[Koha-bugs] [Bug 18992] New: LDAP fallback behaviour not consistent
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu Jul 27 17:52:38 CEST 2017
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18992
Bug ID: 18992
Summary: LDAP fallback behaviour not consistent
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Authentication
Assignee: koha-bugs at lists.koha-community.org
Reporter: nick at bywatersolutions.com
QA Contact: testopia at bugs.koha-community.org
CC: dpavlin at rot13.org
If ldap enabled fallback to internal in C4::Auth::checkpw is dependent on the
return value from checkpw_ldap
In C4::Auth_with_ldap the situation seems to be:
IF auth_by_bind
IF anonymous_bind look up principalname
ELSE construct via config
Now we have principal name
Attempt to bind
IF fail
IF anonymous_bind return -1 NO FALLBACK
ELSE return 0 FALLBACK
ELSE
Lookup user with bind account
If user not found, return 0 FALLBACK
If user found and pwd not match return -1 NO FALLBACK
The difference I see is:
When doing bind by auth without anonymous bind we fallback on existing ldapuser
with no matching password
When using bind user we do not fallback on existing ldapuser with no matching
password
In one case you can login with either LDAP or Koha password
In other you can only use LDAP password
Maybe this is expected, but it seems odd.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
More information about the Koha-bugs
mailing list