[Bug 18947] New: Active Directory LDAP authentication broken

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18947] New: Active Directory LDAP authentication broken

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

            Bug ID: 18947
           Summary: Active Directory LDAP authentication broken
 Change sponsored?: ---
           Product: Koha
           Version: 17.05
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5 - low
         Component: Authentication
          Assignee: [hidden email]
          Reporter: [hidden email]
        QA Contact: [hidden email]
                CC: [hidden email]

Commit 68c365ea8ab536a85d92d3769b0bbaa0e1691116 introduced the following line
in Auth_with_ldap.pm:

$ldap->{anonymous_bind} = 1 unless $ldapname && $ldappassword;

There is no comment in the code or the Git commit log as to why.

This change silently overrides the settings in koha-conf.xml and causes a
previously functional setup with LDAP authentication against Active Directory
to fail unless koha-conf.xml defines values for <user> and <pass>. As user and
pass are only used if auth_by_bind and anonymous_bind are both false, their
values should not come into play in the other cases.

Prior to this change, KOHA would bind against AD with the user supplied
credentials, as expected. With the change, KOHA attempts an anonymous bind and
then tries to search for the supplied user name. As there was no valid bind in
place, AD rejects the attempt.

Workaround: enter some value for <user> and <pass> in the ldapserver
configuration block. These do not have to be real credentials as KOHA will not
attempt to use them now that auth_by_bind has priority again.

Note: there is an apparent duplicate attempt to do the same further down, by
setting $config{anonymous} to ($ldapname and $ldappassword) ? 0 : 1, although
that key is not used anywhere in Auth_by_ldap.pm

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[Bug 18947] Unexpected Active Directory LDAP authentication failure mode

bugzilla-daemon
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18947

Sven Coenye <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|Active Directory LDAP       |Unexpected Active Directory
                   |authentication broken       |LDAP authentication failure
                   |                            |mode

--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
_______________________________________________
Koha-bugs mailing list
[hidden email]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
Loading...