Uploaded image for project: 'LDAP'
  1. LDAP
  2. LDAP-148

LDAP user cleanup group membership test fails when the user's DN changed

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Major
    • 9.15.2
    • 9.15.1
    • User Cleanup
    • None
    • Unknown
    • N/A
    • N/A

    Description

      The group membership check currently always checks the DN that is stored in the user profile if there is any. This makes the group membership test fail when the DN changes. This doesn't match what the authenticator does. From my understanding of the code, the authenticator doesn't specify any DN (just null) if the bind DN is explicitly specified and otherwise by default passes the user name that is entered in the login form as DN.

       

      It seems much safer (and fixes the wrong disabling of the user account) to always pass null as DN to the group membership check.

      Attachments

        Activity

          People

            MichaelHamann Michael Hamann
            MichaelHamann Michael Hamann
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: