Bug #3939

Bugs in LDAP Auth

Added by Matthias Frey about 5 years ago. Updated about 3 years ago.

Status:ClosedStart date:08/17/2015
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Drivers - Auth
Target version:-
Resolution:worksforme Pull request:
Affected Versions:OpenNebula 4.12

Description

Hi

I discovered 2 Bugs when trying to connect to our LDAP Server:

1. In the function is_in_group() an String is passed to ldap.search to specify the Attributes. But net-ldap needs them as an array. (At least in the Version from Debian Squeeze)

2. By Default find_user() only searches for the "memberOf" Attribute. If user_group_field is set to an other Value Name, the Function returns [dn, []] instead of [dn, AttributeValue].

Quick and dirty Fix:

Add :attributes: [ "NameOfTheField" ] to the Server Configuration in /etc/one/auth/ldap_auth.conf.

ldap_auth.rb.patch Magnifier - Fix first Bug (480 Bytes) Matthias Frey, 08/17/2015 02:04 PM

Associated revisions

Revision 5d1e5f6a
Added by Javi Fontan about 3 years ago

B #3939: ldap search attributes should be an array

Revision c0a9c67a
Added by Javi Fontan about 3 years ago

B #3939: ldap search attributes should be an array

(cherry picked from commit 5d1e5f6a4c13d9302bf8e407caa0311a7f70c3e9)

History

#1 Updated by Javi Fontan about 3 years ago

  • Status changed from Pending to Closed
  • Resolution set to worksforme

This is working fine in 5.4.

#2 Updated by Rolandas Naujikas about 3 years ago

Hi,

ldap_auth.rb has bug with rfc2307bis==false in get_groups @ldap.search attributes should have array, not string.

:attributes => "dn",

should be
:attributes => [ "dn" ],

.

Regards, Rolandas

#3 Updated by Javi Fontan about 3 years ago

Thanks! I've updated both master and one-5.4 branches.

Also available in: Atom PDF