[JBoss JIRA] (WFCORE-2309) Regression in EAP 7.1.0.DR12: username-load attribute of legacy LDAP Realm stop to work
9:37 a.m.
Ondrej Lukas created WFCORE-2309:
------------------------------------
Summary: Regression in EAP 7.1.0.DR12: username-load attribute of legacy LDAP
Realm stop to work
Key: WFCORE-2309
URL: https://issues.jboss.org/browse/WFCORE-2309
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Blocker
{{username-load}} attribute of legacy LDAP Realm stop to work in EAP 7.1.0.DR12. This
attribute is used for assigning username from some LDAP entry attribute. In current
behavior in EAP 7.1.0.DR12 it seems that it tries to search user in LDAP through value
obtained from entry 'username-load' attribute. See mentioned below logs for more
details.
Due to regression we request blocker. Taking EAP 7.0.x configuration and put it into EAP
7.1.x will causes that username-load feature stop to work.
Despite username-load attribute of legacy LDAP Realm was fixed in EAP 7.1.0.DR11
(JBEAP-7821) it has been broken again in EAP 7.1.0.DR12.
Server log for DR12:
{code}
2017-02-20 16:17:22,440 TRACE [org.jboss.as.domain.management.security] (management
task-6) Non caching search for 'jduke'
2017-02-20 16:17:22,441 TRACE [org.jboss.as.domain.management.security] (management
task-6) Performing single level search
2017-02-20 16:17:22,441 TRACE [org.jboss.as.domain.management.security] (management
task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:17:22,442 TRACE [org.jboss.as.domain.management.security] (management
task-6) Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
2017-02-20 16:17:22,474 TRACE [org.jboss.as.domain.management.security] (management
task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:17:22,474 TRACE [org.jboss.as.domain.management.security] (management
task-6) DN
'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest9c88e710,o=primary,dc=jboss,dc=org'
found for user 'Duke'
2017-02-20 16:17:22,475 TRACE [org.jboss.as.domain.management.security] (management
task-6) Non caching search for 'Duke'
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management
task-6) Performing single level search
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management
task-6) Searching for user 'Duke' using filter '(uid={0})'.
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management
task-6) Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
2017-02-20 16:17:22,482 TRACE [org.jboss.as.domain.management.security] (management
task-6) User 'Duke' not found in directory.
{code}
Server log for DR11:
{code}
2017-02-20 16:23:33,269 TRACE [org.jboss.as.domain.management.security] (management
task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management
task-6) Performing single level search
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management
task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management
task-6) Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
2017-02-20 16:23:33,303 TRACE [org.jboss.as.domain.management.security] (management
task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,303 TRACE [org.jboss.as.domain.management.security] (management
task-6) DN
'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org'
found for user 'Duke'
2017-02-20 16:23:33,304 TRACE [org.jboss.as.domain.management.security] (management
task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management
task-6) Performing single level search
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management
task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management
task-6) Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
2017-02-20 16:23:33,309 TRACE [org.jboss.as.domain.management.security] (management
task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,309 TRACE [org.jboss.as.domain.management.security] (management
task-6) DN
'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org'
found for user 'Duke'
2017-02-20 16:23:33,310 TRACE [org.jboss.as.domain.management.security] (management
task-6) Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost:10389,
java.naming.security.principal=uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org,
java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,317 TRACE [org.jboss.as.domain.management.security] (management
task-6) Password verified for user 'jduke' (using connection attempt)
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management
task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management
task-6) Performing single level search
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management
task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management
task-6) Connecting to LDAP with properties
({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
java.naming.provider.url=ldap://localhost:10389,
java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***,
java.naming.referral=ignore})
2017-02-20 16:23:33,325 TRACE [org.jboss.as.domain.management.security] (management
task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,326 TRACE [org.jboss.as.domain.management.security] (management
task-6) DN
'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org'
found for user 'Duke'
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
3360
days inactive
3360
days old
0 comments
1 participants
participants (1)
-
Ondrej Lukas (JIRA)