Project

General

Profile

Bug #408

Authentication is by-passed when a client follows an LDAP referral

Added by Chris Jones over 17 years ago. Updated over 17 years ago.

Status:
Resolved
Priority:
Immediate
Assignee:
Category:
metacat
Target version:
Start date:
02/01/2002
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
408

Description

The ldap.ecoinformatics.org LDAP database services the dc=ecoinformatics,dc=org
tree, but is extended by LDAP referral objects that point to external LDAP
servers (e.g. dc=lter,dc=ecoinformatics,dc=org and dc=piscoweb,dc=org). When a
client (Morpho or web client) attempts to authenticate against ldap (via
metacat), if the user exists in one of the referred trees, authentication will
succeed, whether the password is correct or not. If the user entry is within
the main dc=ecoinformatics,dc=org tree, authentication will correctly fail if
the password is incorrect.

History

#1 Updated by Matt Jones over 17 years ago

This is probably a problem in not handling referrals in AuthLdap.authenticate()
correctly.

#2 Updated by Jing Tao over 17 years ago

It is fixed

#3 Updated by Matt Jones over 17 years ago

Please provide a more detailed explanation of what was wrong and how you fixed
it. Thanks.

#4 Updated by Jing Tao over 17 years ago

After a referral exception happend, we should reset enviroment properties again
before creating a contex. These environment properties include PROVIDER_URL,
SECURITY_PRINCIPLE, SECURITY_CREDENTIALS, REFERRAL, and
INITIAL_CONTEXT_FACOTRY. Otherwise, you couldn't get a naming exception.

#5 Updated by Redmine Admin over 6 years ago

Original Bugzilla ID was 408

Also available in: Atom PDF