[
https://issues.apache.org/jira/browse/OPENMEETINGS-144?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13250555#comment-13250555
]
Thibault Le Meur commented on OPENMEETINGS-144:
-----------------------------------------------
Tested on a private build yesterday (from SVN trunk + my patch):
* works ok for my standard OpenLDAP setup
* I've sent the build to user Vieri on the mailinglist and he reported a
successful test on Active Directory login (using OpenLdap directory Type).
> When using openLDAP authentication, the source code uses the hardcoded 'uid'
> attribute to map logins and user DNs instead of the field_user_principal
> parameter
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: OPENMEETINGS-144
> URL: https://issues.apache.org/jira/browse/OPENMEETINGS-144
> Project: Openmeetings
> Issue Type: Bug
> Affects Versions: 2.0 Apache Incubator Release
> Environment: ldap authentication
> Reporter: Thibault Le Meur
> Priority: Minor
> Labels: ldap
> Fix For: 2.0 Apache Incubator Release
>
> Attachments: UidCnHash.diff
>
>
> When using openLdap authentication, the LdapLoginManagent.java class first do
> a search in the directory to find the user given its login. the filter is
> using the attribute name given in configuration filed_user_principal and the
> user login provided to openmeetings as value. ( doLdapLogin:358).
> The search is done in LdapAuthBase.java, in method getUidCnHashMap (line
> 229). Then the results are mapped in a HashMap with the user login as key.
> This user login is assumed to be in the 'uid' attribute of the ldap entries
> retrieved by the query. This is hardcoded in line 234. Though 'uid' is the
> usual way to store the user login when since openldap, it may not be always
> the case. There are openldap directories where the uid contains a numerical
> id (so that it will never be reused over time), and users have a 'login
> alias' they can choose to ease login to applications.
> This means that we should in fact use the attribute defined in
> field_user_principal parameter to retrieve the user login.
> Also note that using a search and bind (used by openldap), may be very useful
> in some AD installations, so making this feature a little more generic could
> help AD users as well.
> What do you think ?
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
