[Koha-bugs] [Bug 6979] New: LDAP authentication fails during password comparison
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 5 21:37:44 CEST 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6979
Bug #: 6979
Summary: LDAP authentication fails during password comparison
Classification: Unclassified
Change sponsored?: ---
Product: Koha
Version: rel_3_4
Platform: Other
OS/Version: Linux
Status: NEW
Severity: major
Priority: P5
Component: Architecture, internals, and plumbing
AssignedTo: gmcharlt at gmail.com
ReportedBy: rfox2 at nd.edu
QAContact: koha-bugs at lists.koha-community.org
Password is failing during comparison in Auth_with_ldap.pm in code (between
lines 140 and 165) in this call:
my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value =>
$password );
This was failing 100% of the time, even if a correct password was submitted
with:
"LDAP Auth rejected : invalid password for user ..."
The attribute comparison is not always a valid way to check the password
validity because not all LDAP databases support the userpassword attribute.
Also, many LDAP databases require a valid DN string from the user as opposed to
the uid for authentication purposes.
I have a fix for this that does a recursive lookup of the user's DN in the LDAP
database, and then uses that DN to perform a bind in a similar manner to the
auth_by_bind method. The auth_by_bind method should also be changed so that it
uses the retrieved DN of the user to perform a bind against the LDAP server.
I plan on submitting a code revision for this and soliciting feedback.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA Contact for the bug.
More information about the Koha-bugs
mailing list