From 47e947ad7b726474b61f5ead8056fcaf5c8f1ec2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marlon=20M=C3=BCller?= <marmueller@united-internet.de>
Date: Wed, 27 Oct 2021 14:11:07 +0200
Subject: [PATCH] ARTEMIS-3542 Avoid requesting LDAP root attribute

Check getAttributes with dn of user entry to avoid missing permissions
---
 .../artemis/spi/core/security/jaas/LDAPLoginModule.java    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
index ea8456bf64f..da031ff4b49 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -579,7 +579,12 @@ protected boolean bindUser(DirContext context, String dn, String password) throw
       context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
       context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
       try {
-         context.getAttributes("", null);
+         String baseDn = getLDAPPropertyValue(ConfigKey.CONNECTION_URL).replaceFirst(".*/", ",");
+         String userDn = dn.replace(baseDn, "");
+         if (logger.isDebugEnabled()) {
+            logger.debug("Get user Attributes with dn " + userDn);
+         }
+         context.getAttributes(userDn, null);
          isValid = true;
          if (logger.isDebugEnabled()) {
             logger.debug("User " + dn + " successfully bound.");