>
>
> Mircea, i'll forever be confused on ldap auth, but i thought the user
> with name "superadmin" should be able to get in even when ldap is
> down/misconfigured
The LDAP authenticator is the first in the manager authenticators list.
then comes the DB authenticator All authenticators is checked in the order
they are defined in the list
When superadmin logs in, the LDAP authenticator comes into picture first,
it will fail and then db authenticator is checked. (LDAP authenticator
tries to authenticate the user only if LDAP authentication setting is set)
In a LDAP only authentication setup, there is a validation in the db
authenticator that permits administrator to login. no matter what
authentication scheme is set.
I agree that this workflow can be optimized and as a result, such cases to
be avoided, to put the superadmin checking in the LDAP authenticator, to
bypass LDAP authentication step when superadmin tryes to login
it is pretty strightforward, we have the follwing checking in LDAP
authenticator:
@Override
public boolean supports(Class authentication) {
if (!m_ldapManager.getSystemSettings().isConfigured()) {
return false;
}
-this makes LDAP authentication be effective only when ldap authentication
is set in UI. we should add here the superadmin checking, not in DB
authenticator (daoAuthenticationProvider.java)
Mircea
>
_______________________________________________
> sipx-users mailing list
> [email protected]
> List Archive: http://list.sipfoundry.org/archive/sipx-users/
>
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
