[jboss-jira] [JBoss JIRA] Resolved: (SECURITY-466) Error handling groups containing '/' in name using AdvancedLDAPLoginModule

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Wed Mar 3 12:05:10 EST 2010 

     [ https://jira.jboss.org/jira/browse/SECURITY-466?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse resolved SECURITY-466.
---------------------------------------

    Resolution: Done


Wrapped role DN with quotes to eliminate exception and allow role to be returned.


> Error handling groups containing '/' in name using AdvancedLDAPLoginModule
> --------------------------------------------------------------------------
>
>                 Key: SECURITY-466
>                 URL: https://jira.jboss.org/jira/browse/SECURITY-466
>             Project: PicketBox (JBoss Security and Identity Management)
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>    Affects Versions: Negotiation_2.0.3.SP2 
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: Negotiation_2.0.3.SP3, Negotiation_2.0.4.GA
>
>
> For the following search configuration: -
>  <module-option name="baseCtxDN">CN=Users,DC=vm137domain,DC=gsslab</module-option>
>          <module-option name="baseFilter">(userPrincipalName={0})</module-option>
>               
>          <module-option name="rolesCtxDN">CN=Users,DC=vm137domain,DC=gsslab</module-option>
>          <module-option name="roleFilter">(distinguishedName={1})</module-option>
>         
>          <module-option name="roleAttributeID">memberOf</module-option>
>          <module-option name="roleAttributeIsDN">true</module-option>
>          <module-option name="roleNameAttributeID">cn</module-option>
>         
>          <module-option name="recurseRoles">true</module-option>
> If groups are found with '/' in the name e.g. 'CN=A/B,CN=Users,DC=vm137domain,DC=gsslab' the following is logged and the group skipped: -
> 2010-03-03 16:23:52,600 TRACE [org.jboss.security.negotiation.AdvancedLdapLoginModule] (http-10.32.224.157-8080-1) Failed to query roleNameAttrName
> javax.naming.NamingException: [LDAP: error code 1 - 000020D6: SvcErr: DSID-031006CC, problem 5012 (DIR_ERROR), data 0

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list