Uploaded image for project: 'RH-SSO'
  1. RH-SSO
  2. RHSSO-1669

Custom filter in LDAP provider is not used

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • Archive - 21'
    • RH-SSO-7.2.4.GA
    • Server
    • None
    • Hide

      1. install LDAP server
      2. configure LDAP federation provider against the LDAP server with

          "Username LDAP attribute" = uid
    "UUID LDAP attribute" = uid
    "Custom User LDAP Filter" = (title=manager)

      3. access http://localhost:8080/auth/realms/master/account/
      4. login as a user in LDAP, then you will see that the custom filter is not used for searching for a user:

      13:08:59,389 TRACE [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.perf] (default task-58) 
LdapOperation: lookupById
 baseDN: ou=people,dc=redhat,dc=com
 filter: (&(objectClass=*)(uid=user1))
 searchScope: 1
 returningAttrs: [uid, modifyTimestamp, createTimestamp, sn, cn, mail]
took: 25 ms

      When "UUID LDAP attribute" = entrydn, the issue does not occur and the custom filter is used:

      13:12:36,100 TRACE [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.perf] (default task-14)
LdapOperation: search
 baseDn: ou=people,dc=redhat,dc=com
 filter: (&(title=manager)(uid=user1)(objectclass=inetOrgPerson)(objectclass=organizationalPerson))
 searchScope: 1
returningAttrs: [uid, modifyTimestamp, createTimestamp, sn, cn, mail]
 resultSize: 0 
took: 19 ms
      Show
      1. install LDAP server 2. configure LDAP federation provider against the LDAP server with "Username LDAP attribute" = uid "UUID LDAP attribute" = uid "Custom User LDAP Filter" = (title=manager) 3. access http://localhost:8080/auth/realms/master/account/ 4. login as a user in LDAP, then you will see that the custom filter is not used for searching for a user: 13:08:59,389 TRACE [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.perf] ( default task-58) LdapOperation: lookupById baseDN: ou=people,dc=redhat,dc=com filter: (&(objectClass=*)(uid=user1)) searchScope: 1 returningAttrs: [uid, modifyTimestamp, createTimestamp, sn, cn, mail] took: 25 ms When "UUID LDAP attribute" = entrydn, the issue does not occur and the custom filter is used: 13:12:36,100 TRACE [org.keycloak.storage.ldap.idm.store.ldap.LDAPOperationManager.perf] ( default task-14) LdapOperation: search baseDn: ou=people,dc=redhat,dc=com filter: (&(title=manager)(uid=user1)(objectclass=inetOrgPerson)(objectclass=organizationalPerson)) searchScope: 1 returningAttrs: [uid, modifyTimestamp, createTimestamp, sn, cn, mail] resultSize: 0 took: 19 ms

    Description

      If "Username LDAP attribute" == "UUID LDAP attribute" in LDAP federation provider, the custom filter is not used in authentication.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rhn-support-hokuda Hisanobu Okuda
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: