[CAM-2730] LDAP Identity Provide should correctly handle empty string - camunda JIRA

XML

Word

Printable

Details

Type: Bug Report
Status: Closed
Priority: L3 - Default
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 7.2.0, 7.2.0-alpha5
Component/s: engine
Labels:
- AD
- EasyPick

Description

When providing an empty password string to the checkPassword method we encounter an OperationNotSupportedException. Please find attached the complete stacktrace as well as a unit test to reproduce.

When using the Microsoft LDAP implementation however an empty password string results in a positive return value. So anyone and everyone is able to login when leaving the password field in Tasklist empty.

public void testLdapLoginEmptyPassword()

{ assertFalse(identityService.checkPassword("roman", "")); }

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

LdapLoginTest.java
1 kB
15/Sep/14 1:09 PM
stacktrace.txt
4 kB
15/Sep/14 1:09 PM

Issue Links

is related to

CAM-2695 Improve robustness of LDAP integration

Closed

CAM-2391 I can not edit, delete or add users to groups with a backslash in the group ID

Closed

Activity

People

Assignee:: Sebastian Menski

Reporter:: Masroor Ahmad

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 15/Sep/14 1:09 PM

Updated:: 30/Sep/14 3:09 PM

Resolved:: 16/Sep/14 11:18 AM