Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-18132

specially crafted ldap queries can blacklist LDAP servers on javax.naming.directory.InvalidSearchFilterException

    XMLWordPrintable

    Details

    • Story Points:
      1

      Description

      It is possible that a specially crafted LDAP user lookup can invoke the built in blacklisting of configured LDAP servers in Nexus 3, triggering an outage period equivalent to the retry delay configured for the LDAP server. When the server is in this temporary blacklisted state, all LDAP queries are bypassed for that server configuration, thereby affecting LDAP authentication and authorization requests for that server.

      Expected

      A configured LDAP server should not be blacklisted due to a scenario where no LDAP connection attempt was made, as is the case when client side LDAP query validation determines that the attempted query is syntactically invalid and an javax.naming.directory.InvalidSearchFilterException is thrown. 

       

       

        Attachments

          Issue Links

          relates

          Bug - A problem which impairs or prevents the functions of the product. NEXUS-17852 Problem connecting to LDAP server root cause is not logged at default log levels

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              mjohnson Matt Johnson
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Peter Lynch Peter Lynch
              Team:
              NXRM - Morpheus
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title