Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-9547

Elytron ldap-realm should load existing identities from LDAP

    XMLWordPrintable

Details

    • Hide
      1. create Elytron ldap-realm based on LDAP with an existing identity
      2. try to read the existing identity, e.g. /subsystem=elytron/ldap-realm=ldapRealm/identity=ldapUser:read-identity
      /subsystem=elytron/dir-context=dc:add(url="ldap://localhost:10389",authentication-level=none)
/subsystem=elytron/ldap-realm=lr:add(dir-context=dc,direct-verification=true,identity-mapping={filter-name="(uid={0})",iterator-filter="(uid=*)",new-identity-attributes=[],new-identity-parent-dn="dc=example,dc=com",use-recursive-search=true,search-base-dn="dc=example,dc=com",rdn-identifier=uid})
/subsystem=elytron/ldap-realm=lr:read-resource

      (identities should be listed in result)

      Show
      create Elytron ldap-realm based on LDAP with an existing identity try to read the existing identity, e.g. /subsystem=elytron/ldap-realm=ldapRealm/identity=ldapUser:read-identity /subsystem=elytron/dir-context=dc:add(url= "ldap: //localhost:10389" ,authentication-level=none) /subsystem=elytron/ldap-realm=lr:add(dir-context=dc,direct-verification= true ,identity-mapping={filter-name= "(uid={0})" ,iterator-filter= "(uid=*)" , new -identity-attributes=[], new -identity-parent-dn= "dc=example,dc=com" ,use-recursive-search= true ,search-base-dn= "dc=example,dc=com" ,rdn-identifier=uid}) /subsystem=elytron/ldap-realm=lr:read-resource (identities should be listed in result)

    Description

      Elytron ldap-realm should load existing identities from LDAP. The steps to reproduce results in:

      {"outcome" => "failed","failure-description" => "WFLYCTL0216: Management resource '[
    (\"subsystem\" => \"elytron\"),
    (\"ldap-realm\" => \"ldapRealm\"),
    (\"identity\" => \"ldapUser\")
]' not found","rolled-back" => true}

      Authn/authz against the realm works as expected.

      This issue seems to be related to the similar issue in filesystem-realm, see JBEAP-9462.

      The impacted feature is tech preview, hence the Major Priority is set.

      Attachments

        Issue Links

          blocks

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-10532 Elytron subsystem - Missing OTP support in set-password operation on identity in filesystem-realm

          • Critical - To be worked on immediately following BLOCKER issues.
          • Verified
          is caused by

          Bug - A problem that impairs or prevents the functions of the product. WFCORE-2691 Elytron modifiable realms should show existing identities in subsystem

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Resolved
          is incorporated by

          Component Upgrade - A task tracking an update to a bundled component or revision of component upstream of the project. JBEAP-10845 (7.1.0) Upgrade to WildFly Core to 3.0.0.Beta23

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Verified
          is related to

          Bug - A problem that impairs or prevents the functions of the product. JBEAP-9462 Elytron filesystem-realm should load existing identities from file system

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Verified

          Activity

            People

              jkalina@redhat.com Jan Kalina (Inactive)
              okotek@redhat.com Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Ondrej Kotek Ondrej Kotek
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: