Fixed the LDAP authentication adapter (AuthLdap.java) so that it now looks up the distinguished name for a user before attempting to do authentication. This is because the user's distinguished name can sometimes be based on their uid attribute, but sometimes be based on their cn (common name) attribute, or some other attribute. In order to authenticate, we must be able construct the distinguished name, so we have to look up the identifying attribute before trying to authenticate. Basically, this lets us authenticate agains both of the following records:
dn: uid=jones,o=NCEAS,c=US
and
dn: cn=Matt Jones,o=NCEAS,c=US
Effectively, this means that the user can type in their user id (uid), common name (cn), or surname (sn) and we'll still be able to authenticate them. BugID: 138
Fixed the LDAP authentication adapter (AuthLdap.java) so that it now looks up
the distinguished name for a user before attempting to do authentication.
This is because the user's distinguished name can sometimes be based on
their uid attribute, but sometimes be based on their cn (common name)
attribute, or some other attribute. In order to authenticate, we must
be able construct the distinguished name, so we have to look up the
identifying attribute before trying to authenticate. Basically, this
lets us authenticate agains both of the following records:
and
Effectively, this means that the user can type in their user id (uid),
common name (cn), or surname (sn) and we'll still be able to authenticate them.
BugID: 138