Bug 1065486 - [GSS] (6.3.0) LdapExtended login module does not handle a user that has a slash character in the uid
Summary: [GSS] (6.3.0) LdapExtended login module does not handle a user that has a sla...
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ER4
: EAP 6.3.0
Assignee: Derek Horton
QA Contact: Josef Cacek
Russell Dickenson
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: 1067584 1067599
TreeView+ depends on / blocked
 
Reported: 2014-02-14 18:36 UTC by Derek Horton
Modified: 2018-12-05 17:18 UTC (History)
4 users (show)

(edit)
In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.
Clone Of:
(edit)
Last Closed: 2014-06-28 15:43:11 UTC


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker SECURITY-796 Major Resolved LdapExtended login module does not handle a user that has a slash character in the uid 2014-07-24 07:27:05 UTC

Description Derek Horton 2014-02-14 18:36:46 UTC
Description of problem:

LdapExtended login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

https://issues.jboss.org/browse/SECURITY-796

Comment 1 JBoss JIRA Server 2014-02-20 16:57:35 UTC
Derek Horton <dhorton@redhat.com> updated the status of jira SECURITY-796 to Resolved

Comment 5 Hynek Mlnarik 2014-05-14 15:51:17 UTC
Verified in 6.3.0.ER4

Comment 6 Nichola Moore 2014-05-15 05:02:10 UTC
Changed back to Known Issue as per 1097167. 

Doc text:

In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a 'slash' character ('/'). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.


Note You need to log in before you can comment on or make changes to this bug.