[jboss-jira] [JBoss JIRA] (SECURITY-711) LdapExtAdLoginModule proposal for inclusion

Péter Radics (JIRA) jira-events at lists.jboss.org
Sat Dec 15 03:01:18 EST 2012 

    [ https://issues.jboss.org/browse/SECURITY-711?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12741673#comment-12741673 ] 

Péter Radics commented on SECURITY-711:
---------------------------------------

I understand that introducing yet-another ldap login module is probably not the best idea, but I didn't want to break any existing functionality of the current LdapExtLoginModule when I created the version that works in our AD setup. The third patch though can be considered a fix for a performance issue in the current LdapExtLoginModule, and doesn't break any of its existing functionality. It's an improvement for all LDAP setups where the role attribute is a DN (Active Directory happens to use such a setup, but there're probably others, too).

In any case, I just read the Tom Fonteyne is also working on the performance issue, and he'll commit his changes soon, so hopefully this issue can be closed.
                
> LdapExtAdLoginModule proposal for inclusion
> -------------------------------------------
>
>                 Key: SECURITY-711
>                 URL: https://issues.jboss.org/browse/SECURITY-711
>             Project: PicketBox 
>          Issue Type: Patch
>      Security Level: Public(Everyone can see) 
>          Components: PicketBox, Security SPI
>    Affects Versions: PicketBox_4_0_14.Final
>         Environment: jboss7, active directory authentication
>            Reporter: Péter Radics
>            Assignee: Anil Saldhana
>            Priority: Minor
>              Labels: LdapExtLoginModule, active-directory, security
>         Attachments: picketbox-r359-LdapExtLoginModule.patch, picketbox-r362-LdapExtAdLoginModule.patch, picketbox-r363-LdapExtAdLoginModule-with-history.patch
>
>   Original Estimate: 1 week
>  Remaining Estimate: 1 week
>
> Please consider including the attached LdapExtAdLoginModule into the official release. This login module is based on r362 of LdapExtLoginModule, but it's better suited for deeply nested Active Directory domains: it only uses one search for the userDN then it's resolving the roles recursively by querying attributes on DNs only. (as a side-effect, it doesn't trigger AS7-5737)

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list