Issue #398 has been reported by Gene Wood. ---------------------------------------- Bug #398: $who_change_password is not respected if $ldap_binddn and $ldap_bindpw are set http://tools.lsc-project.org/issues/398
Author: Gene Wood Status: New Priority: Normal Assigned to: Category: Self Service Password Target version: Contrary to what the config.inc.php implies with the "$who_change_password" setting and the documentation here ( http://ltb-project.org/wiki/documentation/self-service-password/latest/config_ldap ), if you set $who_change_password to "user" but leave $ldap_binddn and $ldap_bindpw uncommented out (as they are by default), SSP will ignore the setting of $who_change_password and attempt to use the binddn and bindpw credentials to connect to the LDAP server. This is due to the bind logic present in all SSP pages (change.php, restbytoken.php, etc) <pre> # Bind if ( isset($ldap_binddn) && isset($ldap_bindpw) ) { $bind = ldap_bind($ldap, $ldap_binddn, $ldap_bindpw); } else { $bind = ldap_bind($ldap); } </pre> This should be changed to primarily respect the $who_change_password setting and only when it's set to "manager" should you check to see if $ldap_binddn and $ldap_bindpw are set. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
_______________________________________________ ltb-dev mailing list [email protected] http://lists.ltb-project.org/listinfo/ltb-dev
