[jboss-jira] [JBoss JIRA] (SECURITY-758) AdvancedLdapLoginModule doesn't isn't mapping nested roles

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Thu Oct 24 07:26:02 EDT 2013 

    [ https://issues.jboss.org/browse/SECURITY-758?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12824604#comment-12824604 ] 

Darran Lofthouse commented on SECURITY-758:
-------------------------------------------

This can be reproduced with configuration similar to the following: -

{code}
                      <login-module code="AdvancedLdap" module="org.jboss.security.negotiation" flag="required">

                        <module-option name="bindDN" value="CN=as7" />
                        <module-option name="bindCredential" value="xxx" />

                        <module-option name="java.naming.provider.url" value="ldap://ec2-xx-xx-xx-xx.compute-1.amazonaws.com"/>
        
                        <module-option name="baseCtxDN" value="CN=Users,DC=darranl,DC=jboss,DC=org"/>
                        <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                        <module-option name="rolesCtxDN" value="CN=Users,DC=darranl,DC=jboss,DC=org"/>

                        <module-option name="roleFilter" value="(distinguishedName={1})"/>
                        
                        <module-option name="roleAttributeID" value="memberOf"/>
                        <module-option name="roleAttributeIsDN" value="true"/>
                        <module-option name="roleNameAttributeID" value="name"/>
        
                        <module-option name="recurseRoles" value="true"/>

                    </login-module>
{code}

Note: One possible workaround could be if a definition is possible without the rolesFilter.
                
> AdvancedLdapLoginModule doesn't isn't mapping nested roles
> ----------------------------------------------------------
>
>                 Key: SECURITY-758
>                 URL: https://issues.jboss.org/browse/SECURITY-758
>             Project: PicketBox 
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>    Affects Versions: Negotiation_2_2_5
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: Negotiation_2_2_6
>
>
> The recursive role searching is currently broken, believed to be caused by the introduction of quotes for a previous role searching fix.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list