Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18132

specially crafted ldap queries can blacklist LDAP servers on javax.naming.directory.InvalidSearchFilterException

    Details

    • Story Points:
      1

      Description

      It is possible that a specially crafted LDAP user lookup can invoke the built in blacklisting of configured LDAP servers in Nexus 3, triggering an outage period equivalent to the retry delay configured for the LDAP server. When the server is in this temporary blacklisted state, all LDAP queries are bypassed for that server configuration, thereby affecting LDAP authentication and authorization requests for that server.

      Expected

      A configured LDAP server should not be blacklisted due to a scenario where no LDAP connection attempt was made, as is the case when client side LDAP query validation determines that the attempted query is syntactically invalid and an javax.naming.directory.InvalidSearchFilterException is thrown. 

       

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mjohnson Matt Johnson
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Team:
              NXRM - Morpheus
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title