<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:SimSun;
panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Consolas;
panose-1:2 11 6 9 2 2 4 3 2 4;}
@font-face
{font-family:"\@SimSun";
panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Consolas;
mso-fareast-language:EN-US;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";
mso-fareast-language:EN-US;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle24
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle25
{mso-style-type:personal;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.EmailStyle26
{mso-style-type:personal;
font-family:"Arial","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle27
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='color:#1F497D'>Hi,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>I can find in our code that error: it gets thrown when the LDAP server is available, but the supplied credentials are incorrect. It’s not that you’ve done anything wrong, the user has typed incorrect information. <o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Also, to see the information, they must have _debug turned on. That is done in config.php, I think, chaps? If it is turned on, you should turn it off,<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'>Julian<o:p></o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-GB'>From:</span></b><span lang=EN-US style='font-size:10.0pt;font-family:"Tahoma","sans-serif";mso-fareast-language:EN-GB'> John Pettifor [<a href="mailto:jpettifor@youngepilepsy.org.uk">mailto:jpettifor@youngepilepsy.org.uk</a>] <br><b>Sent:</b> 16 April 2013 09:28<br><b>To:</b> 'is-learning-team@nottingham.ac.uk'<br><b>Subject:</b> Possible Xerte Security Error?<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>I hope this is the right place to direct this.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>We have a local Xerte Site installation with LDAP authentication. Yesterday one of our users reported an error as below:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt;background:#F3EEE2'><span style='font-size:12.0pt;font-family:"Times New Roman","serif"'>Issue connecting to ldap server (#2) : Binding. <a href="mailto:sweepsvc@ncype.org.uk">YYYYYYY@ncype.org.uk</a> : :XXXXXXXX: <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Y = Administrative User name used to sweep the Active Directory<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>X = Password for the above account <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Both of these were obviously displayed in plain text. The user who viewed the account was a regular domain user.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Was this something we have done in error? <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:10.0pt;font-family:"Arial","sans-serif"'>Regards,<o:p></o:p></span></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'>John Pettifor<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'>Media/ILT Technician & STTCT Project Coordinator<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'>Young Epilepsy, St Piers Lane, Lingfield, Surrey RH7 6PW<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'>T 01342 832243 (Ext. 438) M 07807916858 E: <a href="mailto:jmorris@youngepilepsy.org.uk">jpettifor@youngepilepsy.org.uk</a> Skype: PettiforJohn<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'><o:p> </o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'>youngepilepsy.org.uk<o:p></o:p></span></b></p><p class=MsoNormal><b><span lang=EN-US style='font-size:10.0pt;font-family:"Arial","sans-serif";color:#7F7F7F;mso-fareast-language:EN-GB'>Young Epilepsy Helpline 01342 831342 or <a href="mailto:helpline@youngepilepsy.org.uk">helpline@youngepilepsy.org.uk</a><o:p></o:p></span></b></p><p class=MsoNormal><o:p> </o:p></p><pre>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. <a href="http://www.youngepilepsy.org.uk">www.youngepilepsy.org.uk</a> <o:p></o:p></pre><pre>Registered Charity No. 311877<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.<o:p></o:p></pre><pre><o:p> </o:p></pre><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:EN-GB'><o:p> </o:p></span></p><pre>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. <a href="http://www.youngepilepsy.org.uk">www.youngepilepsy.org.uk</a> <o:p></o:p></pre><pre>Registered Charity No. 311877<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.<o:p></o:p></pre><pre><o:p> </o:p></pre><p class=MsoNormal style='margin-bottom:12.0pt'><span style='font-size:12.0pt;font-family:"Times New Roman","serif";mso-fareast-language:EN-GB'><o:p> </o:p></span></p><pre>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Young Epilepsy is the operating name of the National Centre for Young People with Epilepsy (NCYPE), St Piers Lane, Lingfield, Surrey RH7 6PW. Tel: 01342 832 243. Fax: 01342 834 639. <a href="http://www.youngepilepsy.org.uk">www.youngepilepsy.org.uk</a> <o:p></o:p></pre><pre>Registered Charity No. 311877<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>The information contained in or attached to this email is confidential and only intended for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient any reading, printing, storage, disclosure, copying or any other action taken in respect of this e-mail is prohibited and may be unlawful. If you have received this email in error, please notify the sender immediately by using the reply function and then permanently delete what you have received.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>The views expressed in this email may not necessarily reflect the views or policies of Young Epilepsy.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Internet email is not a secure medium. Emails sent via the internet could be intercepted and read by someone else. Please bear that in mind when deciding whether to send material to Young Epilepsy. You have a responsibility to ensure laws are not broken when composing or forwarding emails and their contents.<o:p></o:p></pre><pre><o:p> </o:p></pre><pre>All emails and attachments sent and received by Young Epilepsy employees are stored by a forensic compliance system and are monitored to ensure the effective operation of the system and for other lawful purposes. <o:p></o:p></pre><pre><o:p> </o:p></pre><pre>Although Young Epilepsy operates anti-virus programmes, it does not accept any responsibility for any damage whatsoever that is caused by viruses being passed.<o:p></o:p></pre><pre><o:p> </o:p></pre></div></body></html>