This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
Fixed
FS#2260 Rincewind RC2 LDAP authentication fail
ACL & Authentication
-
2011-05-16 seanhansell
Greetings,
I have an instance of DokuWiki running "Anteater". I have it authenticating against our corporate Active Directory without issue. Last week, I upgraded from Anteater directly to Rincewind RC2, and while I was able to authenticate successfully, after a few minutes of working in the wiki, my directory account would become locked.
For reference, our Active Directory security implementation allows 3 bad password attempts before locking an account for one hour. Something in the way Rincewind RC2 maintains its authentication is causing these bad authentications to happen, and locking out the account of anyone who logs onto the wiki.
I apologize as my ability to troubleshoot this is limited to my observation of the symptoms, but I cannot tie this to any existing known bug. I thank you for your patience and look forward to your response.
Regards,
-Sean Hansell
JWT -
2011-05-23 Michitux
The problem is, that the password is no longer stored in the session (even not encrypted, just the sha1sum) but the LDAP backend tries to use this sha1sum as (encrypted) password and decrypts and sends it, which is of course incorrect. I've tried to use the login cookie instead of the session in the attached patch in the same way as it is used in the normal authentication process. I've no LDAP setup in order to test this. Maybe you can test this, maybe Adrian Lang can test it, too. -
2011-05-24 adrianlang
in 76388d5c
