Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-555

LDAPIdentityStore.getBindingDN returns incorrect value if there are commas in the bindingAttribute

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Major
    • None
    • PLINK_2.7.0.Beta1
    • IDM
    • None

    Description

      In some LDAP environments when they have comma in the value of bindingAttribute, the LDAPIdentityStore.getBindingDN doesn't work correctly. This means that functionalities which relies on it (like authentication or updating of user) doesn't work.

      It's caused by the fact that commas are escaped in DN but not in CN (or uid or whatever is used as bindingAttribute).

      Some more info from customer:
      In our AD, the distinguished name (dn) is
      “CN=Doe\, John (MyCompany\, Contractor),OU=Users,OU=MyCompany,DC=company,DC=net”

      But the picketlink idm-impl api code uses the CN attribute + baseDN to populate the dn attribute. And in this case it returns

      “CN=Doe, John (MyCompany, Contractor),OU=Users,OU=MyCompany,DC=company,DC=net”

      This value doesn’t have the “\” and hence the authentication fails.

      Attachments

        Activity

          People

            psilva@redhat.com Pedro Igor Craveiro
            mposolda@redhat.com Marek Posolda
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: