Forums / Setup & design / ezpublish3.x and LDAP
Joe Smith
Thursday 04 December 2003 4:57:40 am
Two cuestions: 1. When I use LDAP authentication and type a valid username with a bad password, ez ask me for a new password. But if I use a '' password (=blank password, =intro), the user ¡¡¡is authenticated¡¡¡ Incredible, but true :-) Anyone knows where can I be wrong or it's a bug?
2. Can I assign different branchs of a LDAP tree to different user roles?
Wenyue Yu
Thursday 04 December 2003 7:46:01 am
hi,
Answer 1:Null password will returns true on servers where anonymous access is allowed. You can either disable anonymous access in LDAP server or use next release of 3.2/3.3 stable where this bug will be fixed.
Answer 2:Not supported currently since all Ldap users will be put in one user group.
Regards,Wenyue
Thursday 04 December 2003 8:56:03 am
> Answer 1: > Null password will returns true on servers where anonymous > access is allowed. You can either disable anonymous access in > LDAP server or use next release of 3.2/3.3 stable where this bug > will be fixed.
Thanks Wenyue! I have resolved the second question using a parameter in LDAP to send the user to a concrete user group with a specific role. But first question is more difficult. I'm using ezpublish-3.2-3 and i have the same problem.
Friday 05 December 2003 5:14:38 am
Hi,
Sorry, I mean 3.2-4 release or 3.3 beta2, the fix is only available in svn. You can add following line in kernel/classes/datatypes/ezuser/ezldapuser.php
------------------------------------------------ if( !$password ) { $password = crypt( microtime() ); } ----------------------------------------------- before // authenticated user if ( !@ldap_bind( $ds, $info[0]['dn'], $password ) ) { return false; }