[jboss-jira] [JBoss JIRA] (WFLY-5787) AdvancedLdapLoginModule does not handle loops in referrals
Ondrej Lukas (JIRA)
issues at jboss.org
Fri Dec 4 04:30:00 EST 2015
Ondrej Lukas created WFLY-5787:
----------------------------------
Summary: AdvancedLdapLoginModule does not handle loops in referrals
Key: WFLY-5787
URL: https://issues.jboss.org/browse/WFLY-5787
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
According to LDAP specification [1]: "Clients that follow referrals MUST ensure that they do not loop between servers. They MUST NOT repeatedly contact the same server for the same request with the same parameters.".
When EAP server is configured to use AdvancedLdapLoginModule which uses referrals and LDAP servers contain loop then it leads to infinite cycle. It can results to java.lang.OutOfMemoryError on EAP server.
We hit this issue during certification of 3rd Party LDAP servers. This issue is not regression to EAP 6.x.
[1] http://tools.ietf.org/html/rfc4511#section-4.1.10
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list