http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=6979
Bug #: 6979 Summary: LDAP authentication fails during password comparison Classification: Unclassified Change sponsored?: --- Product: Koha Version: rel_3_4 Platform: Other OS/Version: Linux Status: NEW Severity: major Priority: P5 Component: Architecture, internals, and plumbing AssignedTo: gmcha...@gmail.com ReportedBy: rf...@nd.edu QAContact: koha-bugs@lists.koha-community.org Password is failing during comparison in Auth_with_ldap.pm in code (between lines 140 and 165) in this call: my $cmpmesg = $db->compare( $userldapentry, attr=>'userpassword', value => $password ); This was failing 100% of the time, even if a correct password was submitted with: "LDAP Auth rejected : invalid password for user ..." The attribute comparison is not always a valid way to check the password validity because not all LDAP databases support the userpassword attribute. Also, many LDAP databases require a valid DN string from the user as opposed to the uid for authentication purposes. I have a fix for this that does a recursive lookup of the user's DN in the LDAP database, and then uses that DN to perform a bind in a similar manner to the auth_by_bind method. The auth_by_bind method should also be changed so that it uses the retrieved DN of the user to perform a bind against the LDAP server. I plan on submitting a code revision for this and soliciting feedback. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the QA Contact for the bug. _______________________________________________ Koha-bugs mailing list Koha-bugs@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/