https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=18992
Bug ID: 18992
Summary: LDAP fallback behaviour not consistent
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5 - low
Component: Authentication
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
CC: [email protected]
If ldap enabled fallback to internal in C4::Auth::checkpw is dependent on the
return value from checkpw_ldap
In C4::Auth_with_ldap the situation seems to be:
IF auth_by_bind
IF anonymous_bind look up principalname
ELSE construct via config
Now we have principal name
Attempt to bind
IF fail
IF anonymous_bind return -1 NO FALLBACK
ELSE return 0 FALLBACK
ELSE
Lookup user with bind account
If user not found, return 0 FALLBACK
If user found and pwd not match return -1 NO FALLBACK
The difference I see is:
When doing bind by auth without anonymous bind we fallback on existing ldapuser
with no matching password
When using bind user we do not fallback on existing ldapuser with no matching
password
In one case you can login with either LDAP or Koha password
In other you can only use LDAP password
Maybe this is expected, but it seems odd.
--
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.
_______________________________________________
Koha-bugs mailing list
[email protected]
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
