[jboss-jira] [JBoss JIRA] (WFCORE-1313) User with slash or backslash char in LDAP name cannot log in through security-realm

Lin Gao (Jira) issues at jboss.org
Mon Apr 13 22:06:12 EDT 2020 

     [ https://issues.redhat.com/browse/WFCORE-1313?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Lin Gao updated WFCORE-1313:
----------------------------
    Fix Version/s:     (was: 3.0.0.Alpha13)


> User with slash or backslash char in LDAP name cannot log in through security-realm
> -----------------------------------------------------------------------------------
>
>                 Key: WFCORE-1313
>                 URL: https://issues.redhat.com/browse/WFCORE-1313
>             Project: WildFly Core
>          Issue Type: Bug
>          Components: Security
>            Reporter: Hynek Švábek
>            Assignee: Lin Gao
>            Priority: Minor
>         Attachments: users.ldif
>
>
> According to LDAP specification [1], DN can contain slash char without escaping or escaped backslash, etc.
> I am not able to log in to management console with username "Slash/Char" or "Back\Slash". But I would be able to log in there. 
> I can see this in Wireshark
> *Slash/Char*
> {code}
> LDAPMessage bindRequest(1) ""uid=Slash/Char",ou=People,o=LdapRealmSpecialNameManualTest7d339efa,o=primary,dc=jboss,dc=org" simple
> LDAPMessage bindResponse(1) invalidDNSyntax (Incorrect DN given : "uid=Slash/Char",ou=People,o=LdapRealmSpecialNameManualTest7d339efa,o=primary,dc=jboss,dc=org (0x22 0x75 0x69 0x64 0x3D 0x53 0x6C 0x61 0x73 0x68 0x2F 0x43 0x68 0x61 0x72 0x2
> {code}
> You can see there quotation marks around *uid=Slash/Char*.
> *Back\Slash*
> {code}
> LDAPMessage bindRequest(1) "uid=Back\\\Slash,ou=People,o=LdapRealmSpecialNameManualTest7d339efa,o=primary,dc=jboss,dc=org" simple
> LDAPMessage bindResponse(1) invalidDNSyntax (Incorrect DN given : uid=Back\\\Slash,ou=People,o=LdapRealmSpecialNameManualTest7d339efa,o=primary,dc=jboss,dc=org (0x75 0x69 0x64 0x3D 0x42 0x61 0x63 0x6B 0x5C 0x5C 0x5C 0x53 0x6C 0x61 0x73 0x6
> {code}
> You can see there three backslash chars.
> In my opinion problem can be somewhere around this
> {code}
> javax.naming.NameImpl.stringifyComp(String comp)
> {code}
> [1] https://tools.ietf.org/html/rfc2253#section-3



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list