Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-466

Error handling groups containing '/' in name using AdvancedLDAPLoginModule

    XMLWordPrintable

Details

    Description

      For the following search configuration: -

      <module-option name="baseCtxDN">CN=Users,DC=vm137domain,DC=gsslab</module-option>
      <module-option name="baseFilter">(userPrincipalName=

      {0}

      )</module-option>

      <module-option name="rolesCtxDN">CN=Users,DC=vm137domain,DC=gsslab</module-option>
      <module-option name="roleFilter">(distinguishedName=

      {1}

      )</module-option>

      <module-option name="roleAttributeID">memberOf</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleNameAttributeID">cn</module-option>

      <module-option name="recurseRoles">true</module-option>

      If groups are found with '/' in the name e.g. 'CN=A/B,CN=Users,DC=vm137domain,DC=gsslab' the following is logged and the group skipped: -

      2010-03-03 16:23:52,600 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-10.32.224.157-8080-1) Failed to query roleNameAttrName
      javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031006CC, problem 5012 (DIR_ERROR), data 0

      Attachments

        Activity

          People

            darran.lofthouse@redhat.com Darran Lofthouse
            darran.lofthouse@redhat.com Darran Lofthouse
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: