Project

General

Profile

Bug #270

change LDAP interface to get complete DN from client

Added by Matt Jones about 18 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
08/31/2001
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
270

Description

Metacat currently retrieves a userid from the client, and uses this along with a
single configuarable baseDN parameter to determine the string that is used to
look up the user in LDAP, and ultimately to authenticate them. This will not
work if we have LDAP configured to refer some authentication to alternate
servers (like the LTER personell db). In the new scheme, metacat MUST get the
complete DN from the client, so that it can be passed to the correct LDAP server
for authentication.

So, instead of passing:
jones
Morpho must pass:
uid=jones,o=NCEAS,dc=ecoinformatics,dc=org
in order for metacat to use referral properly.

History

#1 Updated by Matt Jones about 18 years ago

FIXED. Now the metacat authentication scheme assumes that the username passed
into metacat is the FULL DN and tries to authenticate using it. For backwards
compatibility, if that fails metacat will then try to find a DN match from ldap
using the passed in string and authenticate using it, but this behavior is
deprecated. Morpho needs to be updated to use the new preferred behavior (which
is faster anyway).

#2 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 270

Also available in: Atom PDF