[jboss-jira] [JBoss JIRA] Commented: (JBPORTAL-1592) Backslashes not escaped correctly with ldap modules

Tobias Roth (JIRA) jira-events at lists.jboss.org
Mon Aug 20 10:04:11 EDT 2007 

    [ http://jira.jboss.com/jira/browse/JBPORTAL-1592?page=comments#action_12372940 ] 
            
Tobias Roth commented on JBPORTAL-1592:
---------------------------------------

No problem about the answering delay, it's not like you have an SLA with me :-)

I admit the problem is getting a bit confusing, I had to look through the whole forum post again myself. On top of that, I had a weird bug and couldn't start my portal anymore. I tried everything to find the cause of the problem, and then, just because I ran out of ideas, I reinstalled my jdk, and things worked again. D'oh.

Anyway, I'll try to explain my problem in different words (I'll also attach example files). I am using your ldif, the one with the jdukes you posted in the forum thread. I made a small modification: I removed the backslash and comma for jduke4, so I have a user to check if everything works without a comma.

Now, there are several jdukes, all of them with a comma in their name except my control user, jduke4. All of them are member of the "User" group.

I have this userSearchFilter: (&((uid={0})(objectClass=person)))
And this roleSearchFilter: (&((member={1})(objectClass=groupOfNames)))

With these filters, all jdukes can log in, but roles are only found for jduke4 (who has no comma in his DN), not for the other jdukes (who all have commas). Escaping the comma with three backslashes in the roleSearchFilter is all very well, but I cannot do that, because I want a filter that finds all jdukes, not just a specific one. It is that part of the jboss portal code that substitutes the {1} from the roleSearchFilter with does not properly escape commas, in my opinion.

I hope I could make this a bit more clear, it is indeed difficult to explain.

> Backslashes not escaped correctly with ldap modules
> ---------------------------------------------------
>
>                 Key: JBPORTAL-1592
>                 URL: http://jira.jboss.com/jira/browse/JBPORTAL-1592
>             Project: JBoss Portal
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Portal Identity
>    Affects Versions: 2.6 Final
>         Environment: Windows XP Professional, Jboss 4.3.0, JBoss_Portal_2_6_0 from svn
>            Reporter: Tobias Roth
>         Assigned To: Boleslaw Dawidowicz
>             Fix For: 2.8 Final, 2.6.2 Final
>
>
> LDAPRoleModule and LDAPExtRoleModule don't find roles associated with users, if the users DN contains a backslash, as it is frequent with Microsoft Active Directory.
> Example logfile excerpts and are given in the forum.
> I added a simple  filter = filter.replaceAll("\\\\", "\\\\\\\\"); in one place in LDAPExtRoleModuleImpl.java which fixed the thing for me. However, not knowing much of java, I don't know the correct place to add this, so that all cases are fixed.
> Thanks

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list