Bug#501650: Disable alias dereferencing when ATS server searches for user in

LDAP server.
2009-06-05 05:56:35 +00:00 · 2009-06-05 05:56:35 +00:00 · 8794590e50
commit 8794590e50
parent 21ba1ead80
1 changed files with 3 additions and 2 deletions
--- a/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
+++ b/CASA-auth-token/server-java/Svc/src/com/novell/casa/authtoksvc/PwdAuthenticate.java
@ -191,6 +191,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
            env.put(Context.SECURITY_PRINCIPAL, m_svcConfig.m_realmsInfo.proxyUsernameCredential(authReqMsg.getRealm()));
            env.put(Context.SECURITY_CREDENTIALS, m_svcConfig.m_realmsInfo.proxyPasswordCredential(authReqMsg.getRealm()));
         }
+         env.put("java.naming.ldap.derefAliases", "never");

         int retries = 3;
         while (retries != 0)
@ -237,9 +238,9 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
               if (realmType != null)
               {
                  if (realmType.equalsIgnoreCase(RealmsInfo.eDirectoryRealm))
-                     searchString = "(cn={0})";
+                     searchString = "(&(cn={0})(!(objectClass=aliasObject)))";
                  else if (realmType.equalsIgnoreCase(RealmsInfo.ActiveDirectoryRealm))
-                     searchString = "(sAMAccountName={0})";
+                     searchString = "(&(sAMAccountName={0})(!(objectClass=aliasObject)))";
                  else
                  {
                     m_log.warn("invoke()- Unsupported realm type " + realmType);