enumerateUsers offers exact_match option but returns non exact matches
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Products.LDAPMultiPlugins |
Fix Released
|
Medium
|
Unassigned |
Bug Description
We are using PloneFlashUpload, that needs to authenticate users when a request
started. It gets the user from acl_users and gets himself a new security_manager
with that user.
In case of the user "admin" nothing works as it should as he believes we are the User
"Admin" that exists in LDAP, but without Admin rights.
From stepping through it, I can see that enumerateUsers, gets a parameter exact_match set to 1.
It then forwards the request for getting users to the LDAPUserFolder.
The API of LDAPUserFolder does not promise exact matches, and in this case it returned an "Admin"
user when I wanted an "admin" user.
I think it should check the ID after the query, or maybe change the API of LDAPUserFolder.
to be more exact.
Changed in products.ldapmultiplugins: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
assignee: | nobody → Jens Vagelpohl (jens-dataflake) |
Patrick, could you test the latest code from the SVN branch at http:// svn.dataflake. org/svn/ Products. LDAPMultiPlugin s/branches/ 1/ and let me know if it works for you? I have checked in a fix:
http:// svn.dataflake. org/viewvc? view=revision& revision= 1954