Uploaded image for project: 'JBoss BPMS Platform'
  1. JBoss BPMS Platform
  2. RHBPMS-4815

[GSS] (6.4.z) Escape commas in LDAPUserGroupCallbackImpl filters

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 6.4.5
    • 6.4.4
    • jBPM Core
    • CR2
    • Workaround Exists
    • Hide

      Create a custom user groups callback that will escape at least the comma:

      Here's an example:

      userDN = userDN.replaceFirst(",", "\\,");
      Show
      Create a custom user groups callback that will escape at least the comma: Here's an example: userDN = userDN.replaceFirst( "," , "\\," );
    • Hide
      • Setup LDAP having an user (or group) with comma in its identifier;
      • use LDAP user group callback
      • Try to claim a task where the user is a potential owner;

      You should see exception when trying to claim the task even if the user is part of the group assigned to that task.

      Show
      Setup LDAP having an user (or group) with comma in its identifier; use LDAP user group callback Try to claim a task where the user is a potential owner; You should see exception when trying to claim the task even if the user is part of the group assigned to that task.

      The filter created by LDAP user groups callback does not escape special characters such as commas. When we have an user with comma (e.g. "Foo, Bar") the user or group will be used in the filter:

      Searching for groups for user with filter (member=CN=Foo, Bar,OU=Users,OU=Accounts,DC=MyCompany,DC=int) on context ou=accounts,dc=mycompany,dc=int

      This makes the existsUser/existsGroup return false, which lately results in misleading exception (such as "user has no permission to claim the task").

              swiderski.maciej Maciej Swiderski (Inactive)
              rhn-support-wsiqueir William Siqueira
              Marian Macik Marian Macik
              Marian Macik Marian Macik
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: