Bug 1269826

Summary: [QE](6.4.z) Option roleRecursion does not work in LdapRolesMappingProvider
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Ondrej Lukas <olukas>
Component: SecurityAssignee: Ryan Emerson <remerson>
Status: CLOSED CURRENTRELEASE QA Contact: Ondrej Lukas <olukas>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.4.0CC: anmiller, bdawidow, bmaxwell, darran.lofthouse, ihradek, istudens, msochure, ppalaga, pskopek, remerson
Target Milestone: CR1   
Target Release: EAP 6.4.12   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-01-17 13:11:21 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1274287, 1375585    

Description Ondrej Lukas 2015-10-08 09:56:28 UTC 
Option roleRecursion does not work in org.jboss.security.mapping.providers.role.LdapRolesMappingProvider. Only entries without recursion are found. No recursive search is done by LdapRolesMappingProvider since LdapRolesMappingProvider.rolesSearch method tries to make a recursive search with same parameters.

Use security domain configuration as following for reproducing:
<security-domain name="test">
    <authentication>
        <login-module code="UsersRoles" flag="required">
            <module-option name="rolesProperties" value="roles.properties"/>
            <module-option name="usersProperties" value="users.properties"/>
        </login-module>
    </authentication>
    <mapping>
        <mapping-module code="LdapRoles" type="role">
            <module-option name="bindDN" value="uid=admin,ou=system"/>
            <module-option name="bindCredential" value="secret"/>
            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
            <module-option name="roleFilter" value="member=uid\={0},ou\=People,dc\=jboss,dc\=org"/>
            <module-option name="rolesCtxDN" value="ou=Roles,dc=jboss,dc=org"/>
            <module-option name="roleAttributeID" value="cn"/>
            <module-option name="roleRecursion" value="2"/>
        </mapping-module>
    </mapping>
</security-domain>
Comment 3 Mike McCune 2016-03-28 23:25:37 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 4 Ivo Hradek 2016-11-22 07:46:26 UTC 
Verified with EAP 6.4.12.CP.CR1;
Comment 5 Petr Penicka 2017-01-17 13:11:21 UTC 
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.