Bug #270
closedchange LDAP interface to get complete DN from client
0%
Description
Metacat currently retrieves a userid from the client, and uses this along with a
single configuarable baseDN parameter to determine the string that is used to
look up the user in LDAP, and ultimately to authenticate them. This will not
work if we have LDAP configured to refer some authentication to alternate
servers (like the LTER personell db). In the new scheme, metacat MUST get the
complete DN from the client, so that it can be passed to the correct LDAP server
for authentication.
So, instead of passing:
jones
Morpho must pass:
uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
in order for metacat to use referral properly.
Updated by Matt Jones about 23 years ago
FIXED. Now the metacat authentication scheme assumes that the username passed
into metacat is the FULL DN and tries to authenticate using it. For backwards
compatibility, if that fails metacat will then try to find a DN match from ldap
using the passed in string and authenticate using it, but this behavior is
deprecated. Morpho needs to be updated to use the new preferred behavior (which
is faster anyway).