Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-18056

Setting user search attribute to mail in top level realm prevents amadmin access to admin console

    XMLWordPrintable

    Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 7.1.0
    • None
    • XUI
    • Rank:
      1|i053ye:

      Description

      Bug description

      Changing the top level realm's data store to use the mail attribute as the user search attribute prevents amadmin logins. The UI will display an empty page, and the following can be seen on the dev console:

      UserModel.js:85 Uncaught TypeError: n.id.toLowerCase is not a function
          at r.parse (UserModel.js:85)
          at e.success (backbone.js:604)
          at Object.e.success (ServiceInvoker.js:121)
          at l (jquery.js:3496)
          at Object.fireWith [as resolveWith] (jquery.js:3626)
          at S (jquery.js:9786)
          at XMLHttpRequest.<anonymous> (jquery.js:10047)
      

      How to reproduce the issue

      • Install AM 7.1.0
      • Go to embedded data store's settings and update LDAP Users Search Attribute to mail
      • Attempt to log in as amadmin on a different browser
      Expected behaviour

      amadmin can still access the UI

      Current behaviour

      admin console access is broken

      Code analysis

      amadmin has an empty string mail attribute value, which will translate to mail: [] on the /json/users call, which will pass the if (!user.id) check in UserModel.js.

        Attachments

          Issue Links

            Activity

              People

              Unassigned Unassigned
              peter.major.fr Peter Major
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: