Closed Bug 278735 Opened 20 years ago Closed 20 years ago

ldap/msad authentication fails with extra parts in LDAPbinddn

Categories

(Bugzilla :: User Accounts, defect)

Product:
Bugzilla
Component:
User Accounts
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: don, Assigned: myk)

Details

Attachments

(1 file)

Change to LDAP.pm to parse extra info out of LDAPbinddn
893 bytes, patch
Details | Diff | Splinter Review 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041207 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041207 Firefox/1.0

Using bugzilla-2.18.

My ldapbinddn is like this: cn=User Name:password,ou=User Group.  When I try to
log in against our MS Active Directory, I get auth_err, and no other useful info
or error messages.

Reproducible: Always

Steps to Reproduce:
1. Try to log in.
2. BAM.

Actual Results:  
big red auth_err

Expected Results:  
Log in.
Just an aside that this same cn and ou work fine on our RT install at my employer.
Problem is parsing in Bugzilla/Auth/LDAP.pm

        my ($LDAPbinddn,$LDAPbindpass) = split(":",Param("LDAPbinddn"));

In my case, it puts the ou in with the password.  I've tried to re-order entries
in the binddn, but the AD only likes the certain order.  So parsing will need to
be fixed.

Simplest brute-force option would be to first split LDAPbinddn on ",", assume
first entry is user/pass, then split that on ":".  Might not be ideal.
Edited summary to more accurately reflect nature of bug.

I'll be attaching a patch with my simplistic change.
Summary: ldap/msad authentication fails with spaces in cn/ou → ldap/msad authentication fails with extra parts in LDAPbinddn
Relies on LDAPbinddn to be in a certain order, but MSAD does so anyway.
I have no problem authenticating with a binddn that has the :password appended
to the end, and this is what Bugzilla expects (with the 2.18 code).

Your ldapbinddn would be:
cn=User Name,ou=User Group:password
Ah.  I bet that would work.  Naturally I overlook the simplest solution.

I'll test this out and check back.
GAH.  This worked just great with stock code.

Thanks for the cluestick, Chris.

Resolving WORKSFORME, if you don't mind.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: