Uploaded image for project: 'Application Server 3 4 5 and 6'
  1. Application Server 3 4 5 and 6
  2. JBAS-2465

LdapLoginModule assign all roles to authenticated user

    XMLWordPrintable

Details

    • Bug
    • Resolution: Duplicate
    • Critical
    • JBossAS-4.0.4RC1
    • JBossAS-4.0.3 Final, JBossAS-4.0.3 SP1
    • Security
    • None

    Description

      The is a bug in the class org.jboss.security.auth.spi.LdapLoginModule whereby once the user is authenticated, it assigns all roles listed under the role context DN to the user.

      The following patch fixes the problem. Please apply it to future releases:

      — jboss-4.0.3SP1-src/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2005-08-30 06:23:07.000000000 +1000
      +++ jboss-4.0.3SP1-src-new/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java 2005-11-19 22:30:27.000000000 +1100
      @@ -329,7 +329,7 @@
      roleAttrName = "roles";
      StringBuffer roleFilter = new StringBuffer("(");
      roleFilter.append(uidAttrName);

      • roleFilter.append("=*)");
        + roleFilter.append("= {0}

        )");
        //BasicAttributes matchAttrs = new BasicAttributes(true);
        String userToMatch = username;
        if (matchOnUserDN == true)

      Attachments

        Issue Links

          duplicates

          Bug - A problem that impairs or prevents the functions of the product. JBAS-2452 The LdapLoginModule supplies the user with ALL roles from LDAP-server instead of constraining it by the membership.

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          relates to

          Bug - A problem that impairs or prevents the functions of the product. JBAS-2388 NPE on connecting to Active Directory

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              ttey_jira Eric Yeo (Inactive)
              Votes:
              3 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: