https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
Bug ID: 63026
Summary: JNDIRealm fails to authenticate user with 2 trailing
spaces CN
Product: Tomcat 8
Version: 8.0.33
Hardware: PC
Status: NEW
Severity: minor
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: david.anuszew...@cerner.com
Target Milestone: ----
Using JNDIRealm to authenticate users against Microsoft Active Directory fails
if the AD user object has 2 trailing spaces in it's cn. Realm is configured
with adCompat="true" and userSearch="(sAMAccountName={0})".
Debugging through the code the getUserBySearch() method ldap search returns a
result with only the last space escaped, but the method getDistinquishedName()
returns a dn with both spaces escaped. In this scenario the bindAsUser()
method will return false resulting in an authentication failure. If I modify
the dn returned from getDistinquishedName() to only escape the last space in
the cn the bindAsUser() method will return true and the authentication will be
successful.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
