Bug #3939
Bugs in LDAP Auth
| Status: | Closed | Start date: | 08/17/2015 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Drivers - Auth | |||
| Target version: | - | |||
| Resolution: | worksforme | Pull request: | ||
| Affected Versions: | OpenNebula 4.12 |
Description
Hi
I discovered 2 Bugs when trying to connect to our LDAP Server:
1. In the function is_in_group() an String is passed to ldap.search to specify the Attributes. But net-ldap needs them as an array. (At least in the Version from Debian Squeeze)
2. By Default find_user() only searches for the "memberOf" Attribute. If user_group_field is set to an other Value Name, the Function returns [dn, []] instead of [dn, AttributeValue].
Quick and dirty Fix:
Add :attributes: [ "NameOfTheField" ] to the Server Configuration in /etc/one/auth/ldap_auth.conf.
ldap_auth.rb.patch 
- Fix first Bug
(480 Bytes)
Associated revisions
B #3939: ldap search attributes should be an array
B #3939: ldap search attributes should be an array
(cherry picked from commit 5d1e5f6a4c13d9302bf8e407caa0311a7f70c3e9)
History
#1
Updated by Javi Fontan almost 4 years ago
- Status changed from Pending to Closed
- Resolution set to worksforme
This is working fine in 5.4.
#2
Updated by Rolandas Naujikas almost 4 years ago
Hi,
ldap_auth.rb has bug with rfc2307bis==false in get_groups @ldap.search attributes should have array, not string.
:attributes => "dn",
should be
:attributes => [ "dn" ],
.
Regards, Rolandas
#3
Updated by Javi Fontan almost 4 years ago
Thanks! I've updated both master and one-5.4 branches.