Uploaded image for project: 'WildFly Core'
  1. WildFly Core
  2. WFCORE-2257

Missing username in LDAP entry for legacy ldap realm returns 500 instead of 401

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Major Major
    • 3.0.0.Beta3
    • None
    • Security
    • None
    • Hide

      1. Start LDAP server with following ldif:

      dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
 
dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password

dn: uid=jduke2,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke2
cn: Java Duke2
userPassword: Password

      2. Add outbound connection to standalone.xml

      <outbound-connections>
    <ldap search-dn="uid=admin,ou=system" name="ldap-connection" search-credential="secret" url="ldap://localhost:10389"/>
</outbound-connections>

      3. Add ldap security-realm

      <security-realm name="ldap-realm">
    <authentication>
        <ldap connection="ldap-connection" base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
            <advanced-filter filter="(uid={0})"/>
        </ldap>
    </authentication>
</security-realm>

      4. Set ldap-realm for http-interface

      <management-interfaces>
    <http-interface security-realm="ldap-realm">
        <http-upgrade enabled="true"/>
        <socket-binding http="management-http"/>
    </http-interface>
</management-interfaces>

      5. try to access to Management Console with user jduke2 => HTTP status 500 is returned

      Show
      1. Start LDAP server with following ldif: dn: ou=People,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: People dn: uid=jduke,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke cn: Java Duke sn: Duke userPassword: Password dn: uid=jduke2,ou=People,dc=jboss,dc=org objectclass: top objectclass: person objectclass: inetOrgPerson uid: jduke2 cn: Java Duke2 userPassword: Password 2. Add outbound connection to standalone.xml <outbound-connections> <ldap search-dn= "uid=admin,ou=system" name= "ldap-connection" search-credential= "secret" url= "ldap: //localhost:10389" /> </outbound-connections> 3. Add ldap security-realm <security-realm name= "ldap-realm" > <authentication> <ldap connection= "ldap-connection" base-dn= "ou=People,dc=jboss,dc=org" username-load= "sn" > <advanced-filter filter= "(uid={0})" /> </ldap> </authentication> </security-realm> 4. Set ldap-realm for http-interface <management-interfaces> <http- interface security-realm= "ldap-realm" > <http-upgrade enabled= " true " /> <socket-binding http= "management-http" /> </http- interface > </management-interfaces> 5. try to access to Management Console with user jduke2 => HTTP status 500 is returned

      In case when legacy LDAP Realm uses username-load attribute and its value does not exist in LDAP entry then current implementation returns status code 500. This is different behaviour from WildFly 10 where status code 401 is returned.

      This issue can be related to WFCORE-2258 (500 return for nonexistent user in legacy ldap security realm).

              darran.lofthouse@redhat.com Darran Lofthouse
              olukas Ondrej Lukas (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: