Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-2730

LDAP Identity Provide should correctly handle empty string

    XMLWordPrintable

    Details

    • Type: Bug Report
    • Status: Closed
    • Priority: L3 - Default
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 7.2.0, 7.2.0-alpha5
    • Component/s: engine
    • Labels:
    • Title Keywords:
      ldap

      Description

      When providing an empty password string to the checkPassword method we encounter an OperationNotSupportedException. Please find attached the complete stacktrace as well as a unit test to reproduce.

      When using the Microsoft LDAP implementation however an empty password string results in a positive return value. So anyone and everyone is able to login when leaving the password field in Tasklist empty.

      public void testLdapLoginEmptyPassword()

      { assertFalse(identityService.checkPassword("roman", "")); }

        Attachments

          Issue Links

          is related to

          Task - A task that needs to be done. CAM-2695 Improve robustness of LDAP integration

          • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
          • Closed

          Bug Report - A problem which impairs or prevents the functions of the product. CAM-2391 I can not edit, delete or add users to groups with a backslash in the group ID

          • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
          • Closed

            Activity

              People

              Assignee:
              sebastian.menski Sebastian Menski
              Reporter:
              masroor Masroor Ahmad
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: