[MAGNOLIA-5815] LDAP groups can have names which are illegal in JCR Created: 28/Oct/08  Updated: 05/Jan/17  Resolved: 18/Jun/14

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: None
Fix Version/s: 4.5.20

Type: Bug Priority: Major
Reporter: Magnolia International Assignee: Milan Divilek
Resolution: Fixed Votes: 0
Labels: maintenance
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
dependency
relation
is related to MAGNOLIA-6915 Invalid principalName should not thro... Closed
is related to MGNLLDAP-97 LDAP groups can have names which are ... Closed
is related to MGNLLDAP-53 UserID needs to be escaped when subst... Closed
Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

LdapAuthenticationModule blindly passes LDAP group names to GroupManager in collectRoleNames() and collectGroupNames; this can lead to RepositoryExceptions being thrown if a group name contains a ' for instance (which seem to happen on default french AD installations: Administrateurs de l'entreprise)

We should either log/ignore those (specific) exceptions or filter the names...



 Comments   
Comment by Milan Divilek [ 18/Jun/14 ]

This is not an issue in M5.2.x, where was use of queries replaced with node traversal in group manager. MAGNOLIA-5455

Generated at Mon Feb 12 04:08:38 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.