2014-12-22 01:19 EST

View Issue Details Jump to Notes ] Wiki ]
IDProjectCategoryView StatusLast Update
0012948mantisbtauthenticationpublic2011-08-05 02:45
Reportersveyret 
Assigned Todregad 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionunable to reproduce 
Product Version1.2.3 
Target VersionFixed in Version 
Summary0012948: LDAP autocreation does not update DB
DescriptionWhen using LDAP for authentication, the DB is updated with LDAP data at each connection of the user. As indicated in the comments:
“This will allow us to use the local data after login without having to go back to LDAP. This will also allow fallback to DB if LDAP is down.”

But when connecting to Mantis for the first time, if the user has no account, this account will be automatically created, but does not use the LDAP data to fill the DB. In most case, this is not a big problem, because LDAP will be queried if a field is needed, but in some cases, data are only taken from the database (list existing users, for example).
Steps To Reproduce1. Set Mantis to authenticate through LDAP, using real name and e-mail from LDAP.
2. As a user with no Mantis account, connect to Mantis using your LDAP credits.
3. As administrator, look at the Mantis account. The last created account has no realname nor e-mail in the name list. It will even be impossible to warn him that he should connect again.
Tagspatch
Attached Files
  • patch file icon ldapcreate_1.2.patch (3,283 bytes) 2011-04-19 05:17 - 
    From 55269082fc142bfa3133b1aea50b402309cfaac4 Mon Sep 17 00:00:00 2001
    From: =?UTF-8?q?St=82phane=20Veyret?= <sveyret@axway.com>
    Date: Tue, 19 Apr 2011 11:11:00 +0200
    Subject: [PATCH] Fix 0012948: LDAP autocreation does not update DB
    
    ---
     core/authentication_api.php |    5 ++++
     core/ldap_api.php           |   47 ++++++++++++++++++++++++++----------------
     2 files changed, 34 insertions(+), 18 deletions(-)
    
    diff --git a/core/authentication_api.php b/core/authentication_api.php
    index c091300..2bf46e5 100644
    --- a/core/authentication_api.php
    +++ b/core/authentication_api.php
    @@ -207,6 +207,11 @@ function auth_attempt_login( $p_username, $p_password, $p_perm_login = false ) {
     				# @@@ trigger an error here?
     				return false;
     			}
    +
    +			# If this is LDAP, update the user data
    +			if ( LDAP == $t_login_method ) {
    +				ldap_update_user_data( $p_username, $p_password );
    +			}
     		} else {
     			return false;
     		}
    diff --git a/core/ldap_api.php b/core/ldap_api.php
    index 7f9e012..e12cbd9 100644
    --- a/core/ldap_api.php
    +++ b/core/ldap_api.php
    @@ -409,25 +409,9 @@ function ldap_authenticate_by_username( $p_username, $p_password ) {
     		ldap_unbind( $t_ds );
     	}
     
    -	# If user authenticated successfully then update the local DB with information
    -	# from LDAP.  This will allow us to use the local data after login without
    -	# having to go back to LDAP.  This will also allow fallback to DB if LDAP is down.
    +	# If user authenticated successfully then update the local DB.
     	if ( $t_authenticated ) {
    -		$t_user_id = user_get_id_by_name( $p_username );
    -
    -		if ( false !== $t_user_id ) {
    -			user_set_field( $t_user_id, 'password', md5( $p_password ) );
    -
    -			if ( ON == config_get( 'use_ldap_realname' ) ) {
    -				$t_realname = ldap_realname( $t_user_id );
    -				user_set_field( $t_user_id, 'realname', $t_realname );
    -			}
    -
    -			if ( ON == config_get( 'use_ldap_email' ) ) {
    -				$t_email = ldap_email_from_username( $p_username );
    -				user_set_field( $t_user_id, 'email', $t_email );
    -			}
    -		}
    +		ldap_update_user_data( $p_username, $p_password );
             log_event( LOG_LDAP, "User '$p_username' authenticated" );
     	} else {
             log_event( LOG_LDAP, "Authentication failed" );
    @@ -437,6 +421,33 @@ function ldap_authenticate_by_username( $p_username, $p_password ) {
     }
     
