glassfish
  1. glassfish
  2. GLASSFISH-10843

some of the ldap properties are not deleted when new ldapRealm is created

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: V3
    • Fix Version/s: 3.1.1_b01
    • Component/s: admin
    • Labels:
      None
    • Environment:

      Operating System: All
      Platform: PC

      Description

      1. asadmin create-domain domain1
      2. asadmin start-domain

      configure a ldapRealm with a group
      ---------------------------------

      1. asadmin configure-ldap-for-admin --basedn
        ou=glassfish,o=sunmicrosystemsinc,c=usa,dc=sfbay,dc=sun,dc=com --url
        ldap://easqesf5.sfbay.sun.com:389 -g administration
        LDAP server at ldap://easqesf5.sfbay.sun.com:389 is accessible.
        ...
        The LDAP Auth Realm admin-realm was configured correctly in admin server's
        configuration.

      Command configure-ldap-for-admin executed successfully.

      -------------------------------------------
      domain.xml after first realm configuration
      -------------------------------------------

      <auth-realm name="admin-realm"
      classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
      <property name="directory" value="ldap://easqesf5.sfbay.sun.com:389" />
      <property name="base-dn"
      value="ou=glassfish,o=sunmicrosystemsinc,c=usa,dc=sfbay,dc=sun,dc=com" />
      <property name="jaas-context" value="ldapRealm" />
      <property name="group-mapping" value="administration->asadmin" />
      </auth-realm>

      ----------------------------------------------------------

      Now I create another ldapRealm configuration without a group.
      -------------------------------------------------------------

      1. asadmin configure-ldap-for-admin --basedn
        ou=glassfish,o=sunmicrosystemsinc,c=usa,dc=sfbay,dc=sun,dc=com --url
        ldap://easqesf5.sfbay:389
        Enter admin user name> gfuser1
        Enter admin password for user "gfuser1">
        LDAP server at ldap://easqesf5.sfbay.sun.com:389 is accessible.
        ...
        The LDAP Auth Realm admin-realm was configured correctly in admin server's
        configuration.

      Command configure-ldap-for-admin executed successfully.

      see below the domain.xml still has the group from previous config which is a bug.

      <auth-realm name="admin-realm"
      classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
      <property name="directory" value="ldap://easqesf5.sfbay:389" />
      <property name="base-dn"
      value="ou=glassfish,o=sunmicrosystemsinc,c=usa,dc=sfbay,dc=sun,dc=com" />
      <property name="jaas-context" value="ldapRealm" />
      <property name="group-mapping" value="administration->asadmin" />
      </auth-realm>

        Activity

        Hide
        Nithya Ramakrishnan added a comment -

        This issue is not reproducible in the latest 3.1 builds. On recreating the admin ldap realm without the -g option, the ldapRealm groupname mapping is not present in domain.xml:

        <auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="admin-realm">
        <property name="directory" value="ldap://localhost:1389"></property>
        <property name="base-dn" value="dc=example,dc=com"></property>
        <property name="jaas-context" value="ldapRealm"></property>
        </auth-realm>

        Show
        Nithya Ramakrishnan added a comment - This issue is not reproducible in the latest 3.1 builds. On recreating the admin ldap realm without the -g option, the ldapRealm groupname mapping is not present in domain.xml: <auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" name="admin-realm"> <property name="directory" value="ldap://localhost:1389"></property> <property name="base-dn" value="dc=example,dc=com"></property> <property name="jaas-context" value="ldapRealm"></property> </auth-realm>
        Hide
        Nithya Ramakrishnan added a comment -

        Could you please let us know if the same error is happening currently in the latest build? When we had tested last, this was found to be working correctly as expected.
        If the same error is found to be happening, please provide us details of the ldap setup, so that we could reconfirm if the error happens.

        Thanks
        Nithya

        Show
        Nithya Ramakrishnan added a comment - Could you please let us know if the same error is happening currently in the latest build? When we had tested last, this was found to be working correctly as expected. If the same error is found to be happening, please provide us details of the ldap setup, so that we could reconfirm if the error happens. Thanks Nithya
        Hide
        Nithya Ramakrishnan added a comment -

        Re-opened by mistake. Closed as per previous observation.

        Show
        Nithya Ramakrishnan added a comment - Re-opened by mistake. Closed as per previous observation.
        Hide
        Nithya Ramakrishnan added a comment -

        Re-opening to change the fix version

        Show
        Nithya Ramakrishnan added a comment - Re-opening to change the fix version
        Hide
        Nithya Ramakrishnan added a comment -

        Fixed

        Show
        Nithya Ramakrishnan added a comment - Fixed

          People

          • Assignee:
            kumarjayanti
            Reporter:
            sankarpn
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: