Task #6885 (closed)
Bug: LdapPasswordProvider regression
Reported by: | jamoore | Owned by: | jamoore |
---|---|---|---|
Priority: | major | Milestone: | OMERO-Beta4.3.3 |
Component: | Security | Version: | n.a. |
Keywords: | n.a. | Cc: | atarkowska, sylittlewood |
Resources: | n.a. | Referenced By: | n.a. |
References: | n.a. | Remaining Time: | 0.0d |
Sprint: | n.a. |
Description (last modified by jmoore)
Work on #6248 (apply user_filter on password check) broke a workaround for #4821 (upper/lower case) as well as other issues. The previous code from 4.3.1 should be re-added as a configuration option, and possibly made the default.
Capitalization
In Chris Wood's case, users have their omeNames manually changed to match the LDAP capitalization. Enforcing the user_filter on every password check makes that impossible. Since their user_filter is not as restrictive as that in #6248, it makes sense to allow rolling back to the 4.3.1 logic.
See:
- #4821 (case sensitivity support)
- http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-September/002808.html
Differing DNs
In order to implement #6248, there was some worry that if the DNs became out of sync that there would be a similar security issue as with the user_filter being out of sync which was the basis of #6248. While implementing that, then, we disallowed differing DNs until #2587 could be implemented. That caused some issues (see threads below) for sites where the DNs change frequently. Again, the suggested fixed was to allow rolling back to the 4.3.1 logic.
See:
- #2587 (remove DN from DB)
- also #6719 (add DN for groups)
- http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-September/002824.html
- http://lists.openmicroscopy.org.uk/pipermail/ome-users/2011-October/002841.html
Change History (4)
comment:1 Changed 13 years ago by jmoore
- Cc atarkowska sylittlewood added
- Description modified (diff)
- Priority changed from minor to major
comment:2 Changed 13 years ago by jmoore
comment:3 Changed 13 years ago by jmoore
- Resolution set to fixed
- Status changed from new to closed
Closing since pushed. Any comments should go to https://github.com/openmicroscopy/openmicroscopy/pull/6
comment:4 Changed 13 years ago by jmoore <josh@…>
- Remaining Time set to 0
(In [3c0039b563c945ea5e56a03eb87a842774b85139/ome.git]) Re-add 4.3.1 LdapPasswordProvider? (Fix #6885)
https://github.com/joshmoore/openmicroscopy/commit/3c0039b563c945ea5e56a03eb87a842774b85139