[jboss-jira] [JBoss JIRA] Commented: (JBAS-3438) LdapExtLoginModule does not handle roles containing '/' correctly

R←mi Flament (JIRA) jira-events at jboss.com
Thu Aug 10 11:19:15 EDT 2006 

    [ http://jira.jboss.com/jira/browse/JBAS-3438?page=comments#action_12341010 ] 
            
R←mi Flament commented on JBAS-3438:
------------------------------------

We have the same issue with JBossAS-4.0.4 and OpenLDAP.
One of the groups contains the '/' character and the authentication is broken.

> LdapExtLoginModule does not handle roles containing '/' correctly
> -----------------------------------------------------------------
>
>                 Key: JBAS-3438
>                 URL: http://jira.jboss.com/jira/browse/JBAS-3438
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: JBossAS-4.0.3 SP1
>         Environment: RedHat Enterprise, JDK 5, Microsoft Active Directory
>            Reporter: Keith Johnston
>         Assigned To: Scott M Stark
>
> File: /jbosssx/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java  (revision 1.7)
> Method: protected void rolesSearch(InitialLdapContext ctx, SearchControls constraints, String user, String userDN, int recursionMax, int nesting)
> Line: 407 "String dn = sr.getName() + "," + rolesCtxDN;"
> Summary:
> Under some conditions the string returned by sr.getName() may include inverted commas ("). When the dn variable is created by concatenating sr.getName() with rolesCtxDN the inverted comma is placed in the middle of the dn string. When ctx.getAttributes(dn, attrNames) is called (on line 409) an InvalidNameException is thrown. The exception is generated by the javax.naming.NameImpl, reporting "close quote appears before end of component".
> Conditions:
> This problem seems to occur when a '/' character is present in the name of the search result. In other words, under MS active directory if the name is of the form 'abc/def' it will be returned surrounded by inverted commas ie '"abc/def"'.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list