:17:22,441 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:17:22,442 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:17:22,474 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:17:22,474 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest9c88e710,o=primary,dc=jboss,dc=org' found for user 'Duke'
2017-02-20 16:17:22,475 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'Duke'
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'Duke' using filter '(uid={0})'.
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:17:22,482 TRACE [org.jboss.as.domain.management.security] (management task-6) User 'Duke' not found in directory.

Server log for DR11:

2017-02-20 16:23:33,269 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,303 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,303 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org' found for user 'Duke'
2017-02-20 16:23:33,304 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,309 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,309 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org' found for user 'Duke'
2017-02-20 16:23:33,310 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,317 TRACE [org.jboss.as.domain.management.security] (management task-6) Password verified for user 'jduke' (using connection attempt)
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,325 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,326 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org' found for user 'Duke'

Attachments

Issue Links

is caused by

JBEAP-8268 Realm name not taken into account for RBAC role mapping using legacy security realm.

Verified

is cloned by

WFCORE-2309 username-load attribute of legacy LDAP Realm stop to work

Resolved

is incorporated by

JBEAP-9571 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta13

Verified

Regression in EAP 7.1.0.DR12: username-load attribute of legacy LDAP Realm stop to work

Details

Description

Attachments

Issue Links

Activity

People

Dates