On Wed, Apr 27, 2011 at 1:21 PM, Anders Mydland <[email protected]> wrote:
> I first mistook this error for a search base error, but it seems there are > other issues that will cause LDAP authentication to fail: > > In rpm version sipxecs-4.4.0-192.ga8beb, I have noticed the following: > > 1. Sometimes, it appears that the user portal LDAP authenticator is sending > the correct user and the wrong password hash. I am not able to consistently > reproduce this, but it happens intermittently. > With Ldap and PIN the rule is that first we try to authenticate against LDAP. If it fails, we fallback to PIN authentication For superadmin we always use PIN authentication (ignore LDAP setting in this scenario) What do you mean by: sending the wrong password hash ? For Ldap authentication the password is checked in the LDAP layer and has to match with the LDAP password associated to the user that tries to log in. For ldap authentication, in sipXconfig side we are computing a digest encoded value being given the SHARED_SECRET (you can find it in domain_config.xml) because the web layer expects a UserDetailsImpl instance, and for LDAP authenticator we are using the SHARED_SECRET instead of the ldap password (ldap password is verified only in LDAP layer) > > 2. Most of the time, the authenticator will send the configured bind user > along with the user password. This was supposedly fixed in XX-8657, but it's > definitely still an issue. > > XX-8657 was saying that LDAP bind password will authenticate any user. Is this still an issue? I looked into the code and there is a check that prevents LDAP bind password to perform authentication Mircea > I am using Active Directory - with authentication LDAP and PIN. > > Any ideas why this is happening? > > > > > > > Best regards, > > Anders Mydland > > > _______________________________________________ > sipx-dev mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-dev/ >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
