Context Navigation

← Previous Ticket
Next Ticket →

Warning: Can't synchronize with repository "(default)" (/home/git/ome.git does not appear to be a Git repository.). Look in the Trac log for more information.

Notice: In order to edit this ticket you need to be either: a Product Owner, The owner or the reporter of the ticket, or, in case of a Task not yet assigned, a team_member"

Task #4830 (closed)

Opened 13 years ago

Closed 13 years ago

Bug: if ldap enabled, dn set, password fails, user can still login on second try

Reported by:	jamoore	Owned by:	jamoore
Priority:	major	Milestone:	OMERO-Beta4.3
Component:	Security	Version:	n.a.
Keywords:	n.a.	Cc:
Resources:	n.a.	Referenced By:	n.a.
References:	n.a.	Remaining Time:	0.0d
Sprint:	2011-05-05 (11)

Description

If a user has an empty password but a non-empty DN, and ldap is configured, there is still the possibility they will be able to login:

(ldap)~/git/dist $ bin/omero -s jmoore@localhost user list
Previously logged in to localhost:4064 as jmoore
Password:
Password check failed
Password:
Created session 56fa99d2-0766-4536-a96e-8e47bd4ff7ce (jmoore@localhost:4064). Idle timeout: 10.0 min. Current group: ldap
^CCancelled

in the log:

2011-03-31 11:14:56,727 INFO  [        ome.services.util.ServiceHandler] (l.Server-0)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore)
2011-03-31 11:14:57,801 INFO  [        ome.services.util.ServiceHandler] (l.Server-1)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore)
2011-03-31 11:15:23,442 INFO  [        ome.services.util.ServiceHandler] (l.Server-2)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(00051787-7c66-43c6-8848-cab70de25b5b)
2011-03-31 11:15:23,587 INFO  [  ome.security.auth.LdapPasswordProvider] (l.Server-2) Default choice on create user: 00051787-7c66-43c6-8848-cab70de25b5b (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2011-03-31 11:15:23,612 INFO  [        ome.services.util.ServiceHandler] (l.Server-9)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(07c533c9-0bd9-4298-af5a-26877fc051a7)
2011-03-31 11:15:23,696 INFO  [  ome.security.auth.LdapPasswordProvider] (l.Server-9) Default choice on create user: 07c533c9-0bd9-4298-af5a-26877fc051a7 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2011-03-31 11:15:23,720 INFO  [        ome.services.util.ServiceHandler] (l.Server-5)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(240d51c4-35c4-4e4e-9934-2533c3781c2b)
2011-03-31 11:15:23,805 INFO  [  ome.security.auth.LdapPasswordProvider] (l.Server-5) Default choice on create user: 240d51c4-35c4-4e4e-9934-2533c3781c2b (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2011-03-31 11:15:23,829 INFO  [        ome.services.util.ServiceHandler] (l.Server-4)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(37e71962-d731-43cc-bb56-bcf2d7892dcb)
2011-03-31 11:15:23,915 INFO  [  ome.security.auth.LdapPasswordProvider] (l.Server-4) Default choice on create user: 37e71962-d731-43cc-bb56-bcf2d7892dcb (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2011-03-31 11:15:23,943 INFO  [        ome.services.util.ServiceHandler] (l.Server-3)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(41c2ad1d-0b4e-40ae-a0af-3d9e3dbd4e78)
2011-03-31 11:15:24,190 INFO  [  ome.security.auth.LdapPasswordProvider] (l.Server-3) Default choice on create user: 41c2ad1d-0b4e-40ae-a0af-3d9e3dbd4e78 (ome.conditions.ApiUsageException: Cannot find unique DistinguishedName: found=0)
2011-03-31 11:15:36,964 INFO  [        ome.services.util.ServiceHandler] (l.Server-6)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore)
2011-03-31 11:15:38,077 INFO  [        ome.services.util.ServiceHandler] (l.Server-0)  Executor.doWork -- ome.services.sessions.SessionManagerImpl.executeCheckPasswordRO(jmoore)
(ldap)~/git/dist $ bin/omero config get

References

Referenced by:
← User Story (#4826): LDAP: 4.3 improvements

Change History (2)

comment:1 Changed 13 years ago by jmoore

Owner set to jmoore

comment:2 Changed 13 years ago by jmoore

Remaining Time set to 0
Resolution set to invalid
Sprint set to 2011-05-05 (11)
Status changed from new to closed

Can't reproduce. This was most likely an oddly configured/broken server while testing other development features.

Note: See TracTickets for help on using tickets. You may also have a look at Agilo extensions to the ticket.

Download in other formats: