Bugzilla LDAP does not close connection (CGI::confirm_login())

RESOLVED INVALID

Status

()

Bugzilla
Administration
P3
normal
RESOLVED INVALID
16 years ago
5 years ago

People

(Reporter: James A. Laska, Assigned: justdave)

Tracking

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

16 years ago
CGI:confirm_login() is not properly implemented to handle LDAP logins.  There
are several issues (not sure whether they are ascthetic or not):

1) LDAP connection is never closed
2) LDAP does not properly make use of Param("LDAPmailattribute") when searching
for email address matches.
3) LDAP user bind closes/reconnects when a simpleAuth() call would achieve the
desired user bind

I am attaching a rough patch that I unfortunately had to hand edit to remove
unrelated changes and messages.
(Reporter)

Comment 1

16 years ago
Created attachment 54113 [details] [diff] [review]
CGI::confirm_login() - LDAP login fixes
adding CCs of people who know something about LDAP
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.18
(Reporter)

Comment 3

16 years ago
The simpleAuth portion of this patch should be changed to:

        # Now we attempt to bind as the specified user.
       my $retcode = $LDAPconn->simpleAuth($userDN,$::FORM{"LDAP_password"});
       if ( ($::FORM{"LDAP_password"} eq "") ||
           ($userDN eq "") ||
           ($retcode == 0)  )
       {
            ... error ....
       }

Oops...

Comment 4

16 years ago
The original patch sorta works in 2.16RC2.  It fixes the open/close/open
problem, but it replaces "uid=" with Param("LDAPmailattribuet") on the query
which doesn't work.

I'll upload the patch we are using as an attachment.

Comment 5

16 years ago
Created attachment 90264 [details] [diff] [review]
Newer patch to 2.16RC2 to fix open/close/open problem.
Comment on attachment 90264 [details] [diff] [review]
Newer patch to 2.16RC2 to fix open/close/open problem.

This patch is reversed, and it needs to be a diff -u, as well. It looks good,
though.
Attachment #90264 - Flags: review-

Updated

16 years ago
Attachment #54113 - Attachment is obsolete: true
Isn't this implicitly closed when the scalar ref goes out of scope?

This has all moved to Net::LDAP + Bugzilla/Auth/LDAP.pm in CVS - is this bug
still valid?

Comment 8

14 years ago
Unloved bugs targetted for 2.18 but untouched since 9-15-2003 are being
retargeted to 2.20
If you plan to act on one immediately, go ahead and pull it back to 2.18.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20

Comment 9

13 years ago
No response to comment 7, assuming that bug is now INVALID after the re-write.
Status: NEW → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → INVALID
clearing target of DUPLICATE/WONTFIX/INVALID/WORKSFORME so they'll show up as
untriaged if they get reopened.
Target Milestone: Bugzilla 2.20 → ---
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.