Defect #1420
LDAP authentication extremely flaky
Status: | Needs feedback | Start date: | 2008-06-10 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | LDAP | |||
Target version: | Candidate for next major release | |||
Resolution: | Affected version: | 0.7.1 |
Description
I hit a problem with LDAP on Linux. It turns out that net/ldap is extremely unreliable when authenticating against the LDAP server at work. I've filed a bug against net/ldap on RubyForge, but since the project seems dormant it's not clear anything will happen.
As a workaround, I coded up a replacement for app/models/auth_source_ldap.rb that uses the Ruby interface to OpenLDAP. So far this has been reliable.
Presumably ruby/ldap works for some people, so it might be nice to offer both as options, but I couldn't immediately work out how to patch RedMine to do that.
Related issues
History
#1
Updated by Adriano Crestani Campos over 13 years ago
Hi Mathew,
I also ran into this problem when trying to use the default ldap api on a linux server. Your patch works great, thanks ; )
Adriano Crestani Campos
#2
Updated by Adriano Crestani Campos over 13 years ago
- File defect_1420_adriano_crestani_rev_2482.patch
added
I'm uploading a new patch that contains a merge of the file created by Mathew (the one that uses OpenLDAP instead) and the auth_source_ldap.rb file from revision 2482.
#3
Updated by Daniel Marczisovszky about 13 years ago
I've created a patch that also uses Ruby/LDAP. After I wrote it, I found your patch and they are very similar ;) However it seems that your patch does not bind as the given user if it is set in the account and password fields. I've (hopefully) fixed it in initialize_ldap_con by adding a call to bind after creating connection. The patch can be found here: #3253
#4
Updated by Antoine Beaupré over 12 years ago
this should be filed under the LDAP category.
#5
Updated by Felix Schäfer over 12 years ago
- Category changed from Accounts / authentication to LDAP
#6
Updated by Daniel Felix over 9 years ago
- Status changed from New to Needs feedback
Well maybe this is resolved due some further upgrades of ldap.
Any news on this? Someone who can verify this?
#7
Updated by mathew murphy over 9 years ago
Last time I tried it was when I upgraded to 2.1, and it's still broken there. If there have been LDAP improvements in the last few months, I can try again?
#8
Updated by Daniel Felix over 9 years ago
- Target version set to Candidate for next major release