[Bug 72025] New: getUserInfo is never executed using AutoAuth

Tue, 14 Oct 2014 02:40:53 -0700 

https://bugzilla.wikimedia.org/show_bug.cgi?id=72025

            Bug ID: 72025
           Summary: getUserInfo is never executed using AutoAuth
           Product: MediaWiki extensions
           Version: REL1_19 branch
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: Unprioritized
         Component: LdapAuthentication
          Assignee: [email protected]
          Reporter: [email protected]
       Web browser: Internet Explorer
   Mobile Platform: ---

I've notice the kerberos authentication from LdapAuthentication-REL1_19-e378be4
(the version you can get from mediawiki) have some issues loading user
information from AD.

I've notice when using Kerberos token, the LDAP information (email, user groups
and other information) is not updated. This procedure works fine with same
configuration when login using password.

So I've notice on the function authenticate, when useAutoAuth is set, the
system do not bind to AD looking for the details, so getUserInfo is never
executed.

I've modified the function to enable bind as proxyAgent and initilize the user
information from AD.

diff -r LdapAuthentication/LdapAuthentication.php
LdapAuthentication.orig/LdapAuthentication.php
682,705d670
<             // IGGL
<             //}
<             } else {
<                 $this->printDebug( "Binding as proxyAgent", NONSENSITIVE );
<                 $bind = $this->bindAs( $this->getConf( 'ProxyAgent'),
$this->getConf( 'ProxyAgentPassword' ) );
<                 if ( !$bind ) {
<                     $this->markAuthFailed();
<                     return false;
<                 }
<                 $ss = $this->getConf( 'SearchString' );
<                 if ( $ss ) {
<                     if ( strstr( $ss, "@" ) || strstr( $ss, '\\' ) ) {
<                         // We are most likely configured using
USER-NAME@DOMAIN, or
<                         // DOMAIN\\USER-NAME.
<                         // Get the user's full DN so we can search for groups
and such.
<                         $this->userdn = $this->getUserDN( $username );
<                         $this->printDebug( "Fetched UserDN: $this->userdn",
NONSENSITIVE );
<                     } else {
<                         // Now that we are bound, we can pull the user's
info.
<                         $this->printDebug( "GetUserInfo", NONSENSITIVE );
<                         $this->getUserInfo();
<                     }
<                 }
< 
707d671
<             // IGGL

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to