プロジェクト

全般

プロフィール

編集 操作
リンクをコピー

Vote #63398

未完了

LDAP authentication extremely flaky

Admin Redmine さんがほぼ2年前に追加. ほぼ2年前に更新.

ステータス:
Needs feedback
優先度:
通常
担当者:
-
カテゴリ:
LDAP_28
対象バージョン:
Candidate for next major release_32
開始日:
2008/06/10
期日:
進捗率:

0%

予定工数:
Redmineorg_URL:
https://www.redmine.org/issues/1420
category_id:
28
version_id:
32
issue_org_id:
1420
author_id:
1246
assigned_to_id:
0
comments:
8
status_id:
10
tracker_id:
1
plus1:
0
affected_version:
closed_on:
affected_version_id:
3
ステータス-->[Needs feedback]
引用

説明

I hit a problem with LDAP on Linux. It turns out that net/ldap is extremely unreliable when authenticating against the LDAP server at work. I've filed a bug against net/ldap on RubyForge, but since the project seems dormant it's not clear anything will happen.

As a workaround, I coded up a replacement for app/models/auth_source_ldap.rb that uses the Ruby interface to OpenLDAP. So far this has been reliable.

Presumably ruby/ldap works for some people, so it might be nice to offer both as options, but I couldn't immediately work out how to patch RedMine to do that.

journals

Hi Mathew,

I also ran into this problem when trying to use the default ldap api on a linux server. Your patch works great, thanks ; )

Adriano Crestani Campos
--------------------------------------------------------------------------------
I'm uploading a new patch that contains a merge of the file created by Mathew (the one that uses OpenLDAP instead) and the auth_source_ldap.rb file from revision 2482.
--------------------------------------------------------------------------------
I've created a patch that also uses Ruby/LDAP. After I wrote it, I found your patch and they are very similar ;) However it seems that your patch does not bind as the given user if it is set in the account and password fields. I've (hopefully) fixed it in initialize_ldap_con by adding a call to bind after creating connection. The patch can be found here: #3253
--------------------------------------------------------------------------------
this should be filed under the LDAP category.
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
Well maybe this is resolved due some further upgrades of ldap.

Any news on this? Someone who can verify this?
--------------------------------------------------------------------------------
Last time I tried it was when I upgraded to 2.1, and it's still broken there. If there have been LDAP improvements in the last few months, I can try again?
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------

related_issues

relates,New,3253,LDAP Auth : Alias Dereference

操作
リンクをコピー
 #1

Admin Redmine さんがほぼ2年前に更新

  • カテゴリLDAP_28 にセット
  • 対象バージョンCandidate for next major release_32 にセット
編集 操作
リンクをコピー

他の形式にエクスポート: Atom PDF

いいね!0
いいね!0

demo1.unofficial-redmine.org