-
1. Re: LdapLoginModule works wrong in 4.0.3 SP1
mzshen Feb 14, 2006 1:15 AM (in response to furykid)Hi,
Not sure we were having the same problem.
My problem certainly looked like yours.
From my SunEnterpriseSystem LDAP server
access log (SunONE, or iPlanet), I saw:
SRCH
base="ou=groups,o=root"
scope=2
filter="(uniqueMember=*)" attrs="cn"
In other words, all groups under ou=groups,o=root
were assigned to the authenticated user.
The problem of course is the filter.
It should be (uniqueMember=username)
or (uniqueMember=uid=username,ou=people,o=root).
What I did was to modify
jboss-4.0.3SP1-src/security/src/main/org/jboss/security/auth/spi/LdapLoginModule.java
a bit.
original: answer = ctx.search(rolesCtxDN, roleFilter.toString(), filterArgs, controls);
new: answer = ctx.search(rolesCtxDN, "("+uidAttrName+"="+userToMatch+")", controls); -
2. Re: LdapLoginModule works wrong in 4.0.3 SP1
furykid Feb 14, 2006 6:27 AM (in response to furykid)Hi,
thanx for your reply!
we found a workaround by using the
jbosssx.jar from build 4.0.4 RC1 as described in
http://jira.jboss.com/jira/browse/JBAS-2465?page=vcs