Bug 1065476 - [GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a slash character in the uid
Summary: [GSS] (6.3.0) AdvancedLdap login module does not handle a user that has a sla...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: DR1
: EAP 6.3.0
Assignee: Darran Lofthouse
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks: 1039955 1065515
TreeView+ depends on / blocked
 
Reported: 2014-02-14 18:22 UTC by Derek Horton
Modified: 2014-06-28 15:31 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
: 1065515 (view as bug list)
Environment:
Last Closed: 2014-06-28 15:31:05 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-795 0 Major Resolved AdvancedLdap login module does not handle a user that has a slash character in the uid 2018-09-25 21:57:40 UTC

Internal Links: 1039955

Description Derek Horton 2014-02-14 18:22:03 UTC 
Description of problem:

AdvancedLdap login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-795
Comment 1 Derek Horton 2014-02-14 18:28:34 UTC 
PR for upstream:
https://github.com/wildfly/jboss-negotiation/pull/2
Comment 2 JBoss JIRA Server 2014-02-19 19:11:32 UTC 
Darran Lofthouse <darran.lofthouse> updated the status of jira SECURITY-795 to Resolved
Comment 3 Kabir Khan 2014-03-20 15:40:30 UTC 
This was done for DR1 as part of https://github.com/jbossas/jboss-eap/commit/d733eaa9dcb5c3173a9613a10578abb9b90782a1
Comment 4 Kabir Khan 2014-03-20 15:41:04 UTC 
Setting to ON_QA, see my comments ^^
Comment 5 Ondrej Lukas 2014-03-28 11:35:33 UTC 
Verified on EAP 6.3.0.DR6.
Comment 6 Scott Mumford 2014-04-24 00:27:47 UTC 
Added release note text and marked for inclusion in the documentation.
Note You need to log in before you can comment on or make changes to this bug.