[rt-users] LDAP overlay possible bug

Paulo Filipe Andrade pauloandrade at ist.utl.pt
Thu Jan 31 11:08:42 EST 2008


Hello, I'm using de ldap overlay from http://wiki.bestpractical.com/view/LDAP 
.

And I think I have found a bug when using Ldap Groups.

In LdapUserLocalOverlay the code that validates group membership is  
executed after user authentication, as a side effect the $ldap  
variable is "binded" to the ldap server using the user's login  
credentials instead of the credentials specified in the config file,  
namely $LdapUser and $LdapPass.

The following is a excerpt from my User_Local.pm that solves this  
(around line 200).
---------------
# Is there an LDAP Group to check?
     if ($ldap_group) {
         # Close current connection and rebind
         $ldap->unbind;
         $ldap = $self->_GetBoundLdapObj('Auth', version=>3);
         return unless $ldap;

         $filter = Net::LDAP::Filter->new("(${ldap_group_attr}=$ 
{ldap_dn})");
---------------

Note that the current code will work if the user login in has access  
to the ldap groups information, which is not my case.

Thank you for your time,

Paulo F. Andrade
pauloandrade at ist.utl.pt



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2429 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20080131/ef8fb665/attachment.bin>


More information about the rt-users mailing list