[jboss-jira] [JBoss JIRA] (WFLY-7946) Elytron ldap-realm does not handle loops in referrals
Ondrej Lukas (JIRA)
issues at jboss.org
Tue Jan 24 03:02:01 EST 2017
Ondrej Lukas created WFLY-7946:
----------------------------------
Summary: Elytron ldap-realm does not handle loops in referrals
Key: WFLY-7946
URL: https://issues.jboss.org/browse/WFLY-7946
Project: WildFly
Issue Type: Bug
Components: Security
Reporter: Ondrej Lukas
Assignee: Darran Lofthouse
Priority: Critical
Attachments: print-roles.war
According to LDAP specification [1]: "Clients that follow referrals MUST ensure that they do not loop between servers. They MUST NOT repeatedly contact the same server for the same request with the same parameters.".
When application server is configured to use ldap-realm with dir-context which uses referral-mode=follow or throw and LDAP servers contain loop then it leads to infinite cycle. It can results to java.lang.OutOfMemoryError on EAP server.
This issue has been already reported for legacy security during EAP 7.0.0 testing in JBEAP-2156.
[1] http://tools.ietf.org/html/rfc4511#section-4.1.10
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list