Project

General

Profile

Actions

Defect #932

closed

LDAP / Active Directory user login

Added by Mikhail Yakshin almost 16 years ago. Updated almost 16 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Accounts / authentication
Target version:
-
Start date:
2008-03-26
Due date:
% Done:

100%

Estimated time:
Resolution:
Affected version:

Description

When trying to use Active Directory authentication with on-fly user addition, this procedure requires that user:

  • must have at least "first name", "last name" and "email" fields in LDAP,
  • must have "email" field in valid format.

In fact, in some AD/LDAP installations, some or all of these fields may be omitted. For example, in my AD, users were created only with "displayName", i.e. without "givenName" (=first name), "sn" (=last name) and email entries. I can solve first problem by setting up fake field mapping (for example, set everything to "displayName"), but I can't pass e-mail validation with these emails. I had to patch RedMine sources to

Last, but not least, saving on-the-fly created user uses .save, not .save!, and thus fails silently with very strange error message "Invalid user or password" in flash notice and even more misleading

Authenticating 'xxx' against 'My Directory'
DN found for xxx: CN=xxx,CN=Users,DC=domain,DC=zone
Authentication successful for 'xxx'

I've only digged down to the real problem after inserting lots of debug and using .save! method to produce an exception.

Actions #1

Updated by Jean-Philippe Lang almost 16 years ago

  • Status changed from New to Closed
  • % Done changed from 0 to 100

Applied in changeset r1345.

Actions

Also available in: Atom PDF