[jboss-jira] [JBoss JIRA] (WFLY-5787) AdvancedLdapLoginModule does not handle loops in referrals
[
https://issues.jboss.org/browse/WFLY-5787?page=com.atlassian.jira.plugin....
]
Ondrej Lukas updated WFLY-5787:
-------------------------------
Attachment: server2.ldif
server1.ldif
app.war
AdvancedLdapLoginModule does not handle loops in referrals
----------------------------------------------------------
Key: WFLY-5787
URL: https://issues.jboss.org/browse/WFLY-5787
Project: WildFly
Issue Type: Bug
Components: Security
Affects Versions: 10.0.0.CR4
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Attachments: app.war, server1.ldif, server2.ldif
According to LDAP specification [1]: "Clients that follow referrals MUST ensure that
they do not loop between servers. They MUST NOT repeatedly contact the same server for the
same request with the same parameters.".
When Wildfly server is configured to use AdvancedLdapLoginModule which uses referrals and
LDAP servers contain loop then it leads to infinite cycle. It can results to
java.lang.OutOfMemoryError on Wildfly server.
[1] http://tools.ietf.org/html/rfc4511#section-4.1.10
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)