Option roleRecursion does not work in org.jboss.security.mapping.providers.role.LdapRolesMappingProvider. Only entries without recursion are found. No recursive search is done by LdapRolesMappingProvider since LdapRolesMappingProvider.rolesSearch method tries to make a recursive search with same parameters. Use security domain configuration as following for reproducing: <security-domain name="test"> <authentication> <login-module code="UsersRoles" flag="required"> <module-option name="rolesProperties" value="roles.properties"/> <module-option name="usersProperties" value="users.properties"/> </login-module> </authentication> <mapping> <mapping-module code="LdapRoles" type="role"> <module-option name="bindDN" value="uid=admin,ou=system"/> <module-option name="bindCredential" value="secret"/> <module-option name="java.naming.provider.url" value="ldap://localhost:10389"/> <module-option name="roleFilter" value="member=uid\={0},ou\=People,dc\=jboss,dc\=org"/> <module-option name="rolesCtxDN" value="ou=Roles,dc=jboss,dc=org"/> <module-option name="roleAttributeID" value="cn"/> <module-option name="roleRecursion" value="2"/> </mapping-module> </mapping> </security-domain>
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Verified with EAP 6.4.12.CP.CR1;
Retroactively bulk-closing issues from released EAP 6.4 cummulative patches.