[jboss-jira] [JBoss JIRA] (SECURITY-819) LdapExt login module fetches to many attributes in RoleSearch
RH Bugzilla Integration (JIRA)
issues at jboss.org
Thu Apr 17 15:56:34 EDT 2014
[ https://issues.jboss.org/browse/SECURITY-819?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
RH Bugzilla Integration updated SECURITY-819:
---------------------------------------------
Bugzilla References: https://bugzilla.redhat.com/show_bug.cgi?id=1086787, https://bugzilla.redhat.com/show_bug.cgi?id=1086795, https://bugzilla.redhat.com/show_bug.cgi?id=1089068 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1086787, https://bugzilla.redhat.com/show_bug.cgi?id=1086795)
> LdapExt login module fetches to many attributes in RoleSearch
> -------------------------------------------------------------
>
> Key: SECURITY-819
> URL: https://issues.jboss.org/browse/SECURITY-819
> Project: PicketBox
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: PicketBox_4_0_21.Beta3
> Reporter: Tom Fonteyne
> Assignee: Tom Fonteyne
>
> An LDAP server with (lets say) 1000 users in a group.
> When authentication, a query is done to retrieve the groups for the user.
> Most LDAP servers will limit the attributes send back based on authorization of the user, but can be configured to return *all* information.
> The cause is:
> / Query for roles matching the role filter
> SearchControls constraints = new SearchControls();
> constraints.setSearchScope(searchScope);
> constraints.setTimeLimit(searchTimeLimit);
> rolesSearch(ctx, constraints, username, userDN, recursion, 0);
> this used to also have:
> constraints.setReturningAttributes(new String[0]);
> at some time this was taken out.
> It needs to go back in
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list