OCS Inventory: OCSReports

if using web-server authentification runs infinitive loop

Bug #936795 reported by Naumov Evgeny
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OCS Inventory: OCSReports
Invalid
Medium
Erwan

Bug Description

i setup ocs server (2.0.4.0) on linux box (ubuntu server 10.04). configured apache to check user in windows AD + group membership (mod_auth_kerb for user and mod_authnz_ldap for group).
configured ocs gui settings in LDAP tab. when tries to togin - run in infinite loop of "http 401" from apache and sending auth from browser.
i tested - auth by web-server correct.
i think problem is in file "ocsinventory-reports/ocsreports/backend/AUTH/auth.php" at line 56.

this fragment:
 }elseif($affich_method == 'SSO' and isset($_SERVER['HTTP_AUTH_USER'])){
  $login=$_SERVER['HTTP_AUTH_USER'];
  $mdp='NO_PASSWD';
 }

should look like this:
 }elseif($affich_method == 'SSO' and (isset($_SERVER['HTTP_AUTH_USER']) || isset($_SERVER['REMOTE_USER']))){
  $login=$_SERVER['HTTP_AUTH_USER'];
  $mdp='NO_PASSWD';
 }

after first browser request to apache i had variables $_SERVER['REMOTE_USER'] and $_SERVER['PHP_AUTH_USER'] filled by user login with domain part like "<email address hidden>" (fresh versions of mod_auth_kerb car strip domain part with option KrbLocalUserMapping)

this fix allowed me to login transparently to ocsreports interface with windows domain login without typing it.

Frank (frank-bourdeau)
Changed in ocsinventory-ocsreports:
importance: Undecided → Medium
Revision history for this message
Naumov Evgeny (nauevg) wrote :

sorry for my hurry. browser cache make me wrong.
transparent login - i'm working on it.
HTML form works fine
as for loop, checked my variables. after web-server authentification over ldap - i have REMOTE_USER and PHP_AUTH_USER, but don't have HTTP_AUTH_USER, as used in SSO section in mentioned upper file auth.php.

in transparent scheme i see only error about not defined roles.

i'll check more and post here

Revision history for this message
Naumov Evgeny (nauevg) wrote :

i get transparent auth from apache, but stuck with error "NO TAG AFFECTEID TO YOUR PROFILE". msg text index 893 in language file. error generated in ocsreports/require/html_header.php at line 162.
what does this error mean?

Revision history for this message
Erwan (airoine) wrote :

please, use forum for your question.

Changed in ocsinventory-ocsreports:
status: New → Invalid
assignee: nobody → Erwan (airoine)
Revision history for this message
Naumov Evgeny (nauevg) wrote :

to fix infinitive loop with SSO i placed check to 3-rd position, and "not HTML" to the end of if {} elseif block (see attached file)
after, as i mentioned, i get error about some kind of TAG.

Revision history for this message
Naumov Evgeny (nauevg) wrote :

sorry, here is file

Revision history for this message
Naumov Evgeny (nauevg) wrote :

i found the reason of "NO TAG AFFECTEID TO YOUR PROFILE". it is not clear to find out ))

now i have transparent login for user from windows AD domain.
fix for order of $affich_method checks is needed. otherwise we have infinitive loop, because user login is in PHP_AUTH_USER but no password for it. i think the use of REMOTE_USER is right.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.