Bug 1065476 - [GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a slash character in the uid
Summary: [GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a sla...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
(Show other bugs)
Version: 6.1.0
Hardware: Unspecified Unspecified
unspecified
unspecified
Target Milestone: DR1
: EAP 6.3.0
Assignee: Darran Lofthouse
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1039955 1065515
TreeView+ depends on / blocked
 
Reported: 2014-02-14 18:22 UTC by Derek Horton
Modified: 2014-06-28 15:31 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, authentications requests would fail if the requesting UID contained a 'slash' (/) character. This was caused by the AdvancedLdap login module not handling quotes correctly. In this version of the product the login module has been modified to remove quotes on the returned user DN before attempting to bind.
Story Points: ---
Clone Of:
: 1065515 (view as bug list)
Environment:
Last Closed: 2014-06-28 15:31:05 UTC
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-795 Major Resolved AdvancedLdap login module does not handle a user that has a slash character in the uid 2018-09-25 21:57 UTC

Description Derek Horton 2014-02-14 18:22:03 UTC
Description of problem:

AdvancedLdap login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-795

Comment 1 Derek Horton 2014-02-14 18:28:34 UTC
PR for upstream:
https://github.com/wildfly/jboss-negotiation/pull/2

Comment 2 JBoss JIRA Server 2014-02-19 19:11:32 UTC
Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira SECURITY-795 to Resolved

Comment 3 Kabir Khan 2014-03-20 15:40:30 UTC
This was done for DR1 as part of https://github.com/jbossas/jboss-eap/commit/d733eaa9dcb5c3173a9613a10578abb9b90782a1

Comment 4 Kabir Khan 2014-03-20 15:41:04 UTC
Setting to ON_QA, see my comments ^^

Comment 5 Ondrej Lukas 2014-03-28 11:35:33 UTC
Verified on EAP 6.3.0.DR6.

Comment 6 Scott Mumford 2014-04-24 00:27:47 UTC
Added release note text and marked for inclusion in the documentation.


Note You need to log in before you can comment on or make changes to this bug.