[Koha-bugs] [Bug 18947] New: Active Directory LDAP authentication broken
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 17 20:31:19 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947
Bug ID: 18947
Summary: Active Directory LDAP authentication broken
Change sponsored?: ---
Product: Koha
Version: 17.05
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: helpdesk at neci.edu
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
Commit 68c365ea8ab536a85d92d3769b0bbaa0e1691116 introduced the following line
in Auth_with_ldap.pm:
$ldap->{anonymous_bind} = 1 unless $ldapname && $ldappassword;
There is no comment in the code or the Git commit log as to why.
This change silently overrides the settings in koha-conf.xml and causes a
previously functional setup with LDAP authentication against Active Directory
to fail unless koha-conf.xml defines values for <user> and <pass>. As user and
pass are only used if auth_by_bind and anonymous_bind are both false, their
values should not come into play in the other cases.
Prior to this change, KOHA would bind against AD with the user supplied
credentials, as expected. With the change, KOHA attempts an anonymous bind and
then tries to search for the supplied user name. As there was no valid bind in
place, AD rejects the attempt.
Workaround: enter some value for <user> and <pass> in the ldapserver
configuration block. These do not have to be real credentials as KOHA will not
attempt to use them now that auth_by_bind has priority again.
Note: there is an apparent duplicate attempt to do the same further down, by
setting $config{anonymous} to ($ldapname and $ldappassword) ? 0 : 1, although
that key is not used anywhere in Auth_by_ldap.pm
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list