Opened 4 years ago
Closed 3 years ago
#1486316 closed Feature Patches (fixed)
password plugin user DN search
| Reported by: | ncl | Owned by: | |
|---|---|---|---|
| Priority: | 5 | Milestone: | 0.4-beta |
| Component: | Plugins | Version: | git-master |
| Severity: | normal | Keywords: | password ldap |
| Cc: |
Description
As pointed out in Ticket #1486306 the password_ldap_userDN_mask setting enforces an unnecessary restriction i.e. user's DN must be expressable as a template using only %login or %name, %domain variables.
This is ridiculous in large setups where user's DN often cannot be simply derived from login. A common problem might be user accounts under different organizationalUnits, for example:
ou=sales,ou=people,dc=domain,dc=com
ou=engineering,ou=people,dc=domain,dc=com
In Ticket #1486306 anonymous binds were proposed to solve this problem. However, they might be disabled in server configuration for security reasons. Ideal solution would be:
- Bind with specific dn and pass (if empty then anonymous?)
- Find users dn by searching for something like (uid=%login)
- Rebind as user to change password
Attachments (1)
Change History (4)
Changed 4 years ago by ncl
comment:1 Changed 4 years ago by ncl
- Milestone changed from later to 0.4-beta
- Version changed from 0.3.1 to svn-trunk
comment:2 Changed 3 years ago by alec
Applied in r3472/svn.
comment:3 Changed 3 years ago by alec
- Resolution set to fixed
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
patch to allow bind with specific dn and pass to search for users DN