Bug #408
closedAuthentication is by-passed when a client follows an LDAP referral
0%
Description
The ldap.ecoinformatics.org LDAP database services the dc=ecoinformatics,dc=org
tree, but is extended by LDAP referral objects that point to external LDAP
servers (e.g. dc=lter,dc=ecoinformatics,dc=org and dc=piscoweb,dc=org). When a
client (Morpho or web client) attempts to authenticate against ldap (via
metacat), if the user exists in one of the referred trees, authentication will
succeed, whether the password is correct or not. If the user entry is within
the main dc=ecoinformatics,dc=org tree, authentication will correctly fail if
the password is incorrect.
Updated by Matt Jones about 22 years ago
This is probably a problem in not handling referrals in AuthLdap.authenticate()
correctly.
Updated by Matt Jones about 22 years ago
Please provide a more detailed explanation of what was wrong and how you fixed
it. Thanks.
Updated by Jing Tao about 22 years ago
After a referral exception happend, we should reset enviroment properties again
before creating a contex. These environment properties include PROVIDER_URL,
SECURITY_PRINCIPLE, SECURITY_CREDENTIALS, REFERRAL, and
INITIAL_CONTEXT_FACOTRY. Otherwise, you couldn't get a naming exception.