[jboss-jira] [JBoss JIRA] (SECURITY-975) Default distinguishedNameAttribute value of LdapExtLoginModule causes not working referrals on MS Active Directory
Jiri Ondrusek (JIRA)
issues at jboss.org
Thu Aug 10 05:16:00 EDT 2017
[ https://issues.jboss.org/browse/SECURITY-975?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jiri Ondrusek moved JBEAP-12683 to SECURITY-975:
------------------------------------------------
Project: PicketBox (was: JBoss Enterprise Application Platform)
Key: SECURITY-975 (was: JBEAP-12683)
Workflow: classic default workflow (was: CDW with loose statuses v1)
Component/s: PicketBox
(was: Security)
Affects Version/s: PicketBox_5_0_2.Final
(was: 7.0.0.ER4)
> Default distinguishedNameAttribute value of LdapExtLoginModule causes not working referrals on MS Active Directory
> ------------------------------------------------------------------------------------------------------------------
>
> Key: SECURITY-975
> URL: https://issues.jboss.org/browse/SECURITY-975
> Project: PicketBox
> Issue Type: Bug
> Components: PicketBox
> Affects Versions: PicketBox_5_0_2.Final
> Reporter: Jiri Ondrusek
> Assignee: Jiri Ondrusek
>
> In case when crossRef object to different domain is configured on MS Active Directory for handling referrals and JBoss EAP 7 uses LdapExtLoginModule then default value ('distinguishedName') of distinguishedNameAttribute option causes wrong handling of referrals which leads to authentication fail for referral users.
> Referral object is returned by original LDAP server (LDAP server which includes crossRef to different domain) but user is obtained through value of distinguishedName attribute from that response. It leads to authentication attempt with referral user against original LDAP server instead of referenced LDAP server which results to failed authentication.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list