Issue
The Metadata for the LDAP users like Name and Email address were not populated on Release Server.
As shared in the screenshot the external users do not have the Name and Email address populated on the GUI.
Affected Products & Versions
This affects all the versions
Cause
The cause for this is by copying the old LDAP configuration in the xl-release-security.xml file from previous versions. Please check our latest document for changes.
Steps to Recreate
Use the following old LDAP configuration to recreate the issue. Once copied try to login using the LDAP user and see if the Metadata for that user is populated on GUI. You may notice that the Metadata for a logged-in LDAP user is missing as shown in screenshot above.
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/
XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:
p="http://www.springframework.org/schema/p" xsi:schemaLocation=" http://www.springframework.
org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.spring
framework.org/schema/security http://www.springframework.org/schema/security/spring-security.
xsd "> <bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://localhost:389/" /> <property name="userDn" value="cn=admin,dc=xl,dc=com" /> <property name="password" value="xxxxxxx" /> <property name="baseEnvironmentProperties"> <map> <entry key="java.naming.referral"> <value>ignore</value> </entry> </map> </property> </bean> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0" value="ou=users,dc=xl,dc=com" /> <constructor-arg index="1" value="uid={0}" /> <constructor-arg index="2" ref="ldapServer" /> </bean> <bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.Default
LdapAuthoritiesPopulator"> <constructor-arg ref="ldapServer" /> <constructor-arg value="ou=groups,dc=xl,dc=com" /> <property name="groupSearchFilter" value="uniqueMember={0}" /> <property name="rolePrefix" value="" /> <property name="searchSubtree" value="true" /> <property name="convertToUpperCase" value="false" /> </bean> <bean id="ldapProvider" class="org.springframework.security.ldap.authentication.Ldap
AuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.ldap.authentication.BindAuthenticator"> <constructor-arg ref="ldapServer" /> <property name="userSearch" ref="userSearch"> </property> </bean> </constructor-arg> <constructor-arg ref="authoritiesPopulator" /> </bean> <bean id="rememberMeAuthenticationProvider" class="com.xebialabs.deployit.security.
authentication.RememberMeAuthenticationProvider"/> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="rememberMeAuthenticationProvider" /> <security:authentication-provider ref="ldapProvider" /> </security:authentication-manager> </beans>
Workaround/Resolution Action
- Change the line in bold above
- From: <bean id="ldapProvider" class="org.springframework.security.ldap.authentication. LdapAuthenticationProvider">
- To: <bean id="ldapProvider" class="com.xebialabs.xlrelease.security.authentication. LdapAuthenticationProvider">
- Changing this line can help the LDAP user metadata to be populated in the GUI.
Considerations
Since we need the LDAP provider from Release, we are changing the line as mentioned above.
Comments
Please sign in to leave a comment.