[JBoss JIRA] (WFLY-7781) username-load attribute of legacy LDAP Realm stop to work

Monday, 12 December 2016

     [
https://issues.jboss.org/browse/WFLY-7781?page=com.atlassian.jira.plugin....
]

Ondrej Lukas updated WFLY-7781:
-------------------------------
    Steps to Reproduce: 
1. Start LDAP server with following ldif:
{code}
dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password
{code}

2. Add outbound connection to standalone.xml
{code}
<outbound-connections>
    <ldap search-dn="uid=admin,ou=system" name="ldap-connection"
search-credential="secret" url="ldap://localhost:10389"/>
</outbound-connections>
{code}

3. Add ldap security-realm
{code}
<security-realm name="ldap-realm">
    <authentication>
        <ldap connection="ldap-connection"
base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
            <advanced-filter filter="(uid={0})"/>
        </ldap>
    </authentication>
</security-realm>
{code}

4. Set ldap-realm for http-interface
{code}
<management-interfaces>
    <http-interface security-realm="ldap-realm">
        <http-upgrade enabled="true"/>
        <socket-binding http="management-http"/>
    </http-interface>
</management-interfaces>
{code}

5. start Application Server and run CLI command
{code}
./jboss-cli.sh -c -u=jduke -p=Password ':whoami'
{
    "outcome" => "success",
    "result" => {"identity" => {"username" =>
"jduke"}}
}
{code}
In correct behavior username "Duke" should be assigned.

  was:
1. Start LDAP server with following ldif:
{code}
dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: person
objectclass: inetOrgPerson
uid: jduke
cn: Java Duke
sn: Duke
userPassword: Password
{code}

2. Add outbound connection to standalone.xml
{code}
<outbound-connections>
    <ldap search-dn="uid=admin,ou=system" name="ldap-connection"
search-credential="secret" url="ldap://localhost:10389"/>
</outbound-connections>
{code}

3. Add ldap security-realm
{code}
<security-realm name="ldap-realm">
    <authentication>
        <ldap connection="ldap-connection"
base-dn="ou=People,dc=jboss,dc=org" username-load="sn">
            <advanced-filter filter="(uid={0})"/>
        </ldap>
    </authentication>
</security-realm>
{code}

4. Set ldap-realm for http-interface
{code}
<management-interfaces>
    <http-interface security-realm="ldap-realm">
        <http-upgrade enabled="true"/>
        <socket-binding http="management-http"/>
    </http-interface>
</management-interfaces>
{code}

5. start Application Server and run CLI command
{code}
./jboss-cli.sh -c -u=jduke -p=Password ':whoami'
{
    "outcome" => "success",
    "result" => {"identity" => {"username" =>
"jduke"}}
}
{code}
In correct behavior (in EAP 7.0.x) username "Duke" should be assigned.

...
 username-load attribute of legacy LDAP Realm stop to work
 ---------------------------------------------------------

                 Key: WFLY-7781
                 URL: https://issues.jboss.org/browse/WFLY-7781
             Project: WildFly
          Issue Type: Bug
          Components: Security
            Reporter: Ondrej Lukas
            Assignee: Darran Lofthouse
            Priority: Blocker

 {{username-load}} attribute of legacy LDAP Realm stop to work. This attribute is used for
assigning username from some LDAP entry attribute. In current behavior username passed in
credential is used as username even if username-load attribute is configured. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006