I apologize in advance if this question has already been answered, but I can't seem to find an answer to this issue. I'm using the LdapExtLoginModule on JBoss 4.2.3 GA to authenticate our users against the Active Directory and I ran into an issue with a user that's in an OU which contains a forward slash. I stepped through the code and it seems that the javax.naming.directory.SearchResult#getName() returns a quoted value.
I found that a similar issue was reported and fixed in the rolesSearch() method in a much earlie version of JBoss by removing the quotes from the SearchResult#getName value. This fix however was not applied to the bindDNAuthentication()
https://jira.jboss.org/jira/browse/JBAS-3438
Here is the module source:
http://fisheye.jboss.org/browse/JBossAS/tags/JBoss_4_2_3_GA/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java?r=64928
Does anyone know if there is a valid reason that the bindDNAuthentication method was not updated and if there is a work around for this issue? As you can imagine having the name of the OU changed is going to be a tough sell.
SearchResult#getName() for the following user is returns "CN=Smith\, John,OU=Cons/Temps" (with the quotes).
User's DN:
CN=Smith\, John,OU=Cons/Temps,OU=Accounts,DC=MYCORP,DC=ORG
I have the following configuration and since most of my users are in the OU=Accounts,DC=MYCORP,DC=ORG I can't change the baseCtxDN.
baseFilter: (sAMAccountName={0})
baseCtxDN: OU=Accounts,DC=MYCORP,DC=ORG
It also looks like there are no fixes for this issue in the most current version of JBoss. I may however simply be looking in the wrong location. I though this is the current home of the module.
http://fisheye.jboss.org/browse/JBossAS/projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java
Thanks in advance for your help.