1104976 – [GSS] (6.2.4) LdapExtended login module: LDAP referrals not working despite earlier fix

Bug 1104976 - [GSS] (6.2.4) LdapExtended login module: LDAP referrals not working despite earlier fix

Summary: [GSS] (6.2.4) LdapExtended login module: LDAP referrals not working despite e...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security
Sub Component:
Version:	6.2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	CR1
Target Release:	EAP 6.2.4
Assignee:	baranowb
QA Contact:	Josef Cacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:	1066470 1101272
Blocks:	eap62-cp04-blockers 1104984 1104987
TreeView+	depends on / blocked

Reported:	2014-06-05 07:12 UTC by baranowb
Modified:	2018-12-06 16:45 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	1066470
Environment:
Last Closed:	2014-08-07 12:12:32 UTC
Type:	Bug
Embargoed:
Flags:	smumford: needinfo-

Attachments	(Terms of Use)

Comment 2 Tom Fonteyne 2014-06-10 14:02:35 UTC

the admin interface works for authentication.... and fails for group lookup.

The tests are 1:1 mappings I saw
e.g this scenario is not covered:

LDAP 1 on port 389:
- ou=RemoteLdap,dc=example,dc=com  being a referral to ldap://server:391/dc=example,dc=com

LDAP 2 on port 391:
- uid=tomds3,ou=users,dc=example,dc=com being a member of cn=JBossAdmin,ou=groups,dc=example,dc=com (group located on LDAP 2)

In the authorization step, the group search is done on LDAP-1 where "uid=tomds3,ou=users,dc=example,dc=com" would be a member => 0 found. 

hence re-opening

Comment 3 Peter Skopek 2014-06-11 15:55:00 UTC

See my comment here: https://bugzilla.redhat.com/show_bug.cgi?id=1066470#c18
Changing status back to MODIFIED.

Comment 4 Hynek Mlnarik 2014-06-19 06:42:56 UTC

Verified in 6.2.4.CP.CR1

Note You need to log in before you can comment on or make changes to this bug.