ARTEMIS-2192 fix listener for LegacyLDAPSecuritySettingPlugin #2516
Conversation
| if (logger.isDebugEnabled()) { | ||
| logger.debug("\tSkipping unexpected search result with " + rdns.size() + " RDNs."); | ||
| } | ||
| return; | ||
| } | ||
| // we can count on the RNDs being in order from right to left | ||
| Rdn rdn = rdns.get(0); | ||
| Rdn rdn = rdns.get(rdns.size() - 3); |
There was a problem hiding this comment.
Hands up this isnt something im super hot on, and im not entirely sure what this code is doing and what expected results or ldap setup must be followed (so please choose to ignore this)
but i do know from LDAP its possible to get duplicate rdns, so what occurs if rdns is > 3 and a dn is duplicated
e.g.
uid=john.doe,ou=People,dc=example,dc=com
dc is twice here, what do you need? also would mean you may miss the dn you do want maybe the in this case, would be uid.
There was a problem hiding this comment.
tbh the older, hard coded rdns made a bit more sense to me, at least i know what rdn are being expected and looked for, and ordering (to handle duplicates in response) wouldnt be an issue.
There was a problem hiding this comment.
The problem with the hard-coded rdns is that the plugin won't work for anybody who doesn't use the same values. I don't see duplicates as being a problem with this code. It simply takes the first three rdns and interprets them as permission-type, destination-name, & destination-type. It doesn't care about the rdns past that.
No description provided.