1458837 – Ldap, entry for non existing user are cached.

Bug 1458837 - Ldap, entry for non existing user are cached.

Summary: Ldap, entry for non existing user are cached.

Keywords:
Status:	CLOSED EOL
Alias:	None
Product:	JBoss Enterprise Application Platform 6
Classification:	JBoss
Component:	Domain Management
Sub Component:
Version:	6.4.15
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Jiri Ondrusek
QA Contact:	Martin Simka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-05 15:11 UTC by Jiri Ondrusek
Modified:	2019-08-19 12:44 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2019-08-19 12:44:18 UTC
Type:	Bug
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	JBEAP-11350	Major	Pull Request Sent	(7.0.z) Legacy ldap realm, entry for non existing user are cached	2017-08-30 04:42:17 UTC
Red Hat Issue Tracker	JBEAP-12370	Blocker	Ready for QA	[7.1] Legacy ldap realm, caching by access time doesn't "clear" timeout for already cached entry	2017-08-30 04:42:17 UTC
Red Hat Issue Tracker	JBEAP-9391	Major	Verified	Legacy ldap realm, entry for non existing user are cached	2017-08-30 04:42:16 UTC
Red Hat Issue Tracker	JBEAP-9542	Major	Pull Request Sent	Legacy ldap realm, entry for non existing user are cached	2017-08-30 04:42:17 UTC
Red Hat Issue Tracker	WFCORE-2502	Major	Resolved	Legacy ldap realm, entry for non existing user are cached	2017-08-30 04:42:17 UTC
Red Hat Issue Tracker	WFCORE-3111	Blocker	Resolved	Legacy ldap realm, caching by access time doesn't "clear" timeout for already cached entry	2017-08-30 04:42:16 UTC

Description Jiri Ondrusek 2017-06-05 15:11:42 UTC

Description of problem:
Even if cached entry should be used, new search is executed. See steps to reproduce.



Steps to Reproduce:
1 - configure security realm to use cache with eviction by size strategy
            
<security-realm name="authn-by-search-time-3-1">
                <authentication>
                    <ldap connection="ldap-connection" base-dn="ou=People,dc=jboss,dc=org" recursive="true">
                        <cache eviction-time="30" max-cache-size="1" cache-failures="false"/>
                        <username-filter attribute="uid"/>
                    </ldap>
                </authentication>
            </security-realm>

2 - configure http interface to be secured by this realm
            <http-interface security-realm="authn-by-search-time-3-1">
                <http-upgrade enabled="true"/>
                <socket-binding http="management-http"/>
            </http-interface>
access http://localhost:9990/console with existing user e.g. "jduke"
access http://localhost:9990/console with non existing user e.g. "test"
In log there is message "Entry with key 'jduke' evicted from cache due to cache being above maximum size." When you access http://localhost:9990/console again with "jduke", then Wireshark shows that LDAP call occured.

Actual results:


Expected results:
'jduke' should be found in cache.


Additional info:

Note You need to log in before you can comment on or make changes to this bug.