Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-23204

LDAP config breaks with passwords with a # pound symbol

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.19.1
    • Fix Version/s: None
    • Component/s: LDAP
    • Labels:
    • Environment:
      Nexus on CentOS 7 (all system packages and kernel are up to date as of march 16, 2020)

      Description

      We configured our Nexus Repository Manager OSS 3.19.1-01 with a LDAP connection to the AD server (didn't test on later versions). Which works fine for most users. Authentication is working properly for the docker registry being hosted by Nexus. But also directly on the Nexus GUI itself to browse through other repositories.

      Apparently when a user has a # (pound) symbol in the password things just stop working during the authentication process. We've repeatedly tested this by ONLY changing the password for the user on AD site and trying to connect to Nexus (via "verify login" on the LDAP tab, and via "docker login my.nexus.repo:5000" ).

      Having a pound # in the password doesn't work. On docker login it replies with a 401, and with "verify login" it yields
      Failed to connect to LDAP Server: User 'CN=myCN,OU=myOU,OU=otherOU,DC=myDC,DC=otherDC' cannot be authenticated. [Caused by javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0c09042A, comment: AcceptSecurityContext error, data52e, v3839]]

      When changing the password back to a password without a # pound it works perfectly fine.

      Also tried a local account with a # symbol, but that works perfectly fine as well. So it seems LDAP / AD related

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              markri Marco
              Last Updated By:
              Joe Tom Joe Tom
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title