[Koha-bugs] [Bug 18992] New: LDAP fallback behaviour not consistent

[bugzilla-daemon at bugs.koha-community.org]

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18992

            Bug ID: 18992
           Summary: LDAP fallback behaviour not consistent
 Change sponsored?: ---
           Product: Koha
           Version: master
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Authentication
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: nick at bywatersolutions.com
        QA Contact: testopia at bugs.koha-community.org
                CC: dpavlin at rot13.org

If ldap enabled fallback to internal in C4::Auth::checkpw is dependent on the
return value from checkpw_ldap

In C4::Auth_with_ldap the situation seems to be:

IF auth_by_bind
    IF anonymous_bind look up principalname
    ELSE construct via config
    Now we have principal name
    Attempt to bind
    IF fail
        IF anonymous_bind return -1 NO FALLBACK
        ELSE return 0 FALLBACK
ELSE
    Lookup user with bind account
    If user not found, return 0 FALLBACK
    If user found and pwd not match return -1 NO FALLBACK


The difference I see is:
When doing bind by auth without anonymous bind we fallback on existing ldapuser
with no matching password
When using bind user we do not fallback on existing ldapuser with no matching
password


In one case you can login with either LDAP or Koha password
In other you can only use LDAP password

Maybe this is expected, but it seems odd.

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.