Bug 1269826 - [QE](6.4.z) Option roleRecursion does not work in LdapRolesMappingProvider
[QE](6.4.z) Option roleRecursion does not work in LdapRolesMappingProvider
Status: CLOSED CURRENTRELEASE
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Security (Show other bugs)
6.4.0
Unspecified Unspecified
unspecified Severity medium
: CR1
: EAP 6.4.12
Assigned To: Ryan Emerson
Ondrej Lukas
:
Depends On:
Blocks: 1274287 eap6412-payload
  Show dependency treegraph
 
Reported: 2015-10-08 05:56 EDT by Ondrej Lukas
Modified: 2017-01-17 08:11 EST (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-01-17 08:11:21 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker WFLY-5491 Major Resolved Option roleRecursion does not work in LdapRolesMappingProvider 2017-08-04 07:50 EDT

  None (edit)
Description Ondrej Lukas 2015-10-08 05:56:28 EDT
Option roleRecursion does not work in org.jboss.security.mapping.providers.role.LdapRolesMappingProvider. Only entries without recursion are found. No recursive search is done by LdapRolesMappingProvider since LdapRolesMappingProvider.rolesSearch method tries to make a recursive search with same parameters.

Use security domain configuration as following for reproducing:
<security-domain name="test">
    <authentication>
        <login-module code="UsersRoles" flag="required">
            <module-option name="rolesProperties" value="roles.properties"/>
            <module-option name="usersProperties" value="users.properties"/>
        </login-module>
    </authentication>
    <mapping>
        <mapping-module code="LdapRoles" type="role">
            <module-option name="bindDN" value="uid=admin,ou=system"/>
            <module-option name="bindCredential" value="secret"/>
            <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
            <module-option name="roleFilter" value="member=uid\={0},ou\=People,dc\=jboss,dc\=org"/>
            <module-option name="rolesCtxDN" value="ou=Roles,dc=jboss,dc=org"/>
            <module-option name="roleAttributeID" value="cn"/>
            <module-option name="roleRecursion" value="2"/>
        </mapping-module>
    </mapping>
</security-domain>
Comment 3 Mike McCune 2016-03-28 19:25:37 EDT
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions
Comment 4 Ivo Hradek 2016-11-22 02:46:26 EST
Verified with EAP 6.4.12.CP.CR1;
Comment 5 Petr Penicka 2017-01-17 08:11:21 EST
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.

Note You need to log in before you can comment on or make changes to this bug.