LDAP users and groups/rights

Tue, 07 Sep 2004 15:43:32 -0700 

Hi All,

Ran across a problem in Jahia 3 w/LDAP user authentication that was discussed here over a year ago:

http://list.jahia.org/install_list/msg00765.html

I traced the cause of this problem back to Jahia and have a possible fix. The problem is that Jahia uses the exact LDAP username, including case, as a key in either the ACL entries or group membership tables. However, when you log in to Jahia using an LDAP account, the JahiaUserManagerLdapProvider.ldapToJahiaUser() method never reaches the code segment that sets the username key in the JahiaUser object to match what is in LDAP because usingUserKey is never null:

private JahiaLDAPUser ldapToJahiaUser(SearchResult sr, String userKey) {
 JahiaLDAPUser user;
 String usingUserKey = userKey;

 // Loop through name/value pairs of LDAP attributes, updating
 // the JahiaLDAPUser object...

if ( (attrName != null) && (attrValue != null) ) {
if (usingUserKey == null) {
if (attrName.equals(ldapProperties.getProperty(UID_SEARCH_ATTRIBUTE_PROP))) {
usingUserKey = attrValue;
}
}
userProps.setProperty(attrName, attrValue);
}

 return user;
}

During login I don't see how the "userKey" parameter will be null, and subsequently the "usingUserKey" method variable will never be null. Therefore, the line that sets "usingUserKey" equal to the LDAP uid attribute never gets run. Patch is attached that fixes the problem but all it does is remove the line that checks if "usingUserKey == null" and I haven't checked to see if this is safe throughout the rest of Jahia.

FYI, I quickly scanned the Jahia 4 sources and it looks like this same problem must exist in that version, too.

Regards,

Tom Duffey
Homeboyz Interactive, Inc.

--- JahiaUserManagerLDAPProvider.java.orig      2004-09-07 17:18:59.000000000 -0500
+++ JahiaUserManagerLDAPProvider.java   2004-09-07 17:14:56.000000000 -0500
@@ -807,10 +807,8 @@
                 attrValue = attrValue.substring(0, attrValue.length()-1);
             }
             if ( (attrName != null) && (attrValue != null) ) {
-                if (usingUserKey == null) {
-                    if 
(attrName.equals(ldapProperties.getProperty(UID_SEARCH_ATTRIBUTE_PROP))) {
-                        usingUserKey = attrValue;
-                    }
+                if 
(attrName.equals(ldapProperties.getProperty(UID_SEARCH_ATTRIBUTE_PROP))) {
+                    usingUserKey = attrValue;
                 }
                 userProps.setProperty(attrName, attrValue);
             }

Reply via email to