-
Patch
-
Resolution: Fixed
-
Major
-
None
-
Platform: All, OS: Linux
If the user is a member of a group which contains a special character as defined
by javax.naming.CompositeName an exception will happen and the user will be
unable to log in.
-
- Looking at the patch will help to understand the following note **
The string that we pass into getAttributes is placed into a
javax.naming.CompositeName. If the string that we pass in has a special
character ('/' in our case for example) the string that is passed in is
misunderstood and ends up causing an exception (forget which one right now - had
this patch in production for a few weeks) and does not allow the user to log in.
The string that we pass down needs to be properly escaped - I did this by
enclosing the string in " but it can be done other ways. This will obviously
fail if the string already contains a " so a better approach might need to be
taken. Been a few weeks since I have done the investigation, but I think this
is something that should come back to the mainstream.
Brian