[jira] [Updated] (OPENMEETINGS-144) When using openLDAP authentication, the source code uses the hardcoded 'uid' attribute to map logins and user DNs instead of the field_user_principal parameter

[Thibault Le Meur (Updated) (JIRA)]

     [ 
https://issues.apache.org/jira/browse/OPENMEETINGS-144?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Thibault Le Meur updated OPENMEETINGS-144:
------------------------------------------

    Attachment: UidCnHash.diff

This fixes the hardcoded 'uid' attribute used to map the loginname to the user 
DN.
It now uses the field_user_principal parameter from the ldap configuration file.
                
> When using openLDAP authentication, the source code uses the hardcoded 'uid' 
> attribute to map logins and user DNs instead of the field_user_principal 
> parameter
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: OPENMEETINGS-144
>                 URL: https://issues.apache.org/jira/browse/OPENMEETINGS-144
>             Project: Openmeetings
>          Issue Type: Bug
>    Affects Versions: 2.0 Apache Incubator Release
>         Environment: ldap authentication
>            Reporter: Thibault Le Meur
>            Priority: Minor
>              Labels: ldap
>         Attachments: UidCnHash.diff
>
>
> When using openLdap authentication, the LdapLoginManagent.java class first do 
> a search in the directory to find the user given its login. the filter is 
> using the attribute name given in configuration filed_user_principal and the 
> user login provided to openmeetings as value. ( doLdapLogin:358).
> The search is done in LdapAuthBase.java, in method getUidCnHashMap (line 
> 229). Then the results are mapped in a HashMap with the user login as key.
> This user login is assumed to be in the 'uid' attribute of the ldap entries 
> retrieved by the query. This is hardcoded in line 234. Though 'uid' is the 
> usual way to store the user login when since openldap, it may not be always 
> the case. There are openldap directories where the uid contains a numerical 
> id (so that it will never be reused over time), and users have a 'login 
> alias' they can choose to ease login to applications.
> This means that we should in fact use the attribute defined in 
> field_user_principal parameter to retrieve the user login.
> Also note that using a search and bind (used by openldap), may be very useful 
> in some AD installations, so making this feature a little more generic could 
> help AD users as well.
> What do you think ?

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira