3 Replies Latest reply on Feb 4, 2008 8:10 AM by Boo Leong Khoo

    LdapExtLoginModule.java bug? Blank password login successful

    Boo Leong Khoo Newbie

      Is it me or is it a bug?
      I tried to login with a username that exist in LDAP but with BLANK password.
      The login was successful.

      login-config.xml Configuration as below

      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
      <module-option name="java.naming.provider.url">ldap://127.0.0.1:389</module-option>
      <module-option name="bindDN">cn=Directory Manager</module-option>
      <module-option name="bindCredential">password</module-option>
      <module-option name="baseCtxDN">ou=People,o=domain.com</module-option>
      <module-option name="baseFilter">(uid={0})</module-option>

      <module-option name="rolesCtxDN">ou=Groups,o=domain.com</module-option>
      <module-option name="roleFilter">(uniqueMember={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">false</module-option>
      <module-option name="roleNameAttributeID">cn</module-option>

      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">SUBTREE_SCOPE</module-option>
      </login-module>