Hello, (Resending to list after joining, ignore previous if it exists)
Last night I decided to setup common_log() events at certain points to
see where my login issues are going wrong.
To recap my issue (I have been talking with folks in #statusnet):
I can only login using LDAP authentication if "remember me" is checked.
Trying to log in normally (without "remember me" checked) will result in
a successful authentication against Active Directory but I will be sent
back to the index page without being logged into my statusnet
installation.
If I choose "remember me", I will be logged in and can make posts, but
will not be able to access any configuration settings as it will bring
me to another login screen. On this second login screen, I can try
logging in with "remember me" clicked, but it will just keep sending me
back to the login page without performing any action. I do see the
authentication requests hitting my domain controller and they are
successful. Using a wrong username/password will result in an "Invalid
Username/Password" notification on the login window.
I am using the latest mainline git with version 0.9.x on Fedora 12 with
PHP version 5.3.0.
So, onto the tracing/"debugging" that I did last night.
I added events into the LdapAuthentication.php plugin as well as the
Authentication.php plugin to see what is being called.
Once I get to the page and enter my log info it seems like it is doing
the following (from my debugging, I can give specific code entries if
they are required).
All these events were triggered in the log with:
[POST /index.php/main/login]
Unless otherwise noted.
-------------------------------------
Case 1: "Remember Me" not checked
-------------------------------------
################################
# in AuthenticationPlugin.php #
################################
1. Starts onStartCheckPassword function
2. Goes through onAutoLoad function (don't know if it does anything with
User_username.php or if it is supposed to) with case value
"User_username"
####################################
# in LdapAuthenticationPlugin.php #
####################################
3. Finds my username properly for authentication
4. checkPassword function is called
5. Runs ldap_get_user() function
5. ldap_get_user performs ldap search function and is successful in
finding my user
6. Returns to checkPassword function successfully
7. Passes ldap_get_config() function
8. Passes ldap_get_connection($config)
9. Returns connection as true
################################
# in AuthenticationPlugin.php #
################################
10. in onStartCheckPassword function (continued), it got successful
return from $authenticated=$this->checkPassword($username,$password);
Now what it does is loop back through the entire process again. So in my
trace log that I setup, it shows the same as above again.
What I was unsure about was the $authenticatedUser =
User::staticGet('id', $user_username->user_id); section and whether that
was returning anything properly. If someone can give me some pointers or
a brief overview of what that function does in terms of authentication
so I can setup another trace/debug entry in there.
------------------------------------
Case 2: With "Remember Me" checked
------------------------------------
It does the same thing as above (including the second run through the
authentication) except for the following entries in the logs.
1. LOG: [POST /index.php/main/login] util.php - Inserted rememberme
record (xxxxxxxxx, 1); result = 1
2. LOG: [POST /index.php/main/login] adding rememberme cookie
"xxxxxxxxxx" for tait clarridge
3. LOG: [GET /index.php] logging in tait clarridge using rememberme code
"xxxxxxxxxx"
4. Showed that it hit the onAutoLoad section from
AuthenticationPlugin.php again with the same "User_username" case value
5. LOG: [GET /index.php] util.php - Inserted rememberme record
(yyyyyyyyy, 1); result = 1
6. LOG: [GET /index.php] adding rememberme cookie "yyyyyyyyy" for tait
clarridge
7. LOG: [GET /index.php] Got User tait clarridge
8. LOG: [GET /index.php] Faking session on remembered user
So it looks like even the rememberme stuff is looping through twice. Not
sure what the design is here, but that is all I have so far.
If you want me to setup more log events so that I can trace it deeper
let me know. But I am not really sure how to proceed or how a normal log
will look.
If anyone has a working config.php using LDAP authentication that does
not have this problem, send it my way and I will test it out but I think
my config is alright since it authenticates properly.
Best,
Tait Clarridge
signature.asc
Description: This is a digitally signed message part
_______________________________________________ StatusNet-dev mailing list [email protected] http://lists.status.net/mailman/listinfo/statusnet-dev
