[jboss-jira] [JBoss JIRA] (SECURITY-819) LdapExt login module fetches to many attributes in RoleSearch
Tom Fonteyne (JIRA)
issues at jboss.org
Fri Apr 11 09:22:13 EDT 2014
Tom Fonteyne created SECURITY-819:
-------------------------------------
Summary: LdapExt login module fetches to many attributes in RoleSearch
Key: SECURITY-819
URL: https://issues.jboss.org/browse/SECURITY-819
Project: PicketBox
Issue Type: Feature Request
Security Level: Public (Everyone can see)
Components: JBossSX
Affects Versions: PicketBox_4_0_21.Beta3
Reporter: Tom Fonteyne
Assignee: Tom Fonteyne
An LDAP server with (lets say) 1000 users in a group.
When authentication, a query is done to retrieve the groups for the user.
Most LDAP servers will limit the attributes send back based on authorization of the user, but can be configured to return *all* information.
The cause is:
/ Query for roles matching the role filter
SearchControls constraints = new SearchControls();
constraints.setSearchScope(searchScope);
constraints.setTimeLimit(searchTimeLimit);
rolesSearch(ctx, constraints, username, userDN, recursion, 0);
this used to also have:
constraints.setReturningAttributes(new String[0]);
at some time this was taken out.
It needs to go back in
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list