Closed Bug 120128 Opened 23 years ago Closed 21 years ago

Offer ability to use Net::LDAP for user authentication

Categories

(Bugzilla :: User Accounts, enhancement, P3)

Product:
Bugzilla
Component:
User Accounts
Version:
2.15
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Bugzilla 2.18

People

(Reporter: justdave, Assigned: justdave)

References

Details

(Whiteboard: [blocker will fix] patches here are security risk - don't use without modifying)

Attachments

(2 files)

Patch to use Net::LDAP instead of Mozilla::LDAP
4.85 KB, patch
Details | Diff | Splinter Review
patch to use Net::LDAP *or* Mozilla::LDAP
12.08 KB, patch
Details | Diff | Splinter Review 
The patch I'm about to attach was submitted by Elliot Otchet
(degroens@yahoo.com).  This patch changes Bugzilla to use Net::LDAP instead of
Mozilla::LDAP.

I think the proper course of action for us is to provide a choice, so we'll
probably need to modify this patch to use conditionals based on a preference
instead of doing just the one.
This patch allows the administrator the option of using either Mozilla::LDAP or
Net::LDAP.  It also includes a couple enhancements to both: 1) the ability to
set the loginname attribute (normally 'uid'), 2) the ability bind initially
with a dn/password instead of anonymously.
Severity: normal → enhancement
Keywords: patch, review
Priority: -- → P3
Target Milestone: --- → Bugzilla 2.18
Quick question: what is the difference between Mozilla::LDAP and Net::LDAP? Does
the Net:: version still require the Netscape LDAP SDK?
Net::LDAP uses the OpenLDAP libraries instead of Netscape's SDK.
No, Netscape's LDAP SDK is not required if you use Net::LDAP.
*** Bug 158630 has been marked as a duplicate of this bug. ***
I ended up rewriting this into the Bugzilla::Auth::LDAP module which plugs into
the new auth system Brad Baetz wrote, and is included in the latest megapatch on
bug 180642.  I ended up ditching the Mozilla::LDAP support.  If anyone really
strongly feels we need to still support it, I suppose we can add a module for
that, but I'm pretty sure Net::LDAP can connect to a Netscape branded server. 
Feel free to correct me if I'm wrong though.
Assignee: myk → justdave
Depends on: 180642
Whiteboard: [blocker will fix]
We now use Net::LDAP exclusively
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
NOTICE to anyone using 2.16.x wishing to apply the attached patches rather than
upgrading to 2.17.4 in order to get Net::LDAP support...  please see bug 207556
before applying either of these patches.  There is a major security hole here
(any password works as long as the user exists) that you will need to resolve if
you apply these patches.  We ended up doing something different in 2.17.4 (bug
180642), and that version works okay (but it's a much larger patch)
Whiteboard: [blocker will fix] → [blocker will fix] patches here are security risk - don't use without modifying
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: