LDAP overlay possible bug

Hello, I’m using de ldap overlay from ExternalAuthentication - Request Tracker Wiki
.

And I think I have found a bug when using Ldap Groups.

In LdapUserLocalOverlay the code that validates group membership is
executed after user authentication, as a side effect the $ldap
variable is “binded” to the ldap server using the user’s login
credentials instead of the credentials specified in the config file,
namely $LdapUser and $LdapPass.

The following is a excerpt from my User_Local.pm that solves this
(around line 200).

Is there an LDAP Group to check?

 if ($ldap_group) {
     # Close current connection and rebind
     $ldap->unbind;
     $ldap = $self->_GetBoundLdapObj('Auth', version=>3);
     return unless $ldap;

     $filter = Net::LDAP::Filter->new("(${ldap_group_attr}=$ 

{ldap_dn})");

Note that the current code will work if the user login in has access
to the ldap groups information, which is not my case.

Thank you for your time,

Paulo F. Andrade
pauloandrade@ist.utl.pt

smime.p7s (2.37 KB)