Details
Description
It is possible that a specially crafted LDAP user lookup can invoke the built in blacklisting of configured LDAP servers in Nexus 3, triggering an outage period equivalent to the retry delay configured for the LDAP server. When the server is in this temporary blacklisted state, all LDAP queries are bypassed for that server configuration, thereby affecting LDAP authentication and authorization requests for that server.
Expected
A configured LDAP server should not be blacklisted due to a scenario where no LDAP connection attempt was made, as is the case when client side LDAP query validation determines that the attempted query is syntactically invalid and an javax.naming.directory.InvalidSearchFilterException is thrown.
Attachments
Issue Links
- relates
-
NEXUS-17852 Problem connecting to LDAP server root cause is not logged at default log levels
-
- Closed
-