Bug 1065486 – [GSS] (6.3.0) LdapExtended login module does not handle a user that has a slash character in the uid

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 1065486 - [GSS] (6.3.0) LdapExtended login module does not handle a user that has a slash character in the uid

Summary:	[GSS] (6.3.0) LdapExtended login module does not handle a user that has a sla...

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security (Show other bugs)
Sub Component:
Version:	6.1.0
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	ER4
Target Release:	EAP 6.3.0
Assigned To:	Derek Horton
QA Contact:	Josef Cacek
Docs Contact:	Russell Dickenson

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:	1067584 1067599
	Show dependency tree / graph

Reported:	2014-02-14 13:36 EST by Derek Horton
Modified:	2014-08-11 22:08 EDT (History)
CC List:	4 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.
Story Points:	---
Clone Of:
Environment:
Last Closed:	2014-06-28 11:43:11 EDT
Type:	Bug
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
JBoss Issue Tracker	SECURITY-796	Major	Resolved	LdapExtended login module does not handle a user that has a slash character in the uid	2014-07-24 03:27:05 EDT

Groups: None (edit)

Description Derek Horton 2014-02-14 13:36:46 EST

Description of problem:

LdapExtended login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-796

Comment 1 JBoss JIRA Server 2014-02-20 11:57:35 EST

Derek Horton <dhorton@redhat.com> updated the status of jira SECURITY-796 to Resolved

Comment 2 Derek Horton 2014-02-20 12:11:30 EST

Fix committed to:
https://svn.jboss.org/repos/picketbox/branches/eap62
https://svn.jboss.org/repos/picketbox/trunk

Comment 5 Hynek Mlnarik 2014-05-14 11:51:17 EDT

Verified in 6.3.0.ER4

Comment 6 Nichola Moore 2014-05-15 01:02:10 EDT

Changed back to Known Issue as per 1097167. 

Doc text:

In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.

Note You need to log in before you can comment on or make changes to this bug.