Skip to navigation

If an LDAP user's DN contains a backslash (\) character, JBoss ON fails to authenticate the user

Updated 2013-08-19T19:25:39+00:00

Issue

  • Authentication fails when user has "\," in it's LDAP CN
  • server.log contains this error:

    INFO  [org.rhq.enterprise.server.core.jaas.LdapLoginModule] Failed to validate password: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1
    
  • User login fails and the following error appears in the server log:

    INFO  [org.rhq.enterprise.server.core.jaas.LdapLoginModule] Failed to validate password: [LDAP: error code 49 - cannot bind the principalDn.]
    
  • Backslashes (\) are not properly handled when they appear in a distinguished name (DN)

Environment

  • Red Hat JBoss Operations Network (ON) 3.1.2
  • JBoss ON server has been configured to use LDAP for user authentication
  • Affected user has a backslash () in their DN:

    dn: cn=Charles H\\Samlin,ou=users,dc=test,dc=rhq,dc=redhat,dc=com
    

Subscriber content preview. For full access to the Red Hat Knowledgebase, please log in.

Not a subscriber? Learn more about the benefits of Red Hat Subscriptions.