[Koha-bugs] [Bug 28780] New: Auth_with_ldap only searches tree with anon_bind
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 29 15:14:38 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28780
Bug ID: 28780
Summary: Auth_with_ldap only searches tree with anon_bind
Change sponsored?: ---
Product: Koha
Version: 21.05
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: marceau at unh.edu
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
Created attachment 123282
-->
https://bugs.koha-community.org/bugzilla3/attachment.cgi?id=123282&action=edit
Auth_with_ldap patch to add tree searching wtih service account
If auth_by_bind is set, anonymous_bind is not set, and a 'service' account is
provided (<user> and <pass>), Auth_with_ldap.pm will not use the service
account to search the tree and determine the principal name. Instead it
requires the principal name to be provided in the XML.
This is a problem when users are in multiple OUs - there is no way to provide a
principal name that works for everyone. It is a relatively easy fix - just
adding an elsif to check if a service account is provided, then search the tree
with that.
We have multiple OUs, so I've modified the code and I've provided a patch as a
suggestion. This may not be the ideal fix and it may cause unintended issues
for users who aren't doing auth_by_bind. Would love to see something like this
incorporated into the koha code since I have to re-enable these each time we
update.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list