Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-2452

The LdapLoginModule supplies the user with ALL roles from LDAP-server instead of constraining it by the membership.

    XMLWordPrintable

Details

    Description

      When LdapLoginModule is seaching for roles for a user, it asks for all roles and not for roles, which have a given user as a member.

      The seach code is:

      Object[] filterArgs =

      {userToMatch}

      ;
      NamingEnumeration answer = ctx.search(rolesCtxDN, roleFilter.toString(), filterArgs, controls);

      where the "roleFilter" is "("uidAttrName"=)". For example it can be (member=). But here:

      http://java.sun.com/j2se/1.3/docs/api/javax/naming/directory/InitialDirContext.html#search(java.lang.String,%20javax.naming.directory.Attributes,%20java.lang.String[])

      it can be seen, that one have to use "

      {0}

      " and not "*", if it needed to substitute it with "filterArgs"-elements.

      I have written my own LdapLoginModule, where only what I changed was this asterisks. It works fine.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem that impairs or prevents the functions of the product. JBAS-2465 LdapLoginModule assign all roles to authenticated user

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              starksm64 Scott Stark (Inactive)
              rodion_jira Rodion Alukhanov (Inactive)
              Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: