[jira] [Created] (GERONIMO-6525) LDAP realm userSearchMatching filter

Wed, 30 Jul 2014 01:49:27 -0700 

Jean-Jacques Parent created GERONIMO-6525:
---------------------------------------------

             Summary: LDAP realm userSearchMatching filter
                 Key: GERONIMO-6525
                 URL: https://issues.apache.org/jira/browse/GERONIMO-6525
             Project: Geronimo
          Issue Type: Bug
      Security Level: public (Regular issues)
          Components: security
    Affects Versions: 3.0.1
         Environment: Windows server 2003
JDK1.7.0_60
            Reporter: Jean-Jacques Parent
            Priority: Minor


Get problem when using such property in a ldap securityrealm:
in the console : userSearchMatching=(&(sAMAccountName={0})(objectclass=user))
 in the config.xml : 
userSearchMatching=(&(sAMAccountName\={0})(objectclass\=user))

- used to work with geronimo 2
- get error with geronimo 3 
javax.naming.directory.InvalidSearchFilterException: Unbalanced parenthesis; 
remaining name 'dc=brucity,dc=be'
        at com.sun.jndi.ldap.Filter.findRightParen(Filter.java:694)
        at com.sun.jndi.ldap.Filter.encodeFilterList(Filter.java:733)
        at com.sun.jndi.ldap.Filter.encodeComplexFilter(Filter.java:657)
        at com.sun.jndi.ldap.Filter.encodeFilter(Filter.java:104)
        at com.sun.jndi.ldap.Filter.encodeFilterString(Filter.java:74)
        at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:547)
        at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:1985)
        at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1847)
        at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772)
        at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386)
        at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356)
        at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339)
        at 
org.apache.aries.jndi.DelegateContext.search(DelegateContext.java:365)
        at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267)
        at 
org.apache.geronimo.security.realm.providers.LDAPLoginModule.authenticate(LDAPLoginModule.java:260)
        at 
org.apache.geronimo.security.realm.providers.LDAPLoginModule.login(LDAPLoginModule.java:154)
- think tha tthe problem is &. works fine in G3 with (sAMAccountName={0})

One question: in LDAPLoginModule.authenticate(). What is the purpose of this 
code : if (results.hasMore()) {} ?
This make the authentication fail. Need to comment it out to get it work...




--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to