Open Bug 1164398 Opened 9 years ago Updated 9 years ago

LDAP Authentication fails to consider the use of an email regex that might prohibit email address for user accounts

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Version:
4.4.6
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: wdulyea, Unassigned)

Details

(Keywords: qawanted) 

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36

Steps to reproduce:

Correctly configure for LDAP authentication.
Login with a user account using ldap credentials.


Actual results:

The LDAP authentication worked fine, but when it pulled the mail record from AD structure it natually failed the Valid Email filter because we using a regex that prohibits email addresses in favour of unix style logins of the form username or first.last.  In our case we have decided to ensure that user emails are of the form username@domain or first.last@domain


Expected results:

The validate login_from_id() should be passed in the correct form of the username based on the what the validate email check is validating as correct usernames to use.
To be sure, how is Bugzilla supposed to know which email address to use if you don't use an email address to authenticate the user?
Keywords: qawanted
It's done by LDAP-Bindings and the parameter LDAPmailattribute
Ah, in that case, I think I know how to fix this bug. Note that I don't have LDAP to play with, so I can propose a patch, but I would need you to test it. Would you agree to test it?
I can test it here, what I've done as quick fix is to remove the type="email" attribute in those 2 templates:

template/en/default/account/auth/login.html.tmpl 
template/en/default/account/auth/login-small.html.tmpl
William: to be sure, your LDAPuidattribute parameter doesn't point to a valid email address, but LDAPmailattribute does, right? If not, then your configuration is invalid. Bugzilla *needs* a valid email address to send emails.
I have the same issue (or I think it is: in my case, the login fails because there is not the character '@' in the login while I am using LDAP auth).

I am trying to upgrade my bugzilla installation from 4.4.6 to 5.0.
My LDAP parameters work with bugzilla 4.4.6 and not with bugzilla 5.0 (so I think this is a regression).

LDAP login is unix login (8 characters) and LDAPmailattribute is the valid email address which is (after login) used as bugzilla user (for example, I log in using my unix login "lfighier" and after login, it shows my email address at the top).

I tried the workaround to remove type="email" from the 2 template files and it works.
If you need another people to test some fix, you can ask me.
Status: UNCONFIRMED → NEW
Ever confirmed: true

    
    

    
  
(In reply to laurent_fighiera from comment #7)
> I tried the workaround to remove type="email" from the 2 template files and
> it works.
> If you need another people to test some fix, you can ask me.

This fix is just a hack, not a real fix. What you describe is not the issue described here, AFAICT. You should look at bug 1179160 which has a real fix.
Status: NEW → UNCONFIRMED
Ever confirmed: false

          You need to log in
          before you can comment on or make changes to this bug.