Re: [Dspace-tech] Prevent LDAP users from changing password
Thanks, Hardy. Yes, I'm using stacked authentication. Here's config/modules/authentication.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication, \ org.dspace.authenticate.IPAuthentication Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edu 913-588-7319 On 12/3/2011 at 08:29 PM, in message 9067a279-9df7-4d13-8428-3aea2fcad...@umsystem.edu, Pottinger, Hardy J. pottinge...@umsystem.edu wrote: Hi, Jason, I just wanted to confirm that you are in fact using stacked authentication methods? This issue sounds familiar to me (see DS-994 and DS-1007). I will see if there is a similar loop to what we found in DS-1007 as soon as I'm at a proper computer. --Hardy Sent from my iPad On Dec 3, 2011, at 4:38 PM, Jason Stirnaman jstirna...@kumc.edumailto:jstirna...@kumc.edu wrote: Giving this one more shot with a different subject line since it got no love the last time around (http://sourceforge.net/mailarchive/message.php?msg_id=28438078 ). Apologies for the duplication. I'm using LDAP authentication in DSpace 1.8.0 with XMLUI and Mirage theme. When I login and go to my account profile, I'm allowed to change my password. How do I disallow that, or might I have something misconfigured so that I'm falling through the authentication stack to the password authentication (although I'm fairly sure that's not the case)? I know there is an allowSetPassword boolean available for just this purpose, but it doesn't seem to be applied. Thanks, Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edumailto:jstirna...@kumc.edu 913-588-7319 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.netmailto:DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] Prevent LDAP users from changing password
Hi, Jason, it looks like you've found a bug. It's definitely the same kind of problem we found in DS-994 and DS-1007, though it's a different method in AuthenticationManager this time: allowSetPassword. In that method, there's a loop which goes through each authentication method in the stack, and if any of them returns true for their allowSetPassword method, the AuthenticationManager.allowSetPassword method also returns true. I have opened a new ticket for this issue: https://jira.duraspace.org/browse/DS-1088 -- HARDY POTTINGER pottinge...@umsystem.edu University of Missouri Library Systems http://lso.umsystem.edu/~pottingerhj/ https://MOspace.umsystem.edu/ On 12/5/11 9:00 AM, Jason Stirnaman jstirna...@kumc.edu wrote: Thanks, Hardy. Yes, I'm using stacked authentication. Here's config/modules/authentication.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication, \ org.dspace.authenticate.IPAuthentication Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edu 913-588-7319 On 12/3/2011 at 08:29 PM, in message 9067a279-9df7-4d13-8428-3aea2fcad...@umsystem.edu, Pottinger, Hardy J. pottinge...@umsystem.edu wrote: Hi, Jason, I just wanted to confirm that you are in fact using stacked authentication methods? This issue sounds familiar to me (see DS-994 and DS-1007). I will see if there is a similar loop to what we found in DS-1007 as soon as I'm at a proper computer. --Hardy Sent from my iPad On Dec 3, 2011, at 4:38 PM, Jason Stirnaman jstirna...@kumc.edumailto:jstirna...@kumc.edu wrote: Giving this one more shot with a different subject line since it got no love the last time around (http://sourceforge.net/mailarchive/message.php?msg_id=28438078 ). Apologies for the duplication. I'm using LDAP authentication in DSpace 1.8.0 with XMLUI and Mirage theme. When I login and go to my account profile, I'm allowed to change my password. How do I disallow that, or might I have something misconfigured so that I'm falling through the authentication stack to the password authentication (although I'm fairly sure that's not the case)? I know there is an allowSetPassword boolean available for just this purpose, but it doesn't seem to be applied. Thanks, Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edumailto:jstirna...@kumc.edu 913-588-7319 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.netmailto:DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] Prevent LDAP users from changing password
