[
https://jira.codehaus.org/browse/MRM-1486?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=355368#comment-355368
]
Jonathan Sharp commented on MRM-1486:
-------------------------------------
Still seeing this issue in the current 2.1.2 snapshot, except the workaround
doesn't seem to work anymore.
I tried a filter using the manager attribute with openldap and
inetOrgPerson/groupOfUniqueNames objects.
ldap.config.mapper.attribute.user.filter is truncated in various ways on each
startup:
manager=cn=foo,ou=bar,dc=example,dc=com -> manager=cn=foo
manager=cn=foo\,ou=bar\,dc=example\,dc=com ->
manager=cn=foo,ou=bar,dc=example,dc=com -> manager=cn=foo
manager=cn=foo\\,ou=bar\\,dc=example\\,dc=com -> manager=cn=foo\
manager=cn=foo\\\,ou=bar\\\,dc=example\\\,dc=com ->
manager=cn=foo\,ou=bar\,dc=example\,dc=com ->
manager=cn=foo,ou=bar,dc=example,dc=com -> manager=cn=foo
(manager=cn=foo,ou=bar,dc=example,dc=com) -> (manager=cn=foo
...an escaping problem somewhere.
> ldap.config.mapper.attribute.user.filter using ldap not working correctly
> with commas.
> --------------------------------------------------------------------------------------
>
> Key: MRM-1486
> URL: https://jira.codehaus.org/browse/MRM-1486
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.3.5
> Environment: opensuse 11.4 (x86_64), sun jvm 1.6.0_22
> Reporter: Bruno Simioni
> Labels: LDAP, TOCHECK
> Fix For: 2.1.2
>
>
> Redback (i guess) security system replace in a wrong way the key user id in
> ldap.config.mapper.attribute.user.filter property.
> Using
> ldap.config.mapper.attribute.user.filter=ismemberof=cn=apps.archiva,ou=group,dc=example,dc=com
> Cases ldap query be like this:
> (&(objectClass=<SOME_STRUCTURAL_OC>)(ismemberof=cn=apps.archiva(uid=admin))
> The correct query, IMO, should be like this:
> (&(objectClass=<SOME_STRUCTURAL_OC>)(ismemberof=cn=apps.archiva,ou=group,dc=example,dc=com)(uid=admin))',
> as I specified before.
> <SOME_STRUCTURA_OC> may be something like this: (objectClass=posixAccount),
> assembled using ldap.config.mapper.attribute.user.object.class property.
>
> To solve (workarounding) the problem I had to hardcode all my ldap user
> mapping settings, in application.xml, like this:
> <component>
> <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
> <role-hint>ldap</role-hint>
>
> <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper</implementation>
> <configuration>
> <email-attribute>email</email-attribute>
> <full-name-attribute>cn</full-name-attribute>
> <password-attribute>userPassword</password-attribute>
> <user-id-attribute>uid</user-id-attribute>
> <user-base-dn>ou=people,dc=ampliato,dc=com,dc=br</user-base-dn>
> <user-object-class>posixAccount</user-object-class>
>
> <user-filter>(ismemberof=cn=apps.archiva,ou=group,dc=ampliato,dc=com,dc=br)</user-filter>
> </configuration>
> <requirements>
> <requirement>
> <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
> </requirement>
> </requirements>
> </component>
> Thats another related link around the same problem:
> http://jira.codehaus.org/browse/REDBACK-168
> Solved, but It just doesn't fix the problem.
--
This message was sent by Atlassian JIRA
(v6.1.6#6162)
