Spring Security
  1. Spring Security
  2. SEC-1444

BindAuthentiator Fails for Active Directory DN Containing Special Chars

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.2
    • Fix Version/s: 3.0.3, 3.1.0.M1
    • Component/s: LDAP
    • Labels:
      None

      Description

      BindAuthenticator.java (3.0.2) line 115, change userDN:

      Attributes attrs = ctx.getAttributes(userDn, getUserAttributes());

      to fullDn:

      Attributes attrs = ctx.getAttributes(fullDn, getUserAttributes());

      The reason is that when you use fullDn the DN string is generated using the LdapEncoder from Spring-LDAP. If you use the raw userDn string that encoding isn't used, so special characters in a username (admittedly rare) can prevent the user from authenticating.

        Activity

        Hide
        Anton Khitrenovich added a comment -

        Hi Luke,

        From the conversation above it is not clear whether this fix was released in some 2.0.x version.I did a quick search in the release notes of 2.0.5 and up and did not find anything related. Please clarify...

        Thanks in advance,
        Anton.

        Show
        Anton Khitrenovich added a comment - Hi Luke, From the conversation above it is not clear whether this fix was released in some 2.0.x version.I did a quick search in the release notes of 2.0.5 and up and did not find anything related. Please clarify... Thanks in advance, Anton.
        Hide
        Luke Taylor added a comment -

        Check the commit log:

        $ git checkout 2.0.x
        $ git log --pretty=oneline | grep SEC-1444
        d6f6a544556dfd940257ef6d2989494176b7421c SEC-1444: Backport of changes to 2.0.x

        or the source tab...

        Show
        Luke Taylor added a comment - Check the commit log: $ git checkout 2.0.x $ git log --pretty=oneline | grep SEC-1444 d6f6a544556dfd940257ef6d2989494176b7421c SEC-1444 : Backport of changes to 2.0.x or the source tab...
        Hide
        Anton Khitrenovich added a comment -

        Luke,

        I'm a user of this project, not a developer.
        IMHO, setting up the development environment in order to get answer to this simple question is an overkill.

        Please correct me if I'm wrong...

        Regards,
        Anton.

        Show
        Anton Khitrenovich added a comment - Luke, I'm a user of this project, not a developer. IMHO, setting up the development environment in order to get answer to this simple question is an overkill. Please correct me if I'm wrong... Regards, Anton.
        Hide
        Luke Taylor added a comment -

        Yes, I think you're wrong . And I don't mean that in a bad way. The first thing I do when I have an issue with a third-party project which uses git is clone the source repository. It is a veritable gold mine of information and an essential skill when working with open source.

        Of course if you disagree, there is still the "source" tab

        Show
        Luke Taylor added a comment - Yes, I think you're wrong . And I don't mean that in a bad way. The first thing I do when I have an issue with a third-party project which uses git is clone the source repository. It is a veritable gold mine of information and an essential skill when working with open source. Of course if you disagree, there is still the "source" tab
        Hide
        Anton Khitrenovich added a comment -

        According to commit history in 2.0.x branch, it should be 2.0.6.RELEASE... Can you please add it to the list of fix versions?

        Show
        Anton Khitrenovich added a comment - According to commit history in 2.0.x branch, it should be 2.0.6.RELEASE... Can you please add it to the list of fix versions?

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Jeff Nadler
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: