Bug 1065476

Summary: [GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a slash character in the uid
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Derek Horton <dehort>
Component: SecurityAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.1.0CC: bmaxwell, darran.lofthouse, kkhan, olukas, smumford
Target Milestone: DR1   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, authentications requests would fail if the requesting UID contained a 'slash' (/) character. This was caused by the AdvancedLdap login module not handling quotes correctly. In this version of the product the login module has been modified to remove quotes on the returned user DN before attempting to bind.
 Story Points: ---
Clone Of:
: 1065515 (view as bug list) Environment:
Last Closed: 2014-06-28 15:31:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1039955, 1065515    

Description Derek Horton 2014-02-14 18:22:03 UTC 
Description of problem:

AdvancedLdap login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-795
Comment 1 Derek Horton 2014-02-14 18:28:34 UTC 
PR for upstream:
https://github.com/wildfly/jboss-negotiation/pull/2
Comment 2 JBoss JIRA Server 2014-02-19 19:11:32 UTC 
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-795 to Resolved
Comment 3 Kabir Khan 2014-03-20 15:40:30 UTC 
This was done for DR1 as part of https://github.com/jbossas/jboss-eap/commit/d733eaa9dcb5c3173a9613a10578abb9b90782a1
Comment 4 Kabir Khan 2014-03-20 15:41:04 UTC 
Setting to ON_QA, see my comments ^^
Comment 5 Ondrej Lukas 2014-03-28 11:35:33 UTC 
Verified on EAP 6.3.0.DR6.
Comment 6 Scott Mumford 2014-04-24 00:27:47 UTC 
Added release note text and marked for inclusion in the documentation.