https://bz.apache.org/bugzilla/show_bug.cgi?id=63026
Bug ID: 63026 Summary: JNDIRealm fails to authenticate user with 2 trailing spaces CN Product: Tomcat 8 Version: 8.0.33 Hardware: PC Status: NEW Severity: minor Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: david.anuszew...@cerner.com Target Milestone: ---- Using JNDIRealm to authenticate users against Microsoft Active Directory fails if the AD user object has 2 trailing spaces in it's cn. Realm is configured with adCompat="true" and userSearch="(sAMAccountName={0})". Debugging through the code the getUserBySearch() method ldap search returns a result with only the last space escaped, but the method getDistinquishedName() returns a dn with both spaces escaped. In this scenario the bindAsUser() method will return false resulting in an authentication failure. If I modify the dn returned from getDistinquishedName() to only escape the last space in the cn the bindAsUser() method will return true and the authentication will be successful. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org