You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@activemq.apache.org by jb...@apache.org on 2021/12/14 03:56:16 UTC
[activemq-artemis] branch main updated: ARTEMIS-3542 Avoid requesting LDAP root attribute
This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 47e947a ARTEMIS-3542 Avoid requesting LDAP root attribute
new b585155 This closes #3820
47e947a is described below
commit 47e947ad7b726474b61f5ead8056fcaf5c8f1ec2
Author: Marlon Müller <ma...@united-internet.de>
AuthorDate: Wed Oct 27 14:11:07 2021 +0200
ARTEMIS-3542 Avoid requesting LDAP root attribute
Check getAttributes with dn of user entry to avoid missing permissions
---
.../activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
index ea8456b..da031ff 100644
--- a/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
+++ b/artemis-server/src/main/java/org/apache/activemq/artemis/spi/core/security/jaas/LDAPLoginModule.java
@@ -579,7 +579,12 @@ public class LDAPLoginModule implements AuditLoginModule {
context.addToEnvironment(Context.SECURITY_PRINCIPAL, dn);
context.addToEnvironment(Context.SECURITY_CREDENTIALS, password);
try {
- context.getAttributes("", null);
+ String baseDn = getLDAPPropertyValue(ConfigKey.CONNECTION_URL).replaceFirst(".*/", ",");
+ String userDn = dn.replace(baseDn, "");
+ if (logger.isDebugEnabled()) {
+ logger.debug("Get user Attributes with dn " + userDn);
+ }
+ context.getAttributes(userDn, null);
isValid = true;
if (logger.isDebugEnabled()) {
logger.debug("User " + dn + " successfully bound.");