[
https://issues.jboss.org/browse/WFLY-6535?page=com.atlassian.jira.plugin....
]
Darran Lofthouse resolved WFLY-6535.
------------------------------------
Assignee: Darran Lofthouse
Resolution: Won't Fix
Marking as 'Won't Fix' as this is in relation to PicketBox which is
deprecated.
LdapLoginModule authentication fails when some part of DN is part of
LDAP URL
-----------------------------------------------------------------------------
Key: WFLY-6535
URL:
https://issues.jboss.org/browse/WFLY-6535
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 10.0.0.Final
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Major
In case when part of DN is placed in LDAP URL instead of principalDNSuffix then
authentication fails (see [1] for details about this URL) in LdapLoginModule.
Authentication is provided by binding with user DN and password, but in this case user DN
does not include DN part from LDAP URL which leads to fail.
Thrown exception:
{code}
javax.naming.AuthenticationException: LDAP: error code 49 - INVALID_CREDENTIALS: Bind
failed: ERR_229 Cannot authenticate user uid=jduke,ou=People
com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3135)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3081)
com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2883)
com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2797)
com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192)
com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210)
com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153)
com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83)
org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:114)
org.jboss.as.naming.InitialContext.init(InitialContext.java:99)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.as.naming.InitialContext.<init>(InitialContext.java:89)
org.jboss.as.naming.InitialContextFactory.getInitialContext(InitialContextFactory.java:43)
javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313)
javax.naming.InitialContext.init(InitialContext.java:244)
javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154)
org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:362)
org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:289)
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
...
{code}
[1]
https://tools.ietf.org/html/rfc2255
--
This message was sent by Atlassian Jira
(v7.12.1#712002)