anonymous wrote : So to be clear - when you use double backslash coma in ldapsearch you get correct result but this still doesn't work in portal config?
Yes, exactly. In the portal, LDAPExtRoleModule doesn't find any Role memberships for users with a comma in their username. If the user has no comma, it finds roles. Here is an example that works, from the bundled ldap example: anonymous wrote : | 2007-07-17 10:22:33,136 DEBUG [org.hibernate.jdbc.ConnectionManager] aggressively releasing JDBC connection | 2007-07-17 10:22:33,136 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] findUserByUserName(): username = admin | 2007-07-17 10:22:33,136 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=admin) | 2007-07-17 10:22:33,136 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=admin) | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl] getRoles(): user DN = uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl] Search filter: member=uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModuleImpl] Search filter: member=uid=admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role uid: cn=Admin,ou=Roles,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role dn: cn=Admin,ou=Roles,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role uid: cn=User,ou=Roles,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role dn: cn=User,ou=Roles,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role uid: cn=foo,ou=Roles,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,152 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role dn: cn=foo,ou=Roles,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:22:33,183 INFO [STDOUT] user login | If I change the DN of admin to 'mister\, admin' and also update the affected roles, it doesn't find roles anymore: anonymous wrote : | 2007-07-17 10:35:52,153 DEBUG [org.hibernate.jdbc.ConnectionManager] aggressively releasing JDBC connection | 2007-07-17 10:35:52,153 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] findUserByUserName(): username = admin | 2007-07-17 10:35:52,153 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=admin) | 2007-07-17 10:35:52,153 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModuleImpl] Search filter: (uid=admin) | 2007-07-17 10:35:52,216 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: uid=mister\, admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:35:52,216 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: uid=mister\, admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:35:52,216 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl] getRoles(): user DN = uid=mister\, admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:35:52,216 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl] Search filter: member=uid=mister\, admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:35:52,216 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModuleImpl] Search filter: member=uid=mister\, admin,ou=People,o=test,dc=portal,dc=example,dc=com | 2007-07-17 10:35:52,325 INFO [STDOUT] user login | When I copy&paste the role search filters from above into an ldap search tool, the one from the first example works, the one from the second doesn't. If I add another backslash to the second example, it works as well. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4064893#4064893 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4064893 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
