Details

    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Fixed
    • Affects Version/s: 8.4.1
    • Fix Version/s: 8.4.2
    • Component/s: Authenticator
    • Labels:
    • Similar issues:

      Description

      Hi,
      we've found that LDAP auth matches wrong user in certain conditions.

      1. we have three users in LDAP: xyz_a, xyz_ab, xyz_abc
      2. user xyz_a fill the credentials on xwiki login page
      3. xwiki queries LDAP for users (as it seems for all the users eligible to login)
      4. three users for "xyz_a" string are found
      5. xwiki tries to auth to last matched LDAP account - xyz_abc
      6. Login fails

        Attachments

          Activity

            People

            • Assignee:
              tmortagne Thomas Mortagne
              Reporter:
              martin.tippl Martin Tippl
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Date of First Response: