]
RH Bugzilla Integration updated SECURITY-819:
---------------------------------------------
Bugzilla References:
LdapExt login module fetches to many attributes in RoleSearch
-------------------------------------------------------------
Key: SECURITY-819
URL:
https://issues.jboss.org/browse/SECURITY-819
Project: PicketBox
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: JBossSX
Affects Versions: PicketBox_4_0_21.Beta3
Reporter: Tom Fonteyne
Assignee: Tom Fonteyne
An LDAP server with (lets say) 1000 users in a group.
When authentication, a query is done to retrieve the groups for the user.
Most LDAP servers will limit the attributes send back based on authorization of the user,
but can be configured to return *all* information.
The cause is:
/ Query for roles matching the role filter
SearchControls constraints = new SearchControls();
constraints.setSearchScope(searchScope);
constraints.setTimeLimit(searchTimeLimit);
rolesSearch(ctx, constraints, username, userDN, recursion, 0);
this used to also have:
constraints.setReturningAttributes(new String[0]);
at some time this was taken out.
It needs to go back in
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: