Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5974 Update to JBoss Security 2.0.4.SP7
  3. JBPAPP-5940

parseRoleNameFromDN functionality is missing from LdapExtLoginModule in EAP 5.1.0

    XMLWordPrintable

Details

    • Sub-task
    • Resolution: Done
    • Major
    • EAP_EWP 5.1.1
    • EAP_EWP 5.1.0
    • Security
    • None
    • Regression
    • LdapExtLoginModule queried LDAP for the roleNameAttributeID instead of checking the returned distinguished name. This was slow. To improve performance, a parseRoleNameFromDN option has been added to the module.
    • Documented as Resolved Issue

    Description

      The parseRoleNameFromDN functionality is missing from the LdapExtLoginModule in EAP 5.1.0. This is causing customers LDAP authentication to be slow.

      Issue is a duplicate of the following:
      https://issues.jboss.org/browse/ASPATCH-287
      https://issues.jboss.org/browse/JBAS-4619
      https://issues.jboss.org/browse/JBPAPP-607

      Issue was resolved in 4.0.5 and 4.3.0. Customer needs the fix applied to EAP 5.1.0.

      From ASPATCH-287:
      Improve the performance of the LdapExtLoginModule by adding a parseRoleNameFromDN option or check the returned DN to see if it already includes the roleNameAttributeID, and if it does, parse the roleNameAttributeID from the DN rather than querying LDAP for the roleNameAttributeID.

      Attachments

        Activity

          People

            anil.saldhana Anil Saldanha (Inactive)
            rhn-support-dehort Derek Horton
            Laura Bailey Laura Bailey
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: