Assumption of DN doesn't work for large organizations.

Bug #363178 reported by Ash
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
repoze.who LDAP plugin
Fix Committed
High
Gustavo Narea

Bug Description

In some large organizations, the DN for a user cannot be predicted. Therefor it is common in many (most?) LDAP plugins to instead do a search for the user instead.

The attached patch shows one way of doing so. For release though, you'll probably want to make this an optional behavior based on a keyword arg when creating the Authentication plugin.

Revision history for this message
Ash (dragonpaw) wrote :
Revision history for this message
Ash (dragonpaw) wrote :

As an added bonus, the provided patch searches for the user by either email address or uid, choosing intelligently which to use based on the presence of an '@' in the login. This would seem to resolve the blueprint you have on this project for the IIdentifier plugin. (By making it unnecessary.)

Alternatively, you could just lift the search code from here to create your IIdentifier plugin.

Revision history for this message
Gustavo Narea (gnarea) wrote :

Hello, dragonpaw.

First of all, thank you very much for taking the time to report this bug and writing a patch. I apologize for the long delay to respond you.

I'll be reviewing and applying it soon.

Cheers.

Changed in repoze.who.plugins.ldap:
assignee: nobody → Gustavo Narea (gnarea)
importance: Undecided → High
milestone: none → 1.1
status: New → Confirmed
summary: - Assumption of DN doesn't work for large orginizations.
+ Assumption of DN doesn't work for large organizations.
Revision history for this message
Gustavo Narea (gnarea) wrote :

I'm sorry for the long delay. This has been committed to the following branch which is going to be released this week:
https://code.launchpad.net/~gnarea/repoze.who.plugins.ldap/1.1proposal

Changed in repoze.who.plugins.ldap:
status: Confirmed → Fix Committed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.