Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-2730

LDAP Identity Provide should correctly handle empty string

    XMLWordPrintable

Details

    Description

      When providing an empty password string to the checkPassword method we encounter an OperationNotSupportedException. Please find attached the complete stacktrace as well as a unit test to reproduce.

      When using the Microsoft LDAP implementation however an empty password string results in a positive return value. So anyone and everyone is able to login when leaving the password field in Tasklist empty.

      public void testLdapLoginEmptyPassword()

      { assertFalse(identityService.checkPassword("roman", "")); }

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Task - A task that needs to be done. CAM-2695 Improve robustness of LDAP integration

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-2391 I can not edit, delete or add users to groups with a backslash in the group ID

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                sebastian.menski Sebastian Menski
                masroor Masroor Ahmad
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce