1067599 – [GSS] (6.2.x) LdapExtended login module does not handle a user that has a slash character in the uid

Bug 1067599 - [GSS] (6.2.x) LdapExtended login module does not handle a user that has a slash character in the uid

Summary: [GSS] (6.2.x) LdapExtended login module does not handle a user that has a sla...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Security
Sub Component:
Version:	6.1.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	CR2
Target Release:	EAP 6.2.2
Assignee:	Derek Horton
QA Contact:	Josef Cacek
Docs Contact:	Russell Dickenson
URL:
Whiteboard:
Depends On:	1065486
Blocks:	eap62-cp02-blockers 1067580
TreeView+	depends on / blocked

Reported:	2014-02-20 17:04 UTC by Derek Horton
Modified:	2018-12-05 17:22 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2014-06-02 12:50:07 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	SECURITY-796	0	Major	Resolved	LdapExtended login module does not handle a user that has a slash character in the uid	2016-01-10 04:27:53 UTC

Description Derek Horton 2014-02-20 17:04:42 UTC

Description of problem:
LdapExtended login module does not handle a user that has a slash character in the uid.

For example, JBoss will fail to authenticate the following user correctly:

dn: uid=weird/user,ou=Users,dc=my-domain,dc=com
uid: weird/user
cn: Weird User

Version-Release number of selected component (if applicable):

Steps to Reproduce:

1.  Configure an application to use a security-domain that is setup to use the LdapExtended login module.  
2.  Create a user that contains a slash char ('/') in the uid.  
3.  Attempt to authenticate the user.

Comment 1 Derek Horton 2014-02-20 17:10:54 UTC

Fix committed to:
https://svn.jboss.org/repos/picketbox/branches/eap62
https://svn.jboss.org/repos/picketbox/trunk

Comment 2 Ondrej Lukas 2014-03-04 10:29:44 UTC

Verified on EAP 6.2.2.CR2.

Comment 3 Russell Dickenson 2014-03-06 13:39:55 UTC

Attention: Derek Horton

Please provide draft Release Notes text for this ticket.

Thank you

Note You need to log in before you can comment on or make changes to this bug.