JBoss ON LDAP group to role mapping fails if LDAP group returned by group filter does not have a cn attribute

Environment

• Red Hat JBoss Operations Network (JBoss ON) 3.3 Update 11 and earlier
• LDAP Authorization has been enabled
• One or more LDAP groups returned by the LDAP group search filter do not define the cn attribute
• Mapping LDAP groups to roles from the LDAP Groups tab of the Roles Administration page

Issue

• NullPointerException (NPE) when listing available LDAP groups using objectclass=* group search filter
• Attempting to map LDAP groups to User Roles fails if group objects returned do not include cn attribute

Resolution

This issue has been fixed in JBoss ON 3.3 Update 12 and later. Any group that is missing a cn attribute is ignored and will not be displayed on the role mapping page.

Root Cause

LDAP groups are expected to have a common-name (cn) attribute which is used for the name display in the LDAP Group to User Role mapping page.

This issue was identified as This content is not included.Red Hat Bug 1636061.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.