[jboss-jira] [JBoss JIRA] (WFCORE-2309) Regression in EAP 7.1.0.DR12: username-load attribute of legacy LDAP Realm stop to work
Ondrej Lukas (JIRA)
issues at jboss.org
Mon Feb 20 10:37:00 EST 2017
Ondrej Lukas created WFCORE-2309:
------------------------------------
Summary: Regression in EAP 7.1.0.DR12: username-load attribute of legacy LDAP Realm stop to work
Key: WFCORE-2309
URL: https://issues.jboss.org/browse/WFCORE-2309
Project: WildFly Core
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Blocker
{{username-load}} attribute of legacy LDAP Realm stop to work in EAP 7.1.0.DR12. This attribute is used for assigning username from some LDAP entry attribute. In current behavior in EAP 7.1.0.DR12 it seems that it tries to search user in LDAP through value obtained from entry 'username-load' attribute. See mentioned below logs for more details.
Due to regression we request blocker. Taking EAP 7.0.x configuration and put it into EAP 7.1.x will causes that username-load feature stop to work.
Despite username-load attribute of legacy LDAP Realm was fixed in EAP 7.1.0.DR11 (JBEAP-7821) it has been broken again in EAP 7.1.0.DR12.
Server log for DR12:
{code}
2017-02-20 16:17:22,440 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:17:22,441 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:17:22,441 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:17:22,442 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:17:22,474 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:17:22,474 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest9c88e710,o=primary,dc=jboss,dc=org' found for user 'Duke'
2017-02-20 16:17:22,475 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'Duke'
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'Duke' using filter '(uid={0})'.
2017-02-20 16:17:22,476 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:17:22,482 TRACE [org.jboss.as.domain.management.security] (management task-6) User 'Duke' not found in directory.
{code}
Server log for DR11:
{code}
2017-02-20 16:23:33,269 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,270 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,303 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,303 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org' found for user 'Duke'
2017-02-20 16:23:33,304 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,305 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,309 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,309 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org' found for user 'Duke'
2017-02-20 16:23:33,310 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,317 TRACE [org.jboss.as.domain.management.security] (management task-6) Password verified for user 'jduke' (using connection attempt)
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Non caching search for 'jduke'
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Performing single level search
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Searching for user 'jduke' using filter '(uid={0})'.
2017-02-20 16:23:33,318 TRACE [org.jboss.as.domain.management.security] (management task-6) Connecting to LDAP with properties ({java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, java.naming.provider.url=ldap://localhost:10389, java.naming.security.principal=uid=admin,ou=system, java.naming.security.credentials=***, java.naming.referral=ignore})
2017-02-20 16:23:33,325 TRACE [org.jboss.as.domain.management.security] (management task-6) Converted username 'jduke' to 'Duke'
2017-02-20 16:23:33,326 TRACE [org.jboss.as.domain.management.security] (management task-6) DN 'uid=jduke,ou=People,o=LdapRealmUsernameLoadOptionManualTest10fe60be,o=primary,dc=jboss,dc=org' found for user 'Duke'
{code}
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list