Issue #398 has been updated by Gene Wood.
Aha, I understand. You may want to add some clarification to that in the config file comments. Since, by default, there is a binddn and bindpw configured in the default config : $ldap_binddn = "cn=manager,dc=example,dc=com"; $ldap_bindpw = "secret"; It can be confusing if one sets the $who_change_password setting to user, and authentication still fails because the defaults are still in use. You could alternatively check to see if $ldap_binddn and $ldap_bindpw are set to the defaults and fail some check at that point, alerting the user to the fact that they haven't configured or commented out the bind information. ---------------------------------------- Bug #398: $who_change_password is not respected if $ldap_binddn and $ldap_bindpw are set http://tools.lsc-project.org/issues/398 Author: Gene Wood Status: Assigned Priority: Normal Assigned to: Clément OUDOT Category: Self Service Password Target version: Contrary to what the config.inc.php implies with the "$who_change_password" setting and the documentation here ( http://ltb-project.org/wiki/documentation/self-service-password/latest/config_ldap ), if you set $who_change_password to "user" but leave $ldap_binddn and $ldap_bindpw uncommented out (as they are by default), SSP will ignore the setting of $who_change_password and attempt to use the binddn and bindpw credentials to connect to the LDAP server. This is due to the bind logic present in all SSP pages (change.php, restbytoken.php, etc) <pre> # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); } </pre> This should be changed to primarily respect the $who_change_password setting and only when it's set to "manager" should you check to see if $ldap_binddn and $ldap_bindpw are set. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
