LDAP group members may be ignored when the member's RDN starts with cn (and possibly other attribute names). #15822
Labels
release bug
This bug is present in a released version of Open Liberty
release:21003
team:Wendigo East
Group membership for LDAP group members may be incomplete when a member's RDN starts with CN or another LDAP attribute that is included userIdMap.
Take the following LDIFF for a group:
It is possible that member
cn=user1,o=acme.com
may be ignored, while memberuid=user2,o=acme.com
is included in group membership.After the fix, the solution is to add both RDN's to the userIdMap (userIdMap="*:cn;*:uid"). There is no work around to support both RDNs prior to the fix.
The text was updated successfully, but these errors were encountered: