Bug ID: 63026
           Summary: JNDIRealm fails to authenticate user with 2 trailing
                    spaces CN
           Product: Tomcat 8
           Version: 8.0.33
          Hardware: PC
            Status: NEW
          Severity: minor
          Priority: P2
         Component: Catalina
  Target Milestone: ----

Using JNDIRealm to authenticate users against Microsoft Active Directory fails
if the AD user object has 2 trailing spaces in it's cn.  Realm is configured
with adCompat="true" and userSearch="(sAMAccountName={0})".  

Debugging through the code the getUserBySearch() method ldap search returns a
result with only the last space escaped, but the method getDistinquishedName()
returns a dn with both spaces escaped.  In this scenario the bindAsUser()
method will return false resulting in an authentication failure.  If I modify
the dn returned from getDistinquishedName() to only escape the last space in
the cn the bindAsUser() method will return true and the authentication will be

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to