[Xerte-dev] Re: Problem with LDAP login with no bind password

[Julian Tenney]

Thanks, I'm not the right person here to act on that, but thanks for the info,

From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Knight-Markiegi, Tom
Sent: 09 August 2013 13:07
To: 'xerte-dev at lists.nottingham.ac.uk'
Subject: [Xerte-dev] Problem with LDAP login with no bind password

Hi,

I found a problem with logging in using LDAP using Xerte 2.0 (svn r1068) when there is no LDAP bind password.

We have this setup:

mysql> select ldap_username, ldap_password, ldap_filter, ldap_filter_attr from ldap;
+---------------+---------------+------------------------------+------------------+
| ldap_username | ldap_password | ldap_filter                  | ldap_filter_attr |
+---------------+---------------+------------------------------+------------------+
|               |               | (eduPersonAffiliation=staff) | cn               |
+---------------+---------------+------------------------------+------------------+
1 row in set (0.00 sec)

This ensures that only staff can log in.

The problem is that the code in library/Xerte/Authentication/Ldap.php was trying to use ldap_filter for anonymous binding and searching when no bind password is used. The attached patch is how I got round this problem at our institution. Something similar may be needed in the block that does use a bind password if the secondary filter should be used for searching.

Thanks,

Tom

--
Tom Knight-Markiegi - Systems Support Team Leader
Web & Learning Environments | Corporate Systems | Information Systems and Technology
Student and Learning Services | Sheffield Hallam University
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nottingham.ac.uk/pipermail/xerte-dev/attachments/20130809/667fa729/attachment.html>