https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18992 Bug ID: 18992 Summary: LDAP fallback behaviour not consistent Change sponsored?: --- Product: Koha Version: master Hardware: All OS: All Status: NEW Severity: normal Priority: P5 - low Component: Authentication Assignee: koha-bugs@lists.koha-community.org Reporter: nick@bywatersolutions.com QA Contact: testopia@bugs.koha-community.org CC: dpavlin@rot13.org If ldap enabled fallback to internal in C4::Auth::checkpw is dependent on the return value from checkpw_ldap In C4::Auth_with_ldap the situation seems to be: IF auth_by_bind IF anonymous_bind look up principalname ELSE construct via config Now we have principal name Attempt to bind IF fail IF anonymous_bind return -1 NO FALLBACK ELSE return 0 FALLBACK ELSE Lookup user with bind account If user not found, return 0 FALLBACK If user found and pwd not match return -1 NO FALLBACK The difference I see is: When doing bind by auth without anonymous bind we fallback on existing ldapuser with no matching password When using bind user we do not fallback on existing ldapuser with no matching password In one case you can login with either LDAP or Koha password In other you can only use LDAP password Maybe this is expected, but it seems odd. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.