Uploaded image for project: 'Jetspeed 2'
  1. Jetspeed 2
  2. JS2-562

LDAP attribute name comparison should be case-insensitive

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0-FINAL
    • Fix Version/s: 2.1-dev, 2.1
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Windows 2000 SP4, JDK1.5, Apache-DS

      Description

      When trying to authenticate against an LDAP server (in this case, Apache-DS from a seperate installation), the authentication failed because the userPassword attribute was not found.

      The attribute exists within LDAP, but the case is different (userpassword). While the schema suggests the specified ID (userPassword) is correct, I believe LDAP is supposedly case-insensitive, and so ideally the attribute comparison should also be.

      The change required is to the getAttribute method within org.apache.jetspeed.security.spi.impl.ldap.LdapUserCredentialDaoImpl, replacing the equals() method with equalsIgnoreCase().

        Attachments

          Activity

            People

            • Assignee:
              taylor David Sean Taylor
              Reporter:
              mjkearns Michael Kearns
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: