LDAP credentials for DL users with multiple mail values
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Document Library |
New
|
Undecided
|
Unassigned | ||
Bug Description
(Apologies if this bug appears twice. I thought I had already submitted this once today, but it seems to have completely vanished)
We have a DL user who has a few (2-3) documents submitted on his behalf to the system, using his work email address in the appropriate part of the DL submit form.
When he views a published web page containing some of his available documents, he also has the option to edit the document because Silva knows he is the author (presumably the CMS is using the 'cn' value from LDAP and matching it to the username used when he logged into the web site).
However, when he clicks on the link, he is taken into the DL which then reports that he is unauthorized. If he browses around in the DL, it knows who he is but he has no 'my authored documents' when it should show two or three.
We think we know why this is happening. He happens to have multiple 'mail' values in his LDAP entry (two different 'mail' addresses) and the one picked up by LDAP isn't the one that is used for his 'author email' in the DL. We've been told that multiple 'mail' values are allowed in LDAP but this is the first time I've ever seen anyone in our system with more than one 'mail' value.
However, this also highlights that the checks SIlva and the DL make to match up a user with their documents are different when (to avoid this scenario in future) they should really be the same.
