Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-3249

Active Directory lookup fails for members of groups with special characters in the name


    • Icon: Patch Patch
    • Resolution: Fixed
    • Icon: Major Major
    • None
    • Platform: All, OS: Linux

      If the user is a member of a group which contains a special character as defined
      by javax.naming.CompositeName an exception will happen and the user will be
      unable to log in.

        • Looking at the patch will help to understand the following note **

      The string that we pass into getAttributes is placed into a
      javax.naming.CompositeName. If the string that we pass in has a special
      character ('/' in our case for example) the string that is passed in is
      misunderstood and ends up causing an exception (forget which one right now - had
      this patch in production for a few weeks) and does not allow the user to log in.
      The string that we pass down needs to be properly escaped - I did this by
      enclosing the string in " but it can be done other ways. This will obviously
      fail if the string already contains a " so a better approach might need to be
      taken. Been a few weeks since I have done the investigation, but I think this
      is something that should come back to the mainstream.


            Unassigned Unassigned
            nairb774 nairb774
            0 Vote for this issue
            0 Start watching this issue