Sometime ago I got an authentication failure when using LDAP overlay
(Jim Meyer’s contribution).
I noticed this would happen when a LDAP user logged in (web) for the
first time which in turn would let autohandler callback do the user auto
The failure would occur in the following snippet of autohandler/Auth
my $UserObj = RT::User->new($RT::SystemUser);
my ($val, $msg) = $UserObj->SetName($user); <<–
Somehow the user name was never set . The return message ($msg) was ‘Can
not modify system users’.
Since IsLDAPPassword() needs user name to fill out a LDAP filter, this
filter ends up having empty user info causing the operation to fail.
Please see output below:
[Wed Aug 16 17:35:36 2006] [debug]: RT::User::IsLDAPPassword search for
(&(sAMAccountName=)(objectclass=user)) failed: LDAP_INVALID_SYNTAX 21
Note sAMAAccountName is empty !
To fix this problem, I made some changes to Auth callback and
User_Local.pm. Please see attached file for more information.
Basically I added a new argument to IsPassword() method in order to have
user information when creating a LDAP filter.
Please let me know your comments on this.
I want to make sure I am not messing up Jim Meyer’s contribution.
diff-ldap-overlay.txt (2.74 KB)