Defect #4483
LDAP authentication with Redmine doesn't return an error when credentials used to bind to LDAP are incorrect
| Status: | New | Start date: | 2009-12-24 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | LDAP | |||
| Target version: | - | |||
| Affected version: | 0.8.7 | Resolution: |
Description
When incorrect credentials are used in LDAP authentication with Redmine, the search mechanism will always silently fail because the code in 0.8.7 doesn't check for bind success before searching.
I'm using ruby 1.8.5, rails 2.1.2, passenger 2.2.8, redmine 0.8.7, MySQL 5, on RHEL5.
I added the debugging line:
logger.debug "Connection #{ldap_con} bind result was #{ldap_con.bind}" if logger && logger.debug?
to the code at /app/models/auth_source_ldap.rb to identify that the error occuring was incorrect credentials. However, silent failure seems to be a bug, especially since the "test" link on the auth_sources page appeared to work correctly.
History
Updated by Mischa The Evil about 2 years ago
- Category set to LDAP
Updated by Yuriy Taraday over 1 year ago
I've just ran over the very same problem. I suggest change code of AuthSourceLdap.test_connection to something like this:
def test_connection
ldap_con = initialize_ldap_con(self.account, self.account_password)
if not ldap_con.bind
raise "Failed to bind to LDAP server."
rescue Net::LDAP::LdapError => text
raise "LdapError: " + text
end
This will make Test button to show error when you provide bad bind credentials, not just write success.