Details
-
Bug
-
Resolution: Fixed
-
Major
-
None
-
Professional Edition
-
None
Description
As I understand the code, when $config['auth_ldap_binddn'] is set, the ldap authentication works this way :
1) connect to server
2) bind with $config['auth_ldap_binddn']
3) check the password with ldap_bind($ds, $binduser, $password) (line 159 in ./html/includes/authentication/ldap.inc.php
4) check the groups with ldap_compare()
But since the password is checked with ldap_bind(), step 4 is done with the permissions of the users. In our case, it won't work, our normal users can't list the attributes of the groups...
I've patch observium by redoing a ldap_bind_dn() and disabling the caching feature in ldap_bind_dn() just after the authentication but there should be a better way...
Attachments
Issue Links
- is mentioned by
-
-
- Closed
-
Activity
ldap auth not working properly with groups and non anonymous bind
Details
-
-
Resolution: Fixed
-
Major
-
None
-
Professional Edition
-
None
Description
As I understand the code, when $config['auth_ldap_binddn'] is set, the ldap authentication works this way :
1) connect to server
2) bind with $config['auth_ldap_binddn']
3) check the password with ldap_bind($ds, $binduser, $password) (line 159 in ./html/includes/authentication/ldap.inc.php
4) check the groups with ldap_compare()
But since the password is checked with ldap_bind(), step 4 is done with the permissions of the users. In our case, it won't work, our normal users can't list the attributes of the groups...
I've patch observium by redoing a ldap_bind_dn() and disabling the caching feature in ldap_bind_dn() just after the authentication but there should be a better way...
Attachments
Issue Links
- is mentioned by
-
-
- Closed
-
Activity
People
-
Mike Stupalov
-
- Votes:
-
0 Vote for this issue
- Watchers:
-
4 Start watching this issue
Dates
- Created:
- Updated:
- Resolved: