ARTEMIS-3542 Avoid requesting LDAP root attribute

Check getAttributes with dn of user entry to avoid missing permissions
apache · Dec 14, 2021 · 47e947a · 47e947a
1 parent c502e94
commit 47e947a
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/...ver/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/...ver/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -579,7 +579,12 @@ protected boolean bindUser(DirContext context, String dn, String password) throw
       context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
       context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
       try {
-         context.getAttributes("", null);
+         String baseDn = getLDAPPropertyValue(ConfigKey.CONNECTION_URL).replaceFirst(".*/", ",");
+         String userDn = dn.replace(baseDn, "");
+         if (logger.isDebugEnabled()) {
+            logger.debug("Get user Attributes with dn " + userDn);
+         }
+         context.getAttributes(userDn, null);
          isValid = true;
          if (logger.isDebugEnabled()) {
             logger.debug("User " + dn + " successfully bound.");