Open Bug 345930 Opened 19 years ago Updated 11 years ago

LDAP parameters documentation is inconsistent with code

Categories

(Bugzilla :: Documentation, defect)

Product:
Bugzilla
Component:
Documentation
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

People

(Reporter: sean.foy, Unassigned)

References

(
URL
)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4 The "Optional Additional Configuration" section of the Bugzilla docs, both in tip and in the 2.22 release, says that the value of the attribute identified by LDAPmailattribute will be compared with the value "enter[ed] into the Bugzilla login boxes." I claim that this is not true of Bugzilla 2.22. From empirical observation and my reading of Bugzilla/Auth/Verify/LDAP.pm, I conclude that Bugzilla's initial LDAP query attempts to match the user-provided login against the value of the attribute identified by the LDAPuidattribute parameter. The subsequent LDAP re-binding and query appears to work as advertised. Steps to reproduce: 0. Set the user_verify_class option in User Authentication parameters to "DB,LDAP" so that you will not lock yourself out later in this recipe. 1. Setup LDAP parameters other than LDAPuidattribute and LDAPmailattribute. 2. Set LDAPuidattribute to 'foo' where foo is the name of an attribute that uniquely identifies users, but is not an email address. 3. Set LDAPmailattribute to 'bar' where bar is the name of an attribute that stores email addresses 4. Attempt to login using an email address and the appropriate password (according to your LDAP server). Expected results: login success Actual results: login failure 5. Attempt to login using the value of the 'foo' attribute for your account, again using your LDAP password. Actual result: login success. 6. Change the LDAPuidattribute parameter setting so that it matches the LDAPmailattribute parameter setting. 7. Attempt to login using your email address and LDAP password. Actual result: login success. Reproducible: Always
Insofar as I understand LDAP, this bug report is correct. Gerv
Severity: normal → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
You need to log in before you can comment on or make changes to this bug.