On my local instance, I have tested the 4 combination of the new attributes in org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider
and found that only when both are set to true, I was able to login with credentials from LDAP server. see table below for time stamps of the four tested combinations.
I have setup a test harness at http://10.36.65.137:4502. It is configured for LDAP server on my laptop, which provides user001 ... user010. All have same password, '1234'.
Note: I have not repeated the above tests on the test harness due to time constraints.
|16.05.2015 11:14:59.066||false||true||NG @ 16.05.2015 11:16:37.431 (1)|
|16.05.2015 11:18:40.627||false||false||NG @ 16.05.2015 11:19:54.971 (2)|
|16.05.2015 11:21:31.757||true||false||NG @ ??. No error in LDAP.log. But username and pwd not match|
Excerpts from ldap.log