Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-847

LdapExtLoginModule rolesSearch yields Decode Error

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • PicketBox_4_0_21.Beta1
    • PicketBox

      Migrating an application using LdapExtLoginModule from jboss-4.2.3.GA to wildfly-8.1

      Encountered a problem with ldap roles search:

      javax.naming.NamingException: [LDAP: error code 1 - Decode Error in response from BE (backend problem)]; remaining name 'ou=

      debugging and comparing result:

      jboss-4.2.3.GA LdapExtLoginModule does set javax.naming.directory.SearchControls.setReturningAttributes for role search:

      jboss-4.2.3.GA LdapExtLoginModule
               SearchControls constraints = new SearchControls();
               constraints.setSearchScope(searchScope);
               constraints.setReturningAttributes(new String[0]);
               constraints.setTimeLimit(searchTimeLimit);
               rolesSearch(ctx, constraints, username, userDN, recursion, 0);
      

      wildfly-8.1 picketbox-4.0.21.Beta1.jar LdapExtLoginModule does NOT set javax.naming.directory.SearchControls.setReturningAttributes for role search:

      wildfly-8.1 LdapExtLoginModule
               // Query for roles matching the role filter
               SearchControls constraints = new SearchControls();
               constraints.setSearchScope(searchScope);
               constraints.setTimeLimit(searchTimeLimit);
               rolesSearch(ctx, constraints, username, userDN, recursion, 0);
      

            pskopek@redhat.com Peter Skopek
            work_registries John Doe (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: