Make LDAP authentication work identically for all LDAP features

RESOLVED WORKSFORME

Status

MailNews Core
LDAP Integration
RESOLVED WORKSFORME
16 years ago
10 years ago

People

(Reporter: dmose, Unassigned)

Tracking

(Blocks: 1 bug)

Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

16 years ago
Once bug 135778 gets checked in, LDAP autocomplete and addressbook code will
support authentication by using the bind DN specified in the prefs panel for a
given server.  LDAP replication, in contrast, will do a search based on email
address to figure out the bind DN to use, and will ignore the one in preferences.

All LDAP features should actually support both methods.  See also bug 146564.
(Reporter)

Updated

16 years ago
Status: NEW → ASSIGNED
Depends on: 146564
Target Milestone: --- → Future

Comment 1

16 years ago
Why does it use an email address instead of a uid?  I would think authentication
by uid would be more important than authentication by the mail attribute.
(Reporter)

Updated

16 years ago
Blocks: 148891
(Reporter)

Comment 2

16 years ago
jgmyers:

Email address was used for LDAP replication because that's the way 4.x worked.

In bug 135778, mcs said this:

> It would be really good to be more flexible than 4.x; perhaps:
>
> a) If the string looks like a DN, just use it without searching.
> b) Otherwise, insert the value into a configurable filter string and
>     do a search. For example, the configuration could look like:
>         (&(objectClass=person)(mail=%s))  // default?
>     or  (&(objectClass=person)(uid=%s))   // user id based search
>
> I think that is basically what dmose suggested, with the addition that the
> search filter should be configurable (ideally).
>
> sspitzer wrote:
> > 2)  how would we tell a bind dn from a email address?
> > (does a bind dn start with "dn=..."
>
> (no) But you can look for tag=value, at the start of a string to make a pretty
> good guess that it is a DN and not an email address or some other value.

I like the idea of searching for either uid or mail address being set to the
value in question.

Updated

15 years ago
QA Contact: yulian → gchan
Product: MailNews → Core
(Reporter)

Updated

13 years ago
Component: MailNews: LDAP Integration → Address Book
Product: Core → Thunderbird
Target Milestone: Future → Thunderbird1.1
(Reporter)

Updated

13 years ago
Component: Address Book → MailNews: LDAP Integration
Product: Thunderbird → Core
Target Milestone: Thunderbird1.1 → Future
(Reporter)

Comment 3

11 years ago
Assigning bugs that I'm not actively working on back to nobody; use SearchForThis as a search term if you want to delete all related bugmail at once.
Assignee: dmose → nobody
Status: ASSIGNED → NEW
This has been fixed already by various bugs. In short we now have an nsAbLDAPListenerBase class that all current LDAP functions use, hence a consistent authentication method.

http://mxr.mozilla.org/seamonkey/find?string=nsAbLDAPListenerBase&tree=seamonkey

Marking as WFM as I don't have the exact bug numbers that fixed this.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WORKSFORME
(Assignee)

Updated

10 years ago
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.