Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-89295

Empty Attributes in LDAP request can cause it to be rejected

    XMLWordPrintable

Details

    Description

      The Wireshark data revealed that Liferay was sending LDAP requests with empty Attributes. Some Red Hat Directory LDAP servers have patches which rejected LDAP requests with more than 1 empty Attribute, this causes Liferay LDAP requests to fail. See this. Removing empty attributes from the request allows it to succeed again.

      Steps to Reproduce:

      1. Setup an LDAP server and connect Liferay to it. I used these steps.
      2. Setup wireshark to monitor traffic to the LDAP server
      3. Sign out of Liferay, clear the wireshark data, then sign in and stop collecting wireshark data
      4. In the wireshark captured data, find the first LDAP request which includes AttributeDescriptions in it's LDAProtocol.
        Actual Result: Empty AttributeDescriptions exist - with the above setup only 13 of 19 are filled. See
        Expected Result: No empty AttributeDescriptions are sent in request.

      Attachments

        Activity

          People

            sharry.shi Sharry Shi
            joshua.cords Joshua Cords
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:
              4 years, 18 weeks, 5 days ago

              Packages

                Version Package
                7.0.0 DXP FP73
                7.0.10.11 DXP SP11
                7.0.X
                7.1.10 DXP FP7
                7.1.10.2 SP2
                7.1.3 CE GA4
                7.1.X
                Master