On Thu, Dec 3, 2009 at 11:36 AM, Tait Clarridge <[email protected]> wrote:
> Hello,
>
> (Resending to list after joining, ignore previous if it exists)
>
> Last night I decided to setup common_log() events at certain points to
> see where my login issues are going wrong.
>
> To recap my issue (I have been talking with folks in #statusnet):
>
> I can only login using LDAP authentication if "remember me" is checked.
> Trying to log in normally (without "remember me" checked) will result in
> a successful authentication against Active Directory but I will be sent
> back to the index page without being logged into my statusnet
> installation.
>
> If I choose "remember me", I will be logged in and can make posts, but
> will not be able to access any configuration settings as it will bring
> me to another login screen. On this second login screen, I can try
> logging in with "remember me" clicked, but it will just keep sending me
> back to the login page without performing any action. I do see the
> authentication requests hitting my domain controller and they are
> successful. Using a wrong username/password will result in an "Invalid
> Username/Password" notification on the login window.
>
> I am using the latest mainline git with version 0.9.x on Fedora 12 with
> PHP version 5.3.0.
>
I'm not sure much testing has been done on php 5.3 yet.
>
> So, onto the tracing/"debugging" that I did last night.
>
> I added events into the LdapAuthentication.php plugin as well as the
> Authentication.php plugin to see what is being called.
>
> Once I get to the page and enter my log info it seems like it is doing
> the following (from my debugging, I can give specific code entries if
> they are required).
>
> All these events were triggered in the log with:
>
> [POST /index.php/main/login]
>
> Unless otherwise noted.
>
> -------------------------------------
> Case 1: "Remember Me" not checked
> -------------------------------------
>
> ################################
> # in AuthenticationPlugin.php #
> ################################
>
> 1. Starts onStartCheckPassword function
>
> 2. Goes through onAutoLoad function (don't know if it does anything with
> User_username.php or if it is supposed to) with case value
> "User_username"
>
> ####################################
> # in LdapAuthenticationPlugin.php #
> ####################################
>
> 3. Finds my username properly for authentication
>
> 4. checkPassword function is called
>
> 5. Runs ldap_get_user() function
>
> 5. ldap_get_user performs ldap search function and is successful in
> finding my user
>
> 6. Returns to checkPassword function successfully
>
> 7. Passes ldap_get_config() function
>
> 8. Passes ldap_get_connection($config)
>
> 9. Returns connection as true
>
> ################################
> # in AuthenticationPlugin.php #
> ################################
>
> 10. in onStartCheckPassword function (continued), it got successful
> return from $authenticated=$this->checkPassword($username,$password);
>
>
> Now what it does is loop back through the entire process again. So in my
> trace log that I setup, it shows the same as above again.
>
> What I was unsure about was the $authenticatedUser =
> User::staticGet('id', $user_username->user_id); section and whether that
> was returning anything properly. If someone can give me some pointers or
> a brief overview of what that function does in terms of authentication
> so I can setup another trace/debug entry in there.
This takes the User class and looks up the user with the id thats stored in
the user_username->user_id variable, and $authenticatedUser should now be
the user object that contains an authenticated user.
>
> ------------------------------------
> Case 2: With "Remember Me" checked
> ------------------------------------
>
> It does the same thing as above (including the second run through the
> authentication) except for the following entries in the logs.
>
> 1. LOG: [POST /index.php/main/login] util.php - Inserted rememberme
> record (xxxxxxxxx, 1); result = 1
>
> 2. LOG: [POST /index.php/main/login] adding rememberme cookie
> "xxxxxxxxxx" for tait clarridge
>
> 3. LOG: [GET /index.php] logging in tait clarridge using rememberme code
> "xxxxxxxxxx"
>
> 4. Showed that it hit the onAutoLoad section from
> AuthenticationPlugin.php again with the same "User_username" case value
>
> 5. LOG: [GET /index.php] util.php - Inserted rememberme record
> (yyyyyyyyy, 1); result = 1
>
> 6. LOG: [GET /index.php] adding rememberme cookie "yyyyyyyyy" for tait
> clarridge
>
> 7. LOG: [GET /index.php] Got User tait clarridge
>
> 8. LOG: [GET /index.php] Faking session on remembered user
>
> So it looks like even the rememberme stuff is looping through twice. Not
> sure what the design is here, but that is all I have so far.
>
> If you want me to setup more log events so that I can trace it deeper
> let me know. But I am not really sure how to proceed or how a normal log
> will look.
>
> If anyone has a working config.php using LDAP authentication that does
> not have this problem, send it my way and I will test it out but I think
> my config is alright since it authenticates properly.
>
Do you have auto registration set to true? can you sanitize your addPlugin
for ldap and paste it to the mailing list?
>
> Best,
> Tait Clarridge
>
>
>
Actually....
What does your display name look like? If it isnt [a-z0-9] i bet this could
cause the issue, i seem to remember having a similar problem when i did my
own 1 off ldap plugin come to think of it.
Is your login like: "id23456" and your displayName like "First.Last" (note
the period, which would break things in router.php)
-Eric
_______________________________________________
StatusNet-dev mailing list
[email protected]
http://lists.status.net/mailman/listinfo/statusnet-dev
