LDAP account set up should not require internal password to be set
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned | ||
19.04 |
Fix Released
|
High
|
Unassigned | ||
19.10 |
Fix Released
|
High
|
Unassigned |
Bug Description
Reported at https:/
When an LDAP user tries to log in via Mahara Mobile, they can't as Mahara requires an internal Mahara password to be set even though it will then be ignored as LDAP is used (see error message below).
When LDAP accounts are set up, they should not require an internal Mahara password as it will be ignored since LDAP is going to be used.
Report:
My environment:
Mahara 18.10
mobile app 1.4.1
1. Authentication plugin
The institution has LDAP authentication plugin and Internal auth.
2. Add user from
a user is added by admin from "Adimn menu" -> Users -> Add user
The password can be anythin here, because users use LDAP password on login time.
3. Login
Though the new user can login from Web interface, hi can not login by mobile app. At this time, I found server logs below.
----
AH01071: Got error 'PHP message: [WAR] 38
(snip)
WebserviceExcep
----
Though the mobile app does not show error messeges, Mahara server seems to be requesting user to change password.
3. change password
By admin, change authentication plugin from LDAP to Internal, and change password once. the password can be anythin. The password has to be change once. Then return authentication plugin from Internal to LDAP.
4. Login from mobile app
We can login from mobile app.
5. Othre solution
Admin can add user by CSV "Adimn menu" -> Users -> "Add user by CSV". At that time, Turn off the option "Force password change" option. Then users do not be required to chage password at first login, so mobile app can login.
This is also a problem with user created with SAML external auth as well - we shouldn't set the passwordchange flag for these users