Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2161

username-load attribute of legacy LDAP Realm stop to work

    XMLWordPrintable

Details

    • Hide

      1. Start LDAP server with following ldif:

      dn: ou=People,dc=jboss,dc=org
      objectclass: top
      objectclass: organizationalUnit
      ou: People
      
      dn: uid=jduke,ou=People,dc=jboss,dc=org
      objectclass: top
      objectclass: person
      objectclass: inetOrgPerson
      uid: jduke
      cn: Java Duke
      sn: Duke
      userPassword: Password
      

      2. Add outbound connection to standalone.xml

      <outbound-connections>
          <ldap search-dn="uid=admin,ou=system" name="ldap-connection" search-credential="secret" url="ldap://localhost:10389"/>
      </outbound-connections>
      

      3. Add ldap security-realm

      <security-realm name="ldap-realm">
          <authentication>
              <ldap connection="ldap-connection" base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
                  <advanced-filter filter="(uid={0})"/>
              </ldap>
          </authentication>
      </security-realm>
      

      4. Set ldap-realm for http-interface

      <management-interfaces>
          <http-interface security-realm="ldap-realm">
              <http-upgrade enabled="true"/>
              <socket-binding http="management-http"/>
          </http-interface>
      </management-interfaces>
      

      5. start Application Server and run CLI command

      ./jboss-cli.sh -c -u=jduke -p=Password ':whoami'
      {
          "outcome" => "success",
          "result" => {"identity" => {"username" => "jduke"}}
      }
      

      In correct behavior username "Duke" should be assigned.

      Show
      1. Start LDAP server with following ldif: dn: ou=People,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: People dn: uid=jduke,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke cn: Java Duke sn: Duke userPassword: Password 2. Add outbound connection to standalone.xml <outbound-connections> <ldap search-dn= "uid=admin,ou=system" name= "ldap-connection" search-credential= "secret" url= "ldap: //localhost:10389" /> </outbound-connections> 3. Add ldap security-realm <security-realm name= "ldap-realm" > <authentication> <ldap connection= "ldap-connection" base-dn= "ou=People,dc=jboss,dc=org" username-load= "sn" > <advanced-filter filter= "(uid={0})" /> </ldap> </authentication> </security-realm> 4. Set ldap-realm for http-interface <management-interfaces> <http- interface security-realm= "ldap-realm" > <http-upgrade enabled= " true " /> <socket-binding http= "management-http" /> </http- interface > </management-interfaces> 5. start Application Server and run CLI command ./jboss-cli.sh -c -u=jduke -p=Password ':whoami' { "outcome" => "success" , "result" => { "identity" => { "username" => "jduke" }} } In correct behavior username "Duke" should be assigned.

    Description

      username-load attribute of legacy LDAP Realm stop to work. This attribute is used for assigning username from some LDAP entry attribute. In current behavior username passed in credential is used as username even if username-load attribute is configured.

      Attachments

        Issue Links

          Activity

            People

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: