Defect #764

Anonymous LDAP access

Added by Mark Hymers over 9 years ago. Updated over 9 years ago.

Status:ClosedStart date:2008-03-01
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:0.7
Resolution: Affected version:

Description

When trying to use LDAP for authentication for users, the following traceback occurred:

RuntimeError (LdapError: invalid binding information):
    /app/models/auth_source_ldap.rb:63:in `authenticate'
    /vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:125:in `send'
    /vendor/rails/activerecord/lib/active_record/associations/association_proxy.rb:125:in `method_missing'
    /app/models/user.rb:92:in `try_to_login'
    /app/controllers/account_controller.rb:46:in `login'
    /vendor/rails/actionpack/lib/action_controller/base.rb:1158:in `send'
    /vendor/rails/actionpack/lib/action_controller/base.rb:1158:in `perform_action_without_filters'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:697:in `call_filters'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:689:in `perform_action_without_benchmark'
    /vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
    /usr/lib/ruby/1.8/benchmark.rb:293:in `measure'
    /vendor/rails/actionpack/lib/action_controller/benchmarking.rb:68:in `perform_action_without_rescue'
    /vendor/rails/actionpack/lib/action_controller/rescue.rb:199:in `perform_action_without_caching'
    /vendor/rails/actionpack/lib/action_controller/caching.rb:678:in `perform_action'
    /vendor/rails/activerecord/lib/active_record/connection_adapters/abstract/query_cache.rb:33:in `cache'
    /vendor/rails/activerecord/lib/active_record/query_cache.rb:8:in `cache'
    /vendor/rails/actionpack/lib/action_controller/caching.rb:677:in `perform_action'
    /vendor/rails/actionpack/lib/action_controller/base.rb:524:in `send'
    /vendor/rails/actionpack/lib/action_controller/base.rb:524:in `process_without_filters'
    /vendor/rails/actionpack/lib/action_controller/filters.rb:685:in `process_without_session_management_support'
    /vendor/rails/actionpack/lib/action_controller/session_management.rb:123:in `process'
    /vendor/rails/actionpack/lib/action_controller/base.rb:388:in `process'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:171:in `handle_request'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:115:in `dispatch'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:126:in `dispatch_cgi'
    /vendor/rails/actionpack/lib/action_controller/dispatcher.rb:9:in `dispatch'
    /usr/lib/ruby/1.8/mongrel/rails.rb:76:in `process'
    /usr/lib/ruby/1.8/mongrel/rails.rb:74:in `synchronize'
    /usr/lib/ruby/1.8/mongrel/rails.rb:74:in `process'
    /usr/lib/ruby/1.8/mongrel.rb:159:in `process_client'
    /usr/lib/ruby/1.8/mongrel.rb:158:in `each'
    /usr/lib/ruby/1.8/mongrel.rb:158:in `process_client'
    /usr/lib/ruby/1.8/mongrel.rb:285:in `run'
    /usr/lib/ruby/1.8/mongrel.rb:285:in `initialize'
    /usr/lib/ruby/1.8/mongrel.rb:285:in `new'
    /usr/lib/ruby/1.8/mongrel.rb:285:in `run'
    /usr/lib/ruby/1.8/mongrel.rb:268:in `initialize'
    /usr/lib/ruby/1.8/mongrel.rb:268:in `new'
    /usr/lib/ruby/1.8/mongrel.rb:268:in `run'
    /usr/lib/ruby/1.8/mongrel/configurator.rb:282:in `run'
    /usr/lib/ruby/1.8/mongrel/configurator.rb:281:in `each'
    /usr/lib/ruby/1.8/mongrel/configurator.rb:281:in `run'
    /usr/bin/mongrel_rails:129:in `run'
    /usr/lib/ruby/1.8/mongrel/command.rb:212:in `run'
    /usr/bin/mongrel_rails:282

Rendering /home/mark/mainline/vendor/rails/actionpack/lib/action_controller/templates/rescues/layout.erb (internal_server_error)

This appears to be because instead of a null user and password meaning an anonymous bind (followed by a bind as the real user later for authentication), it tries to bind with an empty username/password.

A patch is attached to fix this but I'm not a ruby coder so it may not be the most elegant way of doing it.

Thanks

ldap.patch Magnifier (1.1 KB) Mark Hymers, 2008-03-01 21:58

Associated revisions

Revision 1194
Added by Jean-Philippe Lang over 9 years ago

Fixed "LdapError: invalid binding information" when no username/password are set on the LDAP account (#764).

History

#1 Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from New to Resolved

I don't have this problem with openldap, but the fix is committed in r1194 (slightly different than yours).
Can you confirm it works ? Thanks.

#2 Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from Resolved to Closed
  • Target version set to 0.7

Also available in: Atom PDF