Open
Bug 51190
Opened 24 years ago
Updated 10 years ago
[LDAP] All login information should be stored in LDAP, when using LDAP
Categories
(Bugzilla :: User Accounts, enhancement, P4)
Bugzilla
User Accounts
Tracking
()
NEW
People
(Reporter: jmrobins, Unassigned)
Details
This one's a major change, so I'm not going to do it now.
When using LDAP for authentication, the current patches I've submitted simply
authenticate against the LDAP directory, and then turn to the Bugzilla database
for all the rest of the user's information (groupset, etc.). For a right proper
LDAP authentication, we should probably move all of this information into the
LDAP directory, rather than doing a second authentication.
However, this is a major change, requiring lots of work all around the code, and
also would require being able to make changes to the LDAP schema, which I'm not
sure we can count on.
|
||
Updated•24 years ago
|
Target Milestone: --- → Future
|
||
Comment 1•23 years ago
|
||
-> Bugzilla product
Assignee: tara → myk
Component: Bugzilla → User Accounts
Product: Webtools → Bugzilla
Version: other → unspecified
Let's separate IAA data and user profile. For a lot of purposes, IAA data
is what have to be in LDAP, and user profile (preferences) can be anywhere.
The last IAA data we still need is group assignment.
What if we just get group assignment from LDAP in authentication time,
and cache it in the RDBMS?
This way the problem can be easily solved. If we also enforce idle
timeout (do we?), then the window of possible inconsistency is
small.
I _might_ submit a patch.
|
||
Updated•19 years ago
|
QA Contact: mattyt-bugzilla → default-qa
|
||
Updated•19 years ago
|
Assignee: myk → user-accounts
Priority: P3 → P4
Summary: With LDAP, all login information should be stored in directory → [LDAP] All login information should be stored in LDAP, when using LDAP
Target Milestone: Future → ---
|
||
Comment 3•16 years ago
|
||
Some comment on using ldap together with the database. I found out that when using LDAP for authentication the password is not always updated in the DB when the password in ldap has changed. This give then 2 passwords possible when using your account and you should manually change this in bugzilla. This is confusing if you for example have 2 interfaces to your database. One interface is running internally with ldap authentication, but the public interface for external ones has only access to the database. Internal people that access the database via the external interface will be confused with their passwords.
|
||
Comment 4•10 years ago
|
||
(In reply to steven.geerts from comment #3)
> when using LDAP for authentication the password is not always updated in the
> DB when the password in ldap has changed. This give then 2 passwords
This problem is already discussed in bug 503092.
You need to log in
before you can comment on or make changes to this bug.
Description
•