View Issue Details

WikiJump to Notes
IDProjectCategoryView StatusDate SubmittedLast Update
0013550mantisbtldappublic2011-11-23 04:232012-06-24 10:12
ReporterLapinkiller Assigned Torombert  
PrioritylowSeveritymajorReproducibilityalways
Status closedResolutionno change required 
Product Version1.2.8 
Summary0013550: c cedilla in active directory password
Description

Hello,

If a Active Directory User have a character like ç (c cedilla) in his password, he can't logon to Mantis...

I had same problem on one of my php applications and i resolved it with a utf8_decode on the password... but it doesn't work with Mantis...

My AD admin said me passwords in the AD use charset UTF-16LE, so i tried with mb_convert_encoding, but doesn't work too...

Steps To Reproduce

I used AD test account :
login : Test.Mantis
pwd : çanard!123 (with a cedilla on the c)

tested with Firefox 8 on Win7 64b - French

TagsNo tags attached.
Attached Files

Activities

belfar

belfar

2011-11-23 18:39

reporter   ~0030286

teste
Lapinkiller

Lapinkiller

2011-12-21 02:43

reporter   ~0030669

please, is it possible to have a feedback ?
rombert

rombert

2011-12-23 05:25

reporter   ~0030675

Can you enable LOG_LDAP output ( see http://www.mantisbt.org/docs/master-1.2.x/en/administration_guide.html#ADMIN.CONFIG.LOGGING ) and attach the log here?

The property might not yet be visible in the guide, I just pushed an updated, but everything else should work just fine.
Lapinkiller

Lapinkiller

2011-12-28 03:06

reporter   ~0030712

No more informations in log :

28-12-2011 09:04 CET ldap Binding to LDAP server
28-12-2011 09:04 CET ldap Attempting connection to LDAP URI 'ldap://ldap.mycompany.com'.
28-12-2011 09:04 CET ldap Connection accepted by LDAP server
28-12-2011 09:04 CET ldap Setting LDAP protocol version to 3
28-12-2011 09:04 CET ldap Attempting bind to ldap server with username and password
28-12-2011 09:04 CET ldap Bind to ldap server successful
28-12-2011 09:04 CET ldap Searching for (&(objectClass=*)(sAMAccountName=Test.Mantis))
28-12-2011 09:04 CET ldap Checking CN=Test Mantis,OU=Utilisateurs,OU=ENTITE-AZERTY,OU=Ressources_Locales,DC=corp,DC=log,DC=intra,DC=mycompany,DC=fr
28-12-2011 09:04 CET ldap Unbinding from LDAP server
28-12-2011 09:04 CET ldap Authentication failed
rombert

rombert

2011-12-29 09:24

reporter   ~0030727

I created a test user with the login and password you specified on OpenLDAP but was unable to reproduce. So the problem is linked to AD specifically.

Digging further, it seems that a user is found ( the Checking... log entry is from core/ldap_api.php:380 ) but the bind does not succeed. Could you test the attached patch and let me know if any specific errors are reported now in the LDAP log?

ldapapiphp-log-last-LDAP-error-if-ldapbind-fails.patch (603 bytes)    
From fa2647a385489bbd2b1abe76a48a42a3ffe9054f Thu, 29 Dec 2011 16:23:54 +0200
From: Robert Munteanu <robert@lmn.ro>
Date: Thu, 29 Dec 2011 16:22:46 +0200
Subject: [PATCH] ldap_api.php: log last LDAP error if ldap_bind fails

Affects bug #13550: c cedilla in active directory password 


diff --git a/core/ldap_api.php b/core/ldap_api.php
index 4d3cc2f..afa2516 100644
--- a/core/ldap_api.php
+++ b/core/ldap_api.php
@@ -383,6 +383,8 @@
 				if ( @ldap_bind( $t_ds, $t_dn, $p_password ) ) {
 					$t_authenticated = true;
 					break;
+				} else {
+					ldap_log_error( $t_ds );
 				}
 			}
 		} else {
ldapapiphp-log-last-LDAP-error-if-ldapbind-fails.patch (603 bytes)   
Lapinkiller

Lapinkiller

2011-12-29 10:27

reporter   ~0030729

Last edited: 2011-12-29 10:33

now it works O____o (without your patch)

maybe the have changed somethings on the AD (Microsoft AD 2003) else i don't understand...

i will try to contact the admins about changes on AD... i know they will migrate AD to 2008 soon...

EDIT : i had the same problem on Dokuwiki and now it works too :D
If i can have the info about what they have changed on AD, i'll put it here.
rombert

rombert

2011-12-29 13:12

reporter   ~0030730

Thanks for the follow-up. I'll set this on feedback and wait for more input from you. At any rate, the patch will be useful for debugging if you need it.
rombert

rombert

2012-06-07 04:51

reporter   ~0032034

No feedback for 5 months, so closing.