On Thu, Sep 16, 2010 at 6:58 PM, Josh M. Patten <jpat...@co.brazos.tx.us> wrote:
> Regarding 4.3 LDAP, I just upgraded my test install to the latest 4.3 version
> and blew away the database, starting fresh. I am still seeing the bind issue
> I reported before where when a user is trying to log in with their AD
> credentials sipXconfig, instead of searching for their account based on the
> username they input and authenticating with the DN of the user found in the
> search, is trying to bind as the user that is defined to perform the LDAP
> lookups under LDAP/AD but is using the password the user entered.
Mircea,
Here is the patch you submitted to try to fix this and I think this
not right. You're using the BIND creds. explicitly, right? We need
to make an LDAP api call to check the params.getSecret() back to the
LDAP server if I understand this correctly.
protected void additionalAuthenticationChecks(UserDetails userDetails,
UsernamePasswordAuthenticationToken authentication) {
// passwords are checked in ldap layer
+ //make sure that LDAP bind password is rejected
+ LdapConnectionParams params = m_ldapManager.getConnectionParams();
+ if (ObjectUtils.equals(authentication.getCredentials(),
params.getSecret())) {
+ throw new BadCredentialsException(messages.getMessage(
+
"AbstractUserDetailsAuthenticationProvider.badCredentials",
+ "Bad credentials"), userDetails.getUsername());
+ }
return;
_______________________________________________
sipx-users mailing list
sipx-users@list.sipfoundry.org
List Archive: http://list.sipfoundry.org/archive/sipx-users/
