Uploaded image for project: 'camunda BPM'
  1. camunda BPM
  2. CAM-2730

LDAP Identity Provide should correctly handle empty string

    XMLWordPrintable

Details

    • Bug Report
    • Status: Closed
    • L3 - Default
    • Resolution: Fixed
    • None
    • 7.2.0, 7.2.0-alpha5
    • engine

    Description

      When providing an empty password string to the checkPassword method we encounter an OperationNotSupportedException. Please find attached the complete stacktrace as well as a unit test to reproduce.

      When using the Microsoft LDAP implementation however an empty password string results in a positive return value. So anyone and everyone is able to login when leaving the password field in Tasklist empty.

      public void testLdapLoginEmptyPassword()

      { assertFalse(identityService.checkPassword("roman", "")); }

      mgm-controller-panel

        This is the controller panel for Smart Panels app

        Attachments

          Issue Links

            is related to

            Task - A task that needs to be done. CAM-2695 Improve robustness of LDAP integration

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Bug Report - A problem which impairs or prevents the functions of the product. CAM-2391 I can not edit, delete or add users to groups with a backslash in the group ID

            • L3 - Default - Minor issue or issue with existing workaround, feature requests and questions
            • Closed

            Activity

              People

                sebastian.menski Sebastian Menski
                masroor Masroor Ahmad
                Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  Salesforce