Uploaded image for project: 'LDAP'
  1. LDAP
  2. LDAP-20

LDAP substring matching

    XMLWordPrintable

Details

    Description

      Hi,
      we've found that LDAP auth matches wrong user in certain conditions.

      1. we have three users in LDAP: xyz_a, xyz_ab, xyz_abc
      2. user xyz_a fill the credentials on xwiki login page
      3. xwiki queries LDAP for users (as it seems for all the users eligible to login)
      4. three users for "xyz_a" string are found
      5. xwiki tries to auth to last matched LDAP account - xyz_abc
      6. Login fails

      Attachments

        Activity

          People

            tmortagne Thomas Mortagne
            martin.tippl Martin Tippl
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: