On Wed, Jan 15, 2014 at 12:08 PM, Katie Poskaitis
<[email protected]> wrote:
> Found the issue. Our passwords expire after a single use and it tries to use
> your password 3 times when logging in an registering the user.
Gitorious only binds once, though:
79 # If no bind user has been specified, bind directly
80 def anonymous_credentials_check(username, password)
81 connection.auth(build_username(username), password)
82 return connection.bind
83 end
...that connection object gets passed around and used for the rest of
the login process. Like here:
123 def auto_register(username)
124 result = connection.search(:base => base_dn, :filter => username_fil
ter(username),
125 :attributes => attribute_mapping.keys, :return_result => true)
It's using that same connection that was initially bound with bind().
The other weird thing is that
Gitorious::Authentication::LDAPAuthentication only calls auth(),
bind(), and search(), and each of those should only be called one
time. I don't see how it could be trying the password three times?
> Does anyone
> know if after your credentials have been checked, if anonymous binds can be
> used for the rest of the process?
You could try creating an entirely new Net::LDAP object in
auto_register(), then bind() without auth(), and then call search()
with that. That would allow you to avoid using the connection member
object that's already auth()'d.
That said, it would be an interesting LDAP sever security policy that
enforces one-time use passwords, but then allows anonymous searches :)
I'm wondering if the LDAP query to search() might be awry?
- Ken
--
--
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
---
You received this message because you are subscribed to the Google Groups
"Gitorious" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/groups/opt_out.
