[rt-users] Contribution to Jim Meyer's LDAP overlay. Please validate it !

Dario Luis Coneglian Oliveros oliveros at cpqd.com.br
Wed Aug 16 13:48:42 EDT 2006


Hi there,
Sometime ago I got an authentication failure when using LDAP overlay 
(Jim Meyer's contribution).
I noticed  this would happen when a LDAP user logged in (web) for the 
first time which in turn would let autohandler callback do the user auto 
creation.
The failure would occur in the following snippet of autohandler/Auth 
callback:

   my $UserObj = RT::User->new($RT::SystemUser);
   my ($val, $msg) = $UserObj->SetName($user); <<--

Somehow the user name was never set . The return message ($msg) was 'Can 
not modify system users'.
Since IsLDAPPassword() needs user name to fill out a LDAP filter, this 
filter ends up having empty user info causing the operation to fail. 
Please see output below:
[Wed Aug 16 17:35:36 2006] [debug]: RT::User::IsLDAPPassword search for 
(&(sAMAccountName=)(objectclass=user)) failed: LDAP_INVALID_SYNTAX 21 
(/l/disk0/tools/rt/gp/local/lib/RT/User_Local.pm:176)
Note sAMAAccountName is empty !
To fix this problem, I made some changes to Auth callback and 
User_Local.pm. Please see attached file for more information.
Basically I added a new argument to IsPassword() method in order to have 
user information when creating a LDAP filter.
Please let me know your comments on this.
I want to make sure I am not messing up Jim Meyer's contribution.
Thanks,
Dário



-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: diff-ldap-overlay.txt
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20060816/c5fdbf80/attachment.txt>


More information about the rt-users mailing list