Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LDAP group members may be ignored when the member's RDN starts with cn (and possibly other attribute names). #15822

Closed
jvanhill opened this issue Feb 7, 2021 · 0 comments · Fixed by #15823
Closed

LDAP group members may be ignored when the member's RDN starts with cn (and possibly other attribute names). #15822

jvanhill opened this issue Feb 7, 2021 · 0 comments · Fixed by #15823
Assignees
@jvanhill
Labels
release bug This bug is present in a released version of Open Liberty release:21003 team:Wendigo East

Comments

@jvanhill
Copy link
Contributor

jvanhill commented Feb 7, 2021
edited
Loading

Group membership for LDAP group members may be incomplete when a member's RDN starts with CN or another LDAP attribute that is included userIdMap.

Take the following LDIFF for a group:

dn: cn=group,o=acme.com
objectclass: groupofnames
objectclass: top
cn: group
member: cn=user1,o=acme.com
member: uid=user2,o=acme.com

It is possible that member cn=user1,o=acme.com may be ignored, while member uid=user2,o=acme.com is included in group membership.

After the fix, the solution is to add both RDN's to the userIdMap (userIdMap="*:cn;*:uid"). There is no work around to support both RDNs prior to the fix.
@jvanhill jvanhill added team:Wendigo East release bug This bug is present in a released version of Open Liberty labels Feb 7, 2021
@jvanhill jvanhill self-assigned this Feb 7, 2021
@jvanhill jvanhill mentioned this issue Feb 7, 2021
Merged
jvanhill pushed a commit to jvanhill/open-liberty that referenced this issue Feb 8, 2021
Issue OpenLiberty#15822: Group membership is ignored if the user does…
c3b2586 
… not have the correct RDN.
jvanhill pushed a commit that referenced this issue Feb 9, 2021
Merge pull request #15823 from jvanhill/15822-RdnGroupMembership
3e9e706 
Issue #15822: Group membership is ignored if the user does not have t…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jvanhill jvanhill

Labels
release bug This bug is present in a released version of Open Liberty release:21003 team:Wendigo East
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Issue #15822: Group membership is ignored if the user does not have t… jvanhill/open-liberty
2 participants
@jvanhill @LibbyBot