[
https://issues.apache.org/jira/browse/ROL-2132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Johnson resolved ROL-2132.
--------------------------------
Resolution: Fixed
I was able to reproduce this problem by setting up OpenLDAP and setting up
Roller to use it for authentication. The problem was that when a user returned
to Roller the user's remember-me token did not match the one calculated by
Roller. The cause was that the password used to calculate the initial
remember-me token was the Roller user's password and the one used to calculate
the expected remember-me token was using the empty or non-existing one returned
by LDAP.
The fix is the use a dummy password to calculate the remember-me token when
LDAP is enabled. Here's the code:
https://github.com/apache/roller/commit/21c92aafd850a5477450284c127e52612bd2d585
> Remember me is broken
> ---------------------
>
> Key: ROL-2132
> URL: https://issues.apache.org/jira/browse/ROL-2132
> Project: Apache Roller
> Issue Type: Bug
> Components: User Interface - General
> Reporter: David Johnson
> Assignee: David Johnson
> Priority: Major
> Fix For: 5.2.3
>
>
> Clicking remember-me does not result in remembering the user and (on
> blogs.apache.org) can lead to an error page.
> Remember-me is working for me locally (Tomcat 8, PostgreSQL) so I suspect
> this problem is related to Spring Security and LDAP configuration of
> blogs.apache.org.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
