Bug 1065486 - [GSS] (6.3.0) LdapExtended login module does not handle a user that has a slash character in the uid
Summary: [GSS] (6.3.0) LdapExtended login module does not handle a user that has a sla...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ER4
: EAP 6.3.0
Assignee: Derek Horton
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Depends On:
Blocks: 1067584 1067599
TreeView+ depends on / blocked
 
Reported: 2014-02-14 18:36 UTC by Derek Horton
Modified: 2018-12-05 17:18 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.
Clone Of:
Environment:
Last Closed: 2014-06-28 15:43:11 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker SECURITY-796 0 Major Resolved LdapExtended login module does not handle a user that has a slash character in the uid 2014-07-24 07:27:05 UTC

Description Derek Horton 2014-02-14 18:36:46 UTC
Description of problem:

LdapExtended login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-796

Comment 1 JBoss JIRA Server 2014-02-20 16:57:35 UTC
Derek Horton <dhorton> updated the status of jira SECURITY-796 to Resolved

Comment 5 Hynek Mlnarik 2014-05-14 15:51:17 UTC
Verified in 6.3.0.ER4

Comment 6 Nichola Moore 2014-05-15 05:02:10 UTC
Changed back to Known Issue as per 1097167. 

Doc text:

In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.


Note You need to log in before you can comment on or make changes to this bug.