2 Replies Latest reply on Feb 14, 2006 6:27 AM by furykid

    LdapLoginModule works wrong in 4.0.3 SP1

    furykid
    furykid Feb 13, 2006 1:15 PM

      Hi
      we are using the LdapLoginModule which worked fine so long under
      jboss 3.2.3 but returns wrong roles under 4.0.3.SP1
      it seems that all roles defined ( but not assigned to the specified principal) are returned

      is this a known problem ? are there workarounds available ?
      thx
      furykid

      • 2961 Views
      • Tags:
        • 1. Re: LdapLoginModule works wrong in 4.0.3 SP1
          mzshen
          mzshen Feb 14, 2006 1:15 AM (in response to furykid)

          Hi,
          Not sure we were having the same problem.
          My problem certainly looked like yours.
          From my SunEnterpriseSystem LDAP server
          access log (SunONE, or iPlanet), I saw:
          SRCH
          base="ou=groups,o=root"
          scope=2
          filter="(uniqueMember=*)" attrs="cn"
          In other words, all groups under ou=groups,o=root
          were assigned to the authenticated user.
          The problem of course is the filter.
          It should be (uniqueMember=username)
          or (uniqueMember=uid=username,ou=people,o=root).
          What I did was to modify
          jboss-4.0.3SP1-src/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
          a bit.
          original: answer = ctx.search(rolesCtxDN, roleFilter.toString(), filterArgs, controls);
          new: answer = ctx.search(rolesCtxDN, "("+uidAttrName+"="+userToMatch+")", controls);

            • Actions
          • 2. Re: LdapLoginModule works wrong in 4.0.3 SP1
            furykid
            furykid Feb 14, 2006 6:27 AM (in response to furykid)

            Hi,
            thanx for your reply!

            we found a workaround by using the
            jbosssx.jar from build 4.0.4 RC1 as described in

            http://jira.jboss.com/jira/browse/JBAS-2465?page=vcs

              • Actions