1067599 – [GSS] (6.2.x) LdapExtended login module does not handle a user that has a slash character in the uid

Bug 1067599 - [GSS] (6.2.x) LdapExtended login module does not handle a user that has a slash character in the uid

Summary: [GSS] (6.2.x) LdapExtended login module does not handle a user that has a sla...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security
Sub Component:
Version:	6.1.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR2
Target Release:	EAP 6.2.2
Assignee:	Derek Horton
QA Contact:	Josef Cacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:	1065486
Blocks:	eap62-cp02-blockers 1067580
TreeView+	depends on / blocked

Reported:	2014-02-20 17:04 UTC by Derek Horton
Modified:	2018-12-05 17:22 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	In previous versions of JBoss EAP 6, the username string returned by the JVM's LDAP code was wrapped in double quotes if it contained a 'slash' (/) character. This broke any further LDAP lookups, including those for authentication and role lookup. This meant that users with a 'slash' character in their username were not able to successfully authenticate when using the LdapExtended login module. In this version of the product the double quotes are removed from the username returned from LDAP and users with slashes in the username are correctly authenticated.
Clone Of:
Environment:
Last Closed:	2014-06-02 12:50:07 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SECURITY-796	0	Major	Resolved	LdapExtended login module does not handle a user that has a slash character in the uid	2016-01-10 04:27:53 UTC

Description Derek Horton 2014-02-20 17:04:42 UTC

Description of problem:
LdapExtended login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

Version-Release number of selected component (if applicable):

Steps to Reproduce:

1.  Configure an application to use a security-domain that is setup to use the LdapExtended login module.  
2.  Create a user that contains a slash char ('/') in the uid.  
3.  Attempt to authenticate the user.

Comment 1 Derek Horton 2014-02-20 17:10:54 UTC

Fix committed to:
https://svn.jboss.org/repos/picketbox/branches/eap62
https://svn.jboss.org/repos/picketbox/trunk

Comment 2 Ondrej Lukas 2014-03-04 10:29:44 UTC

Verified on EAP 6.2.2.CR2.

Comment 3 Russell Dickenson 2014-03-06 13:39:55 UTC

Attention: Derek Horton

Please provide draft Release Notes text for this ticket.

Thank you

Note You need to log in before you can comment on or make changes to this bug.