Thanks for looking into it, Hardy. Good to know. Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edu 913-588-7319 On 12/5/2011 at 11:09 AM, in message cb0252b4.c383%pottinge...@umsystem.edu, Pottinger, Hardy J. pottinge...@umsystem.edu wrote: Hi, Jason, it looks like you've found a bug. It's definitely the same kind of problem we found in DS-994 and DS-1007, though it's a different method in AuthenticationManager this time: allowSetPassword. In that method, there's a loop which goes through each authentication method in the stack, and if any of them returns true for their allowSetPassword method, the AuthenticationManager.allowSetPassword method also returns true. I have opened a new ticket for this issue: https://jira.duraspace.org/browse/DS-1088 -- HARDY POTTINGER pottinge...@umsystem.edu University of Missouri Library Systems http://lso.umsystem.edu/~pottingerhj/ https://MOspace.umsystem.edu/ On 12/5/11 9:00 AM, Jason Stirnaman jstirna...@kumc.edu wrote: Thanks, Hardy. Yes, I'm using stacked authentication. Here's config/modules/authentication.cfg: plugin.sequence.org.dspace.authenticate.AuthenticationMethod = \ org.dspace.authenticate.LDAPAuthentication, \ org.dspace.authenticate.PasswordAuthentication, \ org.dspace.authenticate.IPAuthentication Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edu 913-588-7319 On 12/3/2011 at 08:29 PM, in message 9067a279-9df7-4d13-8428-3aea2fcad...@umsystem.edu, Pottinger, Hardy J. pottinge...@umsystem.edu wrote: Hi, Jason, I just wanted to confirm that you are in fact using stacked authentication methods? This issue sounds familiar to me (see DS-994 and DS-1007). I will see if there is a similar loop to what we found in DS-1007 as soon as I'm at a proper computer. --Hardy Sent from my iPad On Dec 3, 2011, at 4:38 PM, Jason Stirnaman jstirna...@kumc.edumailto:jstirna...@kumc.edu wrote: Giving this one more shot with a different subject line since it got no love the last time around (http://sourceforge.net/mailarchive/message.php?msg_id=28438078 ). Apologies for the duplication. I'm using LDAP authentication in DSpace 1.8.0 with XMLUI and Mirage theme. When I login and go to my account profile, I'm allowed to change my password. How do I disallow that, or might I have something misconfigured so that I'm falling through the authentication stack to the password authentication (although I'm fairly sure that's not the case)? I know there is an allowSetPassword boolean available for just this purpose, but it doesn't seem to be applied. Thanks, Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edumailto:jstirna...@kumc.edu 913-588-7319 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.netmailto:DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
[Dspace-tech] Prevent LDAP users from changing password
Giving this one more shot with a different subject line since it got no love the last time around (http://sourceforge.net/mailarchive/message.php?msg_id=28438078 ). Apologies for the duplication. I'm using LDAP authentication in DSpace 1.8.0 with XMLUI and Mirage theme. When I login and go to my account profile, I'm allowed to change my password. How do I disallow that, or might I have something misconfigured so that I'm falling through the authentication stack to the password authentication (although I'm fairly sure that's not the case)? I know there is an allowSetPassword boolean available for just this purpose, but it doesn't seem to be applied. Thanks, Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edu 913-588-7319 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech
Re: [Dspace-tech] Prevent LDAP users from changing password
Hi, Jason, I just wanted to confirm that you are in fact using stacked authentication methods? This issue sounds familiar to me (see DS-994 and DS-1007). I will see if there is a similar loop to what we found in DS-1007 as soon as I'm at a proper computer. --Hardy Sent from my iPad On Dec 3, 2011, at 4:38 PM, Jason Stirnaman jstirna...@kumc.edumailto:jstirna...@kumc.edu wrote: Giving this one more shot with a different subject line since it got no love the last time around (http://sourceforge.net/mailarchive/message.php?msg_id=28438078 ). Apologies for the duplication. I'm using LDAP authentication in DSpace 1.8.0 with XMLUI and Mirage theme. When I login and go to my account profile, I'm allowed to change my password. How do I disallow that, or might I have something misconfigured so that I'm falling through the authentication stack to the password authentication (although I'm fairly sure that's not the case)? I know there is an allowSetPassword boolean available for just this purpose, but it doesn't seem to be applied. Thanks, Jason Jason Stirnaman Biomedical Librarian, Digital Projects A.R. Dykes Library, University of Kansas Medical Center jstirna...@kumc.edumailto:jstirna...@kumc.edu 913-588-7319 -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.netmailto:DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech