Bug#501650: Disable alias dereferencing when ATS server searches for user in

LDAP server.
This commit is contained in:
S Rahul 2009-06-05 05:56:35 +00:00
parent 21ba1ead80
commit 8794590e50

View File

@ -191,6 +191,7 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
env.put(Context.SECURITY_PRINCIPAL, m_svcConfig.m_realmsInfo.proxyUsernameCredential(authReqMsg.getRealm()));
env.put(Context.SECURITY_CREDENTIALS, m_svcConfig.m_realmsInfo.proxyPasswordCredential(authReqMsg.getRealm()));
}
env.put("java.naming.ldap.derefAliases", "never");
int retries = 3;
while (retries != 0)
@ -237,9 +238,9 @@ public final class PwdAuthenticate implements AuthMechanism, Serializable
if (realmType != null)
{
if (realmType.equalsIgnoreCase(RealmsInfo.eDirectoryRealm))
searchString = "(cn={0})";
searchString = "(&(cn={0})(!(objectClass=aliasObject)))";
else if (realmType.equalsIgnoreCase(RealmsInfo.ActiveDirectoryRealm))
searchString = "(sAMAccountName={0})";
searchString = "(&(sAMAccountName={0})(!(objectClass=aliasObject)))";
else
{
m_log.warn("invoke()- Unsupported realm type " + realmType);