Defect #21674
The LDAP connection test does not check the credentials
Status: | Closed | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | % Done: | 0% | ||
Category: | LDAP | |||
Target version: | 3.3.0 | |||
Resolution: | Fixed | Affected version: |
Description
Defect Description¶
In the current version and the last trunk, the Authenticacion Modes that works through LDAP does not check the username or password.
This can be a problem, because, if the LDAP Server is available but does not return any response due to an incorrect username and password, and can't bind the connection.
This patch adds the possibility in the moment to do a LDAP connection Test, if the username and password is defined it binds to check that are correct, else returns an exception with it's error.
I've added the follow test to check the username and the password, as the connectivity against the LDAP Server.
This patch has been tested with the last Trunk (14992) and the configurations of the LDAP Server that comes included to do the tests.
Running Tests:¶
vagrant@redmine:/opt/redmine/trunk# RAILS_ENV="test" rake test test/unit/auth_source_ldap_test.rb Run options: --seed 12217 # Running: ....................... Finished in 3.987555s, 5.7679 runs/s, 20.0624 assertions/s. 23 runs, 80 assertions, 0 failures, 0 errors, 0 skips vagrant@redmine:/opt/redmine/trunk#
Attached Screenshots:¶
Associated revisions
Fixed that LDAP does not check the user and password when are defined in the method of authentication (#21674).
Patch by Helder Manuel Torres Vieira.
Fixed DN in tests (#21674).
Makes the test LDAP host configurable (#21674).
Include tested method name in tests names (#21674).
Do not bind when the account contains $login (#21674).
History
#1
Updated by Toshi MARUYAMA over 6 years ago
- Target version set to 3.3.0
#2
Updated by Jean-Philippe Lang over 6 years ago
- Subject changed from LDAP does not check the user and password when are defined in the method of authentication. to LDAP does not check the user and password that are defined in the method of authentication
- Status changed from New to Closed
- Assignee set to Jean-Philippe Lang
- Resolution set to Fixed
Patch committed, thanks.
#3
Updated by Jean-Philippe Lang about 6 years ago
- Subject changed from LDAP does not check the user and password that are defined in the method of authentication to The LDAP connection test does not check the credentials