[jboss-user] [Security & JAAS/JBoss] - LdapExtLoginModule.java bug? Blank password login successful
barramundi
do-not-reply at jboss.com
Mon Feb 4 01:38:14 EST 2008
Is it me or is it a bug?
I tried to login with a username that exist in LDAP but with BLANK password.
The login was successful.
login-config.xml Configuration as below
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://127.0.0.1:389</module-option>
<module-option name="bindDN">cn=Directory Manager</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">ou=People,o=domain.com</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Groups,o=domain.com</module-option>
<module-option name="roleFilter">(uniqueMember={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4126004#4126004
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4126004
More information about the jboss-user
mailing list