[JBoss JIRA] (ELY-903) Missing some role assignment for Elytron ldap-realm when role and user are members of the same role
- First Post
- Replies
- Stats
-
Go to
- ----- 2026 -----
- May
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
[
https://issues.jboss.org/browse/ELY-903?page=com.atlassian.jira.plugin.sy...
]
Ondrej Lukas updated ELY-903:
-----------------------------
Description:
In case when role recursion is configured for ldap-realm and given LDAP includes some role
which has member some user and also another role, then some roles are intermittently not
assigned. See Steps to Reproduce for more details about configuration.
Most important part of ldif for reproduction is following:
{code}
dn: cn=R1,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R1
member: uid=jduke,ou=People,dc=jboss,dc=org
description: the R1 group
dn: cn=R2,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R2
member: uid=jduke,ou=People,dc=jboss,dc=org
member: cn=R1,ou=Roles,dc=jboss,dc=org
description: the R2 group
dn: cn=R3,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R3
member: cn=R2,ou=Roles,dc=jboss,dc=org
description: the R3 group
{code}
User jduke is direct member of roles R1 and R2. However role R2 is also member of role R1.
In case when {{ldap-realm.identity-mapping.attribute-mapping.role-recursion}} is
configured to {{2}}, then sometimes only roles R1, R2 and R3 are assigned (and role R4 is
missing).
The same behavior occurs when role mapping is configured in application server in opposite
way (principal to group mapping which uses memberOf attribute).
was:
In case when role recursion is configured for ldap-realm and given LDAP includes some role
which has member some user and also another role, then some roles are intermittently not
assigned. See Steps to Reproduce for more details about configuration.
Most important part of ldif for reproduction is following:
{code}
dn: cn=R1,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R1
member: uid=jduke,ou=People,dc=jboss,dc=org
description: the R1 group
dn: cn=R2,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R2
member: uid=jduke,ou=People,dc=jboss,dc=org
member: cn=R1,ou=Roles,dc=jboss,dc=org
description: the R2 group
dn: cn=R3,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R3
member: cn=R2,ou=Roles,dc=jboss,dc=org
description: the R3 group
{code}
User jduke is direct member of roles R1 and R2. However role R2 is also member of role R1.
In case when {{ldap-realm.identity-mapping.attribute-mapping.role-recursion}} is
configured to {{2}}, then sometimes only roles R1, R2 and R3 are assigned (and role R4 is
missing).
Missing some role assignment for Elytron ldap-realm when role and
user are members of the same role
---------------------------------------------------------------------------------------------------
Key: ELY-903
URL: https://issues.jboss.org/browse/ELY-903
Project: WildFly Elytron
Issue Type: Bug
Components: Realms
Affects Versions: 1.1.0.Beta21
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Attachments: print-roles.war
In case when role recursion is configured for ldap-realm and given LDAP includes some
role which has member some user and also another role, then some roles are intermittently
not assigned. See Steps to Reproduce for more details about configuration.
Most important part of ldif for reproduction is following:
{code}
dn: cn=R1,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R1
member: uid=jduke,ou=People,dc=jboss,dc=org
description: the R1 group
dn: cn=R2,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R2
member: uid=jduke,ou=People,dc=jboss,dc=org
member: cn=R1,ou=Roles,dc=jboss,dc=org
description: the R2 group
dn: cn=R3,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: R3
member: cn=R2,ou=Roles,dc=jboss,dc=org
description: the R3 group
{code}
User jduke is direct member of roles R1 and R2. However role R2 is also member of role
R1. In case when {{ldap-realm.identity-mapping.attribute-mapping.role-recursion}} is
configured to {{2}}, then sometimes only roles R1, R2 and R3 are assigned (and role R4 is
missing).
The same behavior occurs when role mapping is configured in application server in
opposite way (principal to group mapping which uses memberOf attribute).
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
3373
days inactive
3373
days old
0 comments
1 participants
tags (0)
participants (1)
-
Ondrej Lukas (JIRA)