Hi there,
Sometime ago I got an authentication failure when using LDAP overlay
(Jim Meyer’s contribution).
I noticed this would happen when a LDAP user logged in (web) for the
first time which in turn would let autohandler callback do the user auto
creation.
The failure would occur in the following snippet of autohandler/Auth
callback:
my $UserObj = RT::User->new($RT::SystemUser);
my ($val, $msg) = $UserObj->SetName($user); <<–
Somehow the user name was never set . The return message ($msg) was ‘Can
not modify system users’.
Since IsLDAPPassword() needs user name to fill out a LDAP filter, this
filter ends up having empty user info causing the operation to fail.
Please see output below:
[Wed Aug 16 17:35:36 2006] [debug]: RT::User::IsLDAPPassword search for
(&(sAMAccountName=)(objectclass=user)) failed: LDAP_INVALID_SYNTAX 21
(/l/disk0/tools/rt/gp/local/lib/RT/User_Local.pm:176)
Note sAMAAccountName is empty !
To fix this problem, I made some changes to Auth callback and
User_Local.pm. Please see attached file for more information.
Basically I added a new argument to IsPassword() method in order to have
user information when creating a LDAP filter.
Please let me know your comments on this.
I want to make sure I am not messing up Jim Meyer’s contribution.
Thanks,
D�rio
diff-ldap-overlay.txt (2.74 KB)