Task #4830 (closed)
Opened 13 years ago
Closed 13 years ago
Bug: if ldap enabled, dn set, password fails, user can still login on second try
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-Beta4.3 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | 2011-05-05 (11) |
Description
If a user has an empty password but a non-empty DN, and ldap is configured, there is still the possibility they will be able to login:
(ldap)~/git/dist $ bin/omero -s jmoore@localhost user list Previously logged in to localhost:4064 as jmoore Password: Password check failed Password: Created session 56fa99d2-0766-4536-a96e-8e47bd4ff7ce (jmoore@localhost:4064). Idle timeout: 10.0 min. Current group: ldap ^CCancelled
in the log:
2011-03-31 11:14:56,727 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore) 2011-03-31 11:14:57,801 INFO [ ome.services.util.ServiceHandler] (l.Server-1) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore) 2011-03-31 11:15:23,442 INFO [ ome.services.util.ServiceHandler] (l.Server-2) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(00051787-7c66-43c6-8848-cab70de25b5b) 2011-03-31 11:15:23,587 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-2) Default choice on create user: 00051787-7c66-43c6-8848-cab70de25b5b (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0) 2011-03-31 11:15:23,612 INFO [ ome.services.util.ServiceHandler] (l.Server-9) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(07c533c9-0bd9-4298-af5a-26877fc051a7) 2011-03-31 11:15:23,696 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-9) Default choice on create user: 07c533c9-0bd9-4298-af5a-26877fc051a7 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0) 2011-03-31 11:15:23,720 INFO [ ome.services.util.ServiceHandler] (l.Server-5) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(240d51c4-35c4-4e4e-9934-2533c3781c2b) 2011-03-31 11:15:23,805 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-5) Default choice on create user: 240d51c4-35c4-4e4e-9934-2533c3781c2b (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0) 2011-03-31 11:15:23,829 INFO [ ome.services.util.ServiceHandler] (l.Server-4) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(37e71962-d731-43cc-bb56-bcf2d7892dcb) 2011-03-31 11:15:23,915 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-4) Default choice on create user: 37e71962-d731-43cc-bb56-bcf2d7892dcb (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0) 2011-03-31 11:15:23,943 INFO [ ome.services.util.ServiceHandler] (l.Server-3) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(41c2ad1d-0b4e-40ae-a0af-3d9e3dbd4e78) 2011-03-31 11:15:24,190 INFO [ ome.security.auth.LdapPasswordProvider] (l.Server-3) Default choice on create user: 41c2ad1d-0b4e-40ae-a0af-3d9e3dbd4e78 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0) 2011-03-31 11:15:36,964 INFO [ ome.services.util.ServiceHandler] (l.Server-6) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore) 2011-03-31 11:15:38,077 INFO [ ome.services.util.ServiceHandler] (l.Server-0) Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore) (ldap)~/git/dist $ bin/omero config get
Change History (2)
comment:1 Changed 13 years ago by jmoore
- Owner set to jmoore
comment:2 Changed 13 years ago by jmoore
- Remaining Time set to 0
- Resolution set to invalid
- Sprint set to 2011-05-05 (11)
- Status changed from new to closed
Note: See
TracTickets for help on using
tickets.
You may also have a look at Agilo extensions to the ticket.
Can't reproduce. This was most likely an oddly configured/broken server while testing other development features.