Re-binding looses Password
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Products.LDAPUserFolder |
Fix Released
|
Medium
|
Unassigned |
Bug Description
When using LDAPUserFolder in Manager DN Usage in "For login data lookup only" mode, when I try to authenticate to a NDS server, I get this log behaviour:
(9) Dez 12 14:37:22: _lookupuser: Binding as "cn=manager,
(5) Dez 12 14:36:57: _lookupUser: user_attrs = {'uid': ['XXXXX'], 'givenName': ['Oliver'], 'sn': ['Pabst'], 'mail': ['<email address hidden>'], 'dn': 'cn=opabst,
(9) Dez 12 14:36:57: _lookupuser: Re-binding as "cn=opabst,
(9) Dez 12 14:36:57: _lookupuser: Binding as "cn=manager,
(5) Dez 12 14:36:57: _lookupUser: user_attrs = {'cn': ['opabst'], 'aesPassword': ['abcdefghijkl'], 'givenName': ['Oliver'], 'mail': ['<email address hidden>'], 'dn': 'cn=opabst,
(9) Dez 12 14:36:57: _lookupuser: Re-binding as "cn=opabst,
(9) Dez 12 14:36:57: _lookupuser: Binding as "cn=manager,
(3) Dez 12 14:36:57: LDAPUserFolder reinitialized by __setstate__
(0) Dez 12 14:36:57: Log buffer cleared
in other words, first, it binds with manager and correct manager pw, then binds with user with correct user pw. It then retrieves ALL attributes (and this is desired)... But when I do another call to get the attributes via CMFLDAP, member.
I am thus missing some attributes, that can not be read anonymously (since providing no password)
with this patch, I merged the previous 'clear-text' feature and the failover
if the pwd is None to the manager account
------ ======= ======= ======= ======= ======= ======= ======= ======= ==== /Products/ LDAPUserFolder/ LDAPUserFolder. py,v connect_ pwd or '' ======= ======= ======= ======= ======= ======= ======= ======= ==== /Products/ LDAPUserFolder/ utils.py, v
Index: LDAPUserFolder.py
=======
RCS file: /cvs-repository
retrieving revision 1.88
diff -r1.88 LDAPUserFolder.py
250a251,259
> # XXX Is this really working ?
> # XXX If the pwd provided is None, then connect with manager info
> if pwd == None:
> connect_dn = bind_dn
> connect_pwd = bind_pwd
> else:
> connect_dn = dn
> connect_pwd = pwd
>
253c262
< msg = '_lookupuser: Re-binding as "%s:%s"' % (dn, pwd)
---
> msg = '_lookupuser: Re-binding as "%s:%s"' % (connect_dn,
connect_pwd)
260,261c269,270
< , bind_dn=dn
< , bind_pwd=pwd or ''
---
> , bind_dn=connect_dn
> , bind_pwd=
265c274
< msg = '_lookupuser: "%s" lookup fails bound as "%s"' %
(dn, dn)
---
> msg = '_lookupuser: "%s" lookup fails bound as "%s"' %
(connect_dn, connect_dn)
268c277
<
---
>
1397c1406
< return ('SHA', 'SSHA')
---
> return ('clear', 'SHA', 'SSHA')
1399c1408
< return ('crypt', 'SHA', 'SSHA')
---
> return ('clear', 'crypt', 'SHA', 'SSHA')
Index: utils.py
=======
RCS file: /cvs-repository
retrieving revision 1.11
diff -r1.11 utils.py
72a73,74
> elif encoding == 'clear':
> pwd_str = password