Closed
Bug 51188
Opened 24 years ago
Closed 9 years ago
[LDAP] Ability to put an LDAP username anywhere you can put an email address
Categories
(Bugzilla :: User Accounts, enhancement, P3)
Bugzilla
User Accounts
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: jmrobins, Assigned: timello)
References
(Blocks 1 open bug)
Details
Attachments
(1 file, 3 obsolete files)
1.94 KB,
patch
|
LpSolit
:
review-
|
Details | Diff | Splinter Review |
When a Bugzilla site is using LDAP, one should be able to use an LDAP username rather than the user's email address to designate that user. This needs to happen in several places: 1) In entering/modifying/querying bugs, when putting in an email address for any of the fields, there should be the option of putting in an LDAP username instead. 2) In editusers.cgi, when searching for users, an additional search option should be for LDAP username. 3) Possibly when creating groups, there should be an option to match against the LDAP DN rather than the email address? This one I'm less sure of. Hrm... I have this nagging feeling I'm missing another place, but I'm not sure what. In any case, I haven't done this part yet, so if people want to make comments/suggestions, please do.
Updated•23 years ago
|
Target Milestone: --- → Future
Comment 1•23 years ago
|
||
-> Bugzilla product
Assignee: tara → myk
Component: Bugzilla → User Accounts
Product: Webtools → Bugzilla
Version: other → unspecified
Comment 2•21 years ago
|
||
Could this propably be easier to solve now with BZ 2.17.4 ?
Updated•21 years ago
|
Blocks: LDAP_EMAIL
This patch adds support for entering ldap uid where you have used to enter email address.
... and this changes the wired-in "mail" attribute to the configureable LDAPmailattribute. Sorry for being lousy. Both patches are against 2.16.7
Updated•18 years ago
|
Attachment #177194 -
Flags: review?
Updated•18 years ago
|
Attachment #177192 -
Flags: review?
Updated•18 years ago
|
Assignee: myk → mag
Comment 5•18 years ago
|
||
Umm... We have LDAPmailattribute... Has this perhaps been fixed in the meantime?
Comment 6•18 years ago
|
||
Comment on attachment 177194 [details] [diff] [review] LDAPmailattribute support Please combine this with the other patch..
Attachment #177194 -
Flags: review? → review-
Comment 7•18 years ago
|
||
Comment on attachment 177192 [details] [diff] [review] Uses ldap username First of all, DBname_to_id has been moved to Bugzilla/User.pm in bug 283237. Also, there has been all sorts of LDAP connection changes in Bugzilla/Auth/Verify/LDAP.pm so they need to be taken into account. Maybe there should be a common sub somewhere that connects to the LDAP server? Hmm, looks like this patch doesn't fully address all the changes presented in comment #0. >+ if (!$LDAPconn) { >+ print "Content-type: text/html\n\n"; >+ PutHeader("Unable to connect to LDAP server"); >+ print "I was unable to connect to the LDAP server"; >+ PutFooter(); >+ exit; >+ } Uhh, this needs to use Throw*Error to throw an error rather than hardcode HTML.
Attachment #177192 -
Flags: review? → review-
Updated•18 years ago
|
QA Contact: mattyt-bugzilla → default-qa
Comment 8•18 years ago
|
||
This should be much easier with the new Auth code, if anybody wants to take a stab at it. It would just be a hack to User-matching, nowadays.
Assignee: mag → user-accounts
Summary: When using LDAP, should be able to use LDAP username instead of email address for users → [LDAP] Ability to put an LDAP username anywhere you can put an email address
Target Milestone: Future → ---
Comment 9•18 years ago
|
||
This doesn't seem to actually block bug 229049.
No longer blocks: LDAP_EMAIL
Comment 10•16 years ago
|
||
My patch adds Ldap-search functionality for user matching, when you type user name in CC list, assigner and so on. This patch does not change editusers.cgi matching -- it has too complicated list of parameters, such as bugzilla group, so there is not straightforward way to fix it. Also, it will be nice to get basic LDAP operations (ldap(), _bind_ldap_anonymously() and _bz_search_params()) to be available in more convenient place than Bugzilla/Auth/Verify/LDAP.pm.
Assignee | ||
Updated•13 years ago
|
Assignee: user-accounts → timello
Status: NEW → ASSIGNED
Assignee | ||
Comment 11•13 years ago
|
||
Attachment #177192 -
Attachment is obsolete: true
Attachment #177194 -
Attachment is obsolete: true
Attachment #332702 -
Attachment is obsolete: true
Attachment #581387 -
Flags: review?(mkanat)
Attachment #581387 -
Flags: review?(emmanuel.seyman)
Assignee | ||
Comment 12•13 years ago
|
||
Since we us(In reply to Tiago Mello [:timello] from comment #11) > Created attachment 581387 [details] [diff] [review] > v1 Since we use user auto-complete everywhere, that can be done with this patch.
Comment 13•12 years ago
|
||
Comment on attachment 581387 [details] [diff] [review] v1 I'm withdrawing the review request asked of me. I have no idea what this patch does and no idea how to test it. FWIW, when I enter an LDAP username of the cc line and submit the change, I'm asked to confirm that I want said user to be put on cc so I'm unsure what problem you're trying to fix.
Attachment #581387 -
Flags: review?(emmanuel.seyman)
Comment 15•12 years ago
|
||
The patch makes it possible to suggest the LDAP userid, stored in extern_id. Mageia needs this functionality. LDAP userid matching doesn't work by default (on bugzilla.mageia.org).
Updated•12 years ago
|
Attachment #581387 -
Flags: review?(mkanat) → review?(wicked)
Updated•11 years ago
|
Attachment #581387 -
Flags: review?(wicked) → review?
Comment 16•11 years ago
|
||
Comment on attachment 581387 [details] [diff] [review] v1 Fixing empty review requests.
Attachment #581387 -
Flags: review? → review?(mkanat)
Updated•11 years ago
|
Attachment #581387 -
Flags: review?(mkanat) → review?(justdave)
Comment 17•9 years ago
|
||
Comment on attachment 581387 [details] [diff] [review] v1 >- my $user_ids = $dbh->selectcol_arrayref($query, undef, ($wildstr, $wildstr)); >+ my @args = ($wildstr, $wildstr, $wildstr); >+ my $user_ids = $dbh->selectcol_arrayref($query, undef, ($wildstr, $wildstr, $wildstr)); What is @args used for? Did you plan to use it in selectcol_arrayref()? Or is this just debug code which should be removed? It's unclear to me if extern_id should be exposed to other users or not. I don't think we leak it anywhere, including using WebServices. Remember that LDAP is not the single authentication method, and I could imagine cases (including LDAP?) where extern_id should remain confidential, and only the Bugzilla login name should be exposed to other users. In your case, a user could use "brute force" to guess the extern_id value, and if he knows where the external authentication server is, he could then use this information to try to attack this server directly to gain access to the (LDAP) account. @justdave: do we have any policy about what to do with the extern_id attribute? Is this a public attribute or a confidential one? I'm not a fan to see Bugzilla being used as a trojan horse to guess LDAP accounts.
Flags: needinfo?(justdave)
Attachment #581387 -
Flags: review?(justdave) → review-
Comment 18•9 years ago
|
||
I don't know of an explicit policy, but the fact that it could be confidential for some login methods makes a lot of sense to me. I think a better way to go about this would be to get that "login name != email address" bug fixed, and then allow the ldap authentication method to populate the correct login name when connecting to an account from ldap.
Flags: needinfo?(justdave)
Comment 19•9 years ago
|
||
(In reply to Dave Miller [:justdave] (justdave@bugzilla.org) from comment #18) > better way to go about this would be to get that "login name != email > address" bug fixed, and then allow the ldap authentication method to > populate the correct login name when connecting to an account from ldap. Yes, sounds good. So this means wontfix for this bug, due to potential confidential data leak.
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•