     /**
    + * Update the local DB with information from LDAP. This will allow us to use
    + * the local data after login without having to go back to LDAP. This will also
    + * allow fallback to DB if LDAP is down.
    + *
    + * @param string $p_username The user name.
    + * @param string $p_password The password.
    + * @return null
    + */
    +function ldap_update_user_data( $p_username, $p_password ) {
    +	$t_user_id = user_get_id_by_name( $p_username );
    +
    +	if ( false !== $t_user_id ) {
    +		user_set_field( $t_user_id, 'password', md5( $p_password ) );
    +
    +		if ( ON == config_get( 'use_ldap_realname' ) ) {
    +			$t_realname = ldap_realname( $t_user_id );
    +			user_set_field( $t_user_id, 'realname', $t_realname );
    +		}
    +
    +		if ( ON == config_get( 'use_ldap_email' ) ) {
    +			$t_email = ldap_email_from_username( $p_username );
    +			user_set_field( $t_user_id, 'email', $t_email );
    +		}
    +	}
    +}
    +
    +/**
      * Checks if the LDAP simulation mode is enabled.
      *
      * @return bool true if enabled, false otherwise.
    -- 
    1.7.1
    
    
    patch file icon ldapcreate_1.2.patch (3,283 bytes) 2011-04-19 05:17 + 

- Relationships
+ Relationships

-  Notes
User avatar

~0028655

sveyret (reporter)

Gave a patch to correct this built against branch 1.2.
User avatar

~0029126

dregad (developer)

It would be nice if this were included in 1.2.6.
User avatar

~0029167

dregad (developer)

Hi Stéphane,

Before applying your patch, I tried to reproduce the problem but was unable to.

I made a fresh install of 1.2.5, setup config_inc as follows

$g_login_method = LDAP;
$g_use_ldap_email = ON;
$g_use_ldap_realname = ON;

Before starting, I check the database before login with test user, to confirm it does not exist:

mysql> select id, username, realname, email, date_created from mantis_user_table where username = 'test';
Empty set (0.00 sec)

Then I login, and I verify the table again:
mysql> select id, username, realname, email, date_created from mantis_user_table where username = 'test';
+----+----------+-----------+---------------+--------------+
| id | username | realname | email | date_created |
+----+----------+-----------+---------------+--------------+
| 19 | test | Test User | user@test.com | 1310636385 |
+----+----------+-----------+---------------+--------------+
1 row in set (0.00 sec)

Of course checking with admin account within Mantis (manage_user_page.php) does show the user details (as expected).

I must say I was surprised by this, because as I remember experiencing the same issue before. Can you please confirm that the problem is reproducible on your side, and if yes give me more details ?

Thanks
Damien
User avatar

~0029183

sveyret (reporter)

Hi Damien,

I'm pretty sure I had this problem when I first made tests with LDAP. But I've just checked and I made a mistake in this bug report, because I was using version 1.2.3 at that time. I have now installed my patch in all my environments, and so am not able to test it anymore. But if ever I have time to do the test again, I will warn you.

Stéphane.
User avatar

~0029185

dregad (developer)

Hi Stéphane,

I just did a fresh install of 1.2.3, but still I'm not able to reproduce the behavior you describe; I get the exact same results I described previously.

I will mark this issue as resolved for now, feel free to reopen if you manage to reproduce the issue in future tests.

Damien
+  Notes

- Issue History
Date Modified Username Field Change
2011-04-19 05:09 sveyret New Issue
2011-04-19 05:17 sveyret File Added: ldapcreate_1.2.patch
2011-04-19 05:18 sveyret Tag Attached: patch
2011-04-19 05:18 sveyret Note Added: 0028655
2011-07-07 11:18 dregad Note Added: 0029126
2011-07-12 05:46 dhx Target Version => 1.2.6
2011-07-13 11:56 dregad Assigned To => dregad
2011-07-13 11:56 dregad Status new => assigned
2011-07-14 05:59 dregad Note Added: 0029167
2011-07-18 03:35 sveyret Note Added: 0029183
2011-07-18 05:25 dregad Note Added: 0029185
2011-07-18 05:25 dregad Status assigned => resolved
2011-07-18 05:25 dregad Resolution open => unable to reproduce
2011-07-18 05:25 dregad Product Version 1.2.5 => 1.2.3
2011-07-18 05:25 dregad Target Version 1.2.6 =>
2011-08-05 02:45 atrol Status resolved => closed
+ Issue History