Affects Version/s: 7.0.X, 7.1.X, Master
Component/s: Application Security > LDAP
The Wireshark data revealed that Liferay was sending LDAP requests with empty Attributes. Some Red Hat Directory LDAP servers have patches which rejected LDAP requests with more than 1 empty Attribute, this causes Liferay LDAP requests to fail. See this. Removing empty attributes from the request allows it to succeed again.
Steps to Reproduce:
- Setup an LDAP server and connect Liferay to it. I used these steps.
- Setup wireshark to monitor traffic to the LDAP server
- Sign out of Liferay, clear the wireshark data, then sign in and stop collecting wireshark data
- In the wireshark captured data, find the first LDAP request which includes AttributeDescriptions in it's LDAProtocol.
Actual Result: Empty AttributeDescriptions exist - with the above setup only 13 of 19 are filled. See
Expected Result: No empty AttributeDescriptions are sent in request.