Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-89295

Empty Attributes in LDAP request can cause it to be rejected

    Details

      Description

      The Wireshark data revealed that Liferay was sending LDAP requests with empty Attributes. Some Red Hat Directory LDAP servers have patches which rejected LDAP requests with more than 1 empty Attribute, this causes Liferay LDAP requests to fail. See this. Removing empty attributes from the request allows it to succeed again.

      Steps to Reproduce:

      1. Setup an LDAP server and connect Liferay to it. I used these steps.
      2. Setup wireshark to monitor traffic to the LDAP server
      3. Sign out of Liferay, clear the wireshark data, then sign in and stop collecting wireshark data
      4. In the wireshark captured data, find the first LDAP request which includes AttributeDescriptions in it's LDAProtocol.
        Actual Result: Empty AttributeDescriptions exist - with the above setup only 13 of 19 are filled. See
        Expected Result: No empty AttributeDescriptions are sent in request.

        Attachments

          Activity

            People

            • Assignee:
              sharry.shi Sharry Shi
              Reporter:
              joshua.cords Joshua Cords
              Participants of an Issue:
              Recent user:
              Clarissa Velazquez
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                38 weeks ago

                Packages

                Version Package
                7.0.0 DXP FP73
                7.0.10.11 DXP SP11
                7.0.X
                7.1.10 DXP FP7
                7.1.10.2 SP2
                7.1.3 CE GA4
                7.1.X
                Master