[jboss-jira] [JBoss JIRA] (SECURITY-735) spnego AdvancedLdapLoginModule cannot cope with roles contains a slash

Darran Lofthouse (JIRA) jira-events at lists.jboss.org
Thu Oct 24 07:28:01 EDT 2013 

    [ https://issues.jboss.org/browse/SECURITY-735?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12824605#comment-12824605 ] 

Darran Lofthouse commented on SECURITY-735:
-------------------------------------------

This issue is reproducible with configuration similar to the following: -

{code}
                      <login-module code="AdvancedLdap" module="org.jboss.security.negotiation" flag="required">

                        <module-option name="bindDN" value="CN=as7" />
                        <module-option name="bindCredential" value="xxx" />

                        <module-option name="java.naming.provider.url" value="ldap://ec2-xx-xx-xx-xx.compute-1.amazonaws.com"/>
        
                        <module-option name="baseCtxDN" value="CN=Users,DC=darranl,DC=jboss,DC=org"/>
                        <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                        <module-option name="rolesCtxDN" value="CN=Users,DC=darranl,DC=jboss,DC=org"/>
                        
                        <module-option name="roleAttributeID" value="memberOf"/>
                        <module-option name="roleAttributeIsDN" value="true"/>
                        <module-option name="roleNameAttributeID" value="name"/>
        
                        <module-option name="recurseRoles" value="true"/>

                    </login-module>
{code}

The absence of a roleFilter is why the distinguished name is not being correctly quoted, adding the roleFilter would not be normally required as it does result in additional searches being performed by the LDAP server but in this case it is a possible workaround for the distinguished name to be quoted where required.

                
> spnego AdvancedLdapLoginModule cannot cope with roles contains a slash
> ----------------------------------------------------------------------
>
>                 Key: SECURITY-735
>                 URL: https://issues.jboss.org/browse/SECURITY-735
>             Project: PicketBox 
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Negotiation
>    Affects Versions: Negotiation_2_2_2
>            Reporter: Darran Lofthouse
>            Assignee: Darran Lofthouse
>             Fix For: Negotiation_2_2_3
>
>


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list