-
Bug
-
Resolution: Low Engagement
-
Low
-
None
-
5.4.4
-
5
-
Severity 3 - Minor
-
Setting this to Critical as it inflates license counts and therefor negatively affects your customer costs.
Reproduce:
1. Create an LDAP Directory with Basic Setttings and Ensure its Working
2. Add any negative logic to your Object Filter
Example:
Change:
(&(objectCategory=Person)(sAMAccountName=*))
to
(&(objectCategory=Person)(sAMAccountName=*)(!OU=serviceaccounts,dc=yourdomain,dc=com))
Additionally the "Test Settings" button only tests the connection, it verifies NOTHING else. Change the button text or actually test the full LDAP settings please.
You will see this in the log on any attempted login. No LDAP users will be able to login.
2014-04-10 12:45:23,244 FATAL [http-10.28.1.96-80-1] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl 2014-04-10 12:48:12,098 INFO [http-10.28.1.96-80-3] [crowd.embedded.admin.ConfigurationController] onSubmit Configuration test successful for user directory: [ Delegated LDAP Authentication ], type: [ DELEGATING ] 2014-04-10 12:48:34,896 FATAL [http-10.28.1.96-80-7] [springframework.ldap.control.AbstractRequestControlDirContextProcessor] postProcess No matching response control found for paged results - looking for 'class javax.naming.ldap.PagedResultsResponseControl 2014-04-10 12:48:34,898 ERROR [http-10.28.1.96-80-7] [crowd.manager.application.ApplicationServiceGeneric] authenticateUser Directory 'Delegated LDAP Authentication' is not functional during authentication of 'skling'. Skipped.