geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jean-Jacques Parent (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (GERONIMO-6525) LDAP realm userSearchMatching filter
Date Wed, 30 Jul 2014 08:58:38 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-6525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14079084#comment-14079084
] 

Jean-Jacques Parent commented on GERONIMO-6525:
-----------------------------------------------

Take care : the andpercent amp; is converted in the description field for the config.xml sample.
Edit the description field to see the original text...

> LDAP realm userSearchMatching filter
> ------------------------------------
>
>                 Key: GERONIMO-6525
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-6525
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 3.0.1
>         Environment: Windows server 2003
> JDK1.7.0_60
>            Reporter: Jean-Jacques Parent
>            Priority: Minor
>
> Get problem when using such property in a ldap securityrealm:
> in the console : userSearchMatching=(&(sAMAccountName={0})(objectclass=user))
>  in the config.xml : userSearchMatching=(&amp;(sAMAccountName\={0})(objectclass\=user))
> - used to work with geronimo 2
> - get error with geronimo 3 
> javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; remaining
name 'dc=brucity,dc=be'
> 	at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
> 	at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
> 	at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
> 	at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
> 	at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
> 	at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
> 	at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
> 	at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
> 	at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
> 	at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
> 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
> 	at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
> 	at org.apache.aries.jndi.DelegateContext.search(DelegateContext.java:365)
> 	at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
> 	at org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:260)
> 	at org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:154)
> - think tha tthe problem is &amp;. works fine in G3 with (sAMAccountName={0})
> One question: in LDAPLoginModule.authenticate(). What is the purpose of this code : if
(results.hasMore()) {} ?
> This make the authentication fail. Need to comment it out to get it work...



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message