On Thu, Sep 16, 2010 at 6:58 PM, Josh M. Patten <jpat...@co.brazos.tx.us> wrote: > Regarding 4.3 LDAP, I just upgraded my test install to the latest 4.3 version > and blew away the database, starting fresh. I am still seeing the bind issue > I reported before where when a user is trying to log in with their AD > credentials sipXconfig, instead of searching for their account based on the > username they input and authenticating with the DN of the user found in the > search, is trying to bind as the user that is defined to perform the LDAP > lookups under LDAP/AD but is using the password the user entered.
Mircea, Here is the patch you submitted to try to fix this and I think this not right. You're using the BIND creds. explicitly, right? We need to make an LDAP api call to check the params.getSecret() back to the LDAP server if I understand this correctly. protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken authentication) { // passwords are checked in ldap layer + //make sure that LDAP bind password is rejected + LdapConnectionParams params = m_ldapManager.getConnectionParams(); + if (ObjectUtils.equals(authentication.getCredentials(), params.getSecret())) { + throw new BadCredentialsException(messages.getMessage( + "AbstractUserDetailsAuthenticationProvider.badCredentials", + "Bad credentials"), userDetails.getUsername()); + } return; _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/