[rt-users] LDAP overlay possible bug
Paulo Filipe Andrade
pauloandrade at ist.utl.pt
Thu Jan 31 11:08:42 EST 2008
Hello, I'm using de ldap overlay from http://wiki.bestpractical.com/view/LDAP
.
And I think I have found a bug when using Ldap Groups.
In LdapUserLocalOverlay the code that validates group membership is
executed after user authentication, as a side effect the $ldap
variable is "binded" to the ldap server using the user's login
credentials instead of the credentials specified in the config file,
namely $LdapUser and $LdapPass.
The following is a excerpt from my User_Local.pm that solves this
(around line 200).
---------------
# Is there an LDAP Group to check?
if ($ldap_group) {
# Close current connection and rebind
$ldap->unbind;
$ldap = $self->_GetBoundLdapObj('Auth', version=>3);
return unless $ldap;
$filter = Net::LDAP::Filter->new("(${ldap_group_attr}=$
{ldap_dn})");
---------------
Note that the current code will work if the user login in has access
to the ldap groups information, which is not my case.
Thank you for your time,
Paulo F. Andrade
pauloandrade at ist.utl.pt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2429 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080131/ef8fb665/attachment.bin>
More information about the rt-users
mailing list