[Koha-bugs] [Bug 6979] New: LDAP authentication fails during password comparison

Wed Oct 5 21:37:44 CEST 2011

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6979

             Bug #: 6979
           Summary: LDAP authentication fails during password comparison
    Classification: Unclassified
 Change sponsored?: ---
           Product: Koha
           Version: rel_3_4
          Platform: Other
        OS/Version: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: Architecture, internals, and plumbing
        AssignedTo: gmcharlt at gmail.com
        ReportedBy: rfox2 at nd.edu
         QAContact: koha-bugs at lists.koha-community.org

Password is failing during comparison in Auth_with_ldap.pm in code (between
lines 140 and 165) in this call:

my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value =>
$password );

This was failing 100% of the time, even if a correct password was submitted
with:

"LDAP Auth rejected : invalid password for user ..."

The attribute comparison is not always a valid way to check the password
validity because not all LDAP databases support the userpassword attribute.
Also, many LDAP databases require a valid DN string from the user as opposed to
the uid for authentication purposes.

I have a fix for this that does a recursive lookup of the user's DN in the LDAP
database, and then uses that DN to perform a bind in a similar manner to the
auth_by_bind method. The auth_by_bind method should also be changed so that it
uses the retrieved DN of the user to perform a bind against the LDAP server.

I plan on submitting a code revision for this and soliciting feedback.

-- 
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.