Bug 1065486

Summary: [GSS] (6.3.0) LdapExtended login module does not handle a user that has a slash character in the uid
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Derek Horton <dehort>
Component: SecurityAssignee: Derek Horton <dehort>
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.1.0CC: dehort, hmlnarik, smumford, twells
Target Milestone: ER4   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:43:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1067584, 1067599    

Description Derek Horton 2014-02-14 18:36:46 UTC 
Description of problem:

LdapExtended login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-796
Comment 1 JBoss JIRA Server 2014-02-20 16:57:35 UTC 
Derek Horton <dhorton> updated the status of jira SECURITY-796 to Resolved
Comment 2 Derek Horton 2014-02-20 17:11:30 UTC 
Fix committed to:
https://svn.jboss.org/repos/picketbox/branches/eap62
https://svn.jboss.org/repos/picketbox/trunk
Comment 5 Hynek Mlnarik 2014-05-14 15:51:17 UTC 
Verified in 6.3.0.ER4
Comment 6 Nichola Moore 2014-05-15 05:02:10 UTC 
Changed back to Known Issue as per 1097167. 

Doc text:

In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.