Uploaded image for project: 'PicketBox '
  1. PicketBox
  2. SECURITY-7

Ldap*LoginModule fail to retrieve multiple role names when roleAttributeIsDN=true

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 2.0.GA
    • 2.0.GA
    • JBossSX
    • None

      For a schema like example2.ldif and a configuration like:
      testLdapExample22 {
      org.jboss.security.auth.spi.LdapExtLoginModule
      java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
      java.naming.provider.url="ldap://lamia/"
      java.naming.security.authentication=simple
      bindDN="cn=Root,dc=jboss,dc=org"
      bindCredential=secret1
      baseCtxDN="ou=People,o=example2,dc=jboss,dc=org"
      baseFilter="(uid=

      {0})"
      rolesCtxDN="ou=Roles,o=example2,dc=jboss,dc=org";
      roleFilter="(uid={0}

      )"
      roleAttributeID="memberOf"
      roleAttributeIsDN="true"
      roleNameAttributeID="cn"
      roleRecursion=0
      };

      Only one role is being pulled from the cn=EchoGroup,ou=Roles,o=example2,dc=jboss,dc=org context, rather the both EchoGroup and TheDuke as only one of the cn attribute values is retrieved.

            starksm64 Scott Stark (Inactive)
            starksm64 Scott Stark (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: