Details
-
Bug
-
Resolution: Fixed
-
Major
-
1.2
Description
In the specific case where Trusted LDAP is used with form based authentication and the DN stored in the user profile is not correct anymore, the Trusted LDAP module will try authentication the user on the LDAP server using the DN from the profile and the password given as credential. If since the DN was stored, the actual DN of the user has changed, then the login will fail.
Since it is possible that DN change, then it would be necessary to fallback to a lookup of the DN of the user in case the authentication has failed. If this lookup gives a different DN then this DN should be used to try again authenticating with the credentials provided by the user. In that case at the end of the process the DN will be updated to the new DN and everything will be fine at next login.