That patch worked. Thanks! One thing I noticed, that is not relevant to the password problem and patch, is a URL issue after login. When the user logs in to the webadmin interface, the URL in the browser is: https://pfence01.bnk.ds.atv:1443/status/dashboard which gives a 404 error for /status/dashboard not found on server. Removing the "dashboard" from the end of the URL fixes the error.
The question is, what is going wrong, and how to fix it so that the user does not have to remove "dashboard" from the URL. The admin user does have the problem at all. Nick -----Original Message----- From: Olivier Bilodeau [mailto:[email protected]] Sent: Friday, April 15, 2011 8:49 AM To: [email protected] Subject: Re: [Packetfence-users] LDAP webadmin auth and ActiveDirectory with special chars On 12/04/11 5:30 PM, Ritter, Nicholas wrote: > I just tested a PCI-related password change for a username that is > authenticated against ActiveDirectory when accessing the PF 2.1.0 web > admin interface. If the password contains a special character (or > specifically in this case an exclamation point), the login fails. The > web interface says (in the top left corner) "Invalid sensitive > parameter" There's some aggressive validation of the fields in the login form. I don't really know why they are there.. Overly agressive anti-xss I guess.. For passwords, here's the regexp: /^[\@a-zA-Z0-9_\:\,\(\)]/ so starting with a ! will pose problem. > Any thoughts/fixes/suggestions? I simplified the validation. Can you apply the attached patch and let me know if it works? I haven't tested it since I don't have the proper lab config right now. -- Olivier Bilodeau [email protected] :: +1.514.447.4918 *115 :: www.inverse.ca Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org) ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ Packetfence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
