0 Replies Latest reply on Mar 15, 2010 7:36 PM by Victor Yelevich

    LdapExtLoginModule userDN quoted when the OU contains a slash

    Victor Yelevich Newbie

      I apologize in advance if this question has already been answered, but I can't seem to find an answer to this issue. I'm using the LdapExtLoginModule on JBoss 4.2.3 GA to authenticate our users against the Active Directory and I ran into an issue with a user that's in an OU which contains a forward slash. I stepped through the code and it seems that the javax.naming.directory.SearchResult#getName() returns a quoted value.

       

      I found that a similar issue was reported and fixed in the rolesSearch() method in a much earlie version of JBoss by removing the quotes from the SearchResult#getName value. This fix however was not applied to the bindDNAuthentication()

       

      https://jira.jboss.org/jira/browse/JBAS-3438

       

      Here  is the module source:

      http://fisheye.jboss.org/browse/JBossAS/tags/JBoss_4_2_3_GA/security/src/main/org/jboss/security/auth/spi/LdapExtLoginModule.java?r=64928

       

      Does anyone know if there is a valid reason that the bindDNAuthentication method was not updated and if there is a work around for this issue? As you can imagine having the name of the OU changed is going to be a tough sell.

       

      SearchResult#getName() for the following user is returns "CN=Smith\, John,OU=Cons/Temps" (with the quotes).

       

      User's DN:

      CN=Smith\, John,OU=Cons/Temps,OU=Accounts,DC=MYCORP,DC=ORG

       

      I have the following configuration and since most of my users are in the OU=Accounts,DC=MYCORP,DC=ORG I can't change the baseCtxDN.

       

      baseFilter: (sAMAccountName={0})
      baseCtxDN: OU=Accounts,DC=MYCORP,DC=ORG

       

      It also looks like there are no fixes for this issue in the most current version of JBoss. I may however simply be looking in the wrong location. I though this is the current home of the module.

       

      http://fisheye.jboss.org/browse/JBossAS/projects/security/security-jboss-sx/trunk/jbosssx/src/main/java/org/jboss/security/auth/spi/LdapExtLoginModule.java

       

      Thanks in advance for your help.