Bug 1104976

Summary: [GSS] (6.2.4) LdapExtended login module: LDAP referrals not working despite earlier fix
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: baranowb <bbaranow>
Component: SecurityAssignee: baranowb <bbaranow>
Status: CLOSED CURRENTRELEASE QA Contact: Josef Cacek <jcacek>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: urgent    
Version: 6.2.1CC: asaldhan, bbaranow, cdewolf, darran.lofthouse, hmlnarik, jawilson, kkhan, pskopek, smumford, tfonteyn, tiwillia
Target Milestone: CR1Flags: smumford: needinfo-
Target Release: EAP 6.2.4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 1066470 Environment:
Last Closed: 2014-08-07 12:12:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1066470, 1101272    
Bug Blocks: 1067534, 1104984, 1104987    

Comment 2 Tom Fonteyne 2014-06-10 14:02:35 UTC 
the admin interface works for authentication.... and fails for group lookup.

The tests are 1:1 mappings I saw
e.g this scenario is not covered:

LDAP 1 on port 389:
- ou=RemoteLdap,dc=example,dc=com  being a referral to ldap://server:391/dc=example,dc=com

LDAP 2 on port 391:
- uid=tomds3,ou=users,dc=example,dc=com being a member of cn=JBossAdmin,ou=groups,dc=example,dc=com (group located on LDAP 2)

In the authorization step, the group search is done on LDAP-1 where "uid=tomds3,ou=users,dc=example,dc=com" would be a member => 0 found. 

hence re-opening
Comment 3 Peter Skopek 2014-06-11 15:55:00 UTC 
See my comment here: https://bugzilla.redhat.com/show_bug.cgi?id=1066470#c18
Changing status back to MODIFIED.
Comment 4 Hynek Mlnarik 2014-06-19 06:42:56 UTC 
Verified in 6.2.4.CP.CR1