Bug #408: Authentication is by-passed when a client follows an LDAP referral - Metacat - Ecoinformatics Redmine

Actions

Copy link

Bug #408

closed

Authentication is by-passed when a client follows an LDAP referral

Added by Chris Jones almost 23 years ago. Updated over 22 years ago.

Status:

Resolved

Priority:

Immediate

Assignee:

Jing Tao

Category:

metacat

Target version:

1.1

Start date:

02/01/2002

Due date:

% Done:

Estimated time:

Bugzilla-Id:

408

Description

The ldap.ecoinformatics.org LDAP database services the dc=ecoinformatics,dc=org
tree, but is extended by LDAP referral objects that point to external LDAP
servers (e.g. dc=lter,dc=ecoinformatics,dc=org and dc=piscoweb,dc=org). When a
client (Morpho or web client) attempts to authenticate against ldap (via
metacat), if the user exists in one of the referred trees, authentication will
succeed, whether the password is correct or not. If the user entry is within
the main dc=ecoinformatics,dc=org tree, authentication will correctly fail if
the password is incorrect.

History
Notes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Metacat

Custom queries

Bug #408

Authentication is by-passed when a client follows an LDAP referral

Updated by Matt Jones almost 23 years ago

Updated by Jing Tao almost 23 years ago

Updated by Matt Jones almost 23 years ago

Updated by Jing Tao almost 23 years ago

Updated by Redmine Admin over 11 years ago