Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 1065476 - [GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a slash character in the uid
[GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a sla...
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
6.1.0
Unspecified Unspecified
unspecified Severity unspecified
: DR1
: EAP 6.3.0
Assigned To: Darran Lofthouse
Josef Cacek
Russell Dickenson
:
Depends On:
Blocks: 1039955 1065515
  Show dependency treegraph
 
Reported: 2014-02-14 13:22 EST by Derek Horton
Modified: 2014-06-28 11:31 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, authentications requests would fail if the requesting UID contained a 'slash' (/) character. This was caused by the AdvancedLdap login module not handling quotes correctly. In this version of the product the login module has been modified to remove quotes on the returned user DN before attempting to bind.
Story Points: ---
Clone Of:
: 1065515 (view as bug list)
Environment:
Last Closed: 2014-06-28 11:31:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-795 Major Resolved AdvancedLdap login module does not handle a user that has a slash character in the uid 2018-09-25 17:57 EDT

  None (edit)
Description Derek Horton 2014-02-14 13:22:03 EST
Description of problem:

AdvancedLdap login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-795
Comment 1 Derek Horton 2014-02-14 13:28:34 EST
PR for upstream:
https://github.com/wildfly/jboss-negotiation/pull/2
Comment 2 JBoss JIRA Server 2014-02-19 14:11:32 EST
Darran Lofthouse <darran.lofthouse@jboss.com> updated the status of jira SECURITY-795 to Resolved
Comment 3 Kabir Khan 2014-03-20 11:40:30 EDT
This was done for DR1 as part of https://github.com/jbossas/jboss-eap/commit/d733eaa9dcb5c3173a9613a10578abb9b90782a1
Comment 4 Kabir Khan 2014-03-20 11:41:04 EDT
Setting to ON_QA, see my comments ^^
Comment 5 Ondrej Lukas 2014-03-28 07:35:33 EDT
Verified on EAP 6.3.0.DR6.
Comment 6 Scott Mumford 2014-04-23 20:27:47 EDT
Added release note text and marked for inclusion in the documentation.

Note You need to log in before you can comment on or make changes to this bug.