Closed Bug 278735 Opened 21 years ago Closed 20 years ago

ldap/msad authentication fails with extra parts in LDAPbinddn

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: don, Assigned: myk)

Details

Attachments

(1 file)

Change to LDAP.pm to parse extra info out of LDAPbinddn
893 bytes, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041207 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041207 Firefox/1.0 Using bugzilla-2.18. My ldapbinddn is like this: cn=User Name:password,ou=User Group. When I try to log in against our MS Active Directory, I get auth_err, and no other useful info or error messages. Reproducible: Always Steps to Reproduce: 1. Try to log in. 2. BAM. Actual Results: big red auth_err Expected Results: Log in.
Just an aside that this same cn and ou work fine on our RT install at my employer.
Problem is parsing in Bugzilla/Auth/LDAP.pm my ($LDAPbinddn,$LDAPbindpass) = split(":",Param("LDAPbinddn")); In my case, it puts the ou in with the password. I've tried to re-order entries in the binddn, but the AD only likes the certain order. So parsing will need to be fixed. Simplest brute-force option would be to first split LDAPbinddn on ",", assume first entry is user/pass, then split that on ":". Might not be ideal.
Edited summary to more accurately reflect nature of bug. I'll be attaching a patch with my simplistic change.
Summary: ldap/msad authentication fails with spaces in cn/ou → ldap/msad authentication fails with extra parts in LDAPbinddn
Relies on LDAPbinddn to be in a certain order, but MSAD does so anyway.
I have no problem authenticating with a binddn that has the :password appended to the end, and this is what Bugzilla expects (with the 2.18 code). Your ldapbinddn would be: cn=User Name,ou=User Group:password
Ah. I bet that would work. Naturally I overlook the simplest solution. I'll test this out and check back.
GAH. This worked just great with stock code. Thanks for the cluestick, Chris. Resolving WORKSFORME, if you don't mind.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: