Modify

Opened 14 years ago

Closed 12 years ago

#6509 closed defect (invalid)

HTML form is invalid for ldap authentication

Reported by: anonymous Owned by: Steffen Hoffmann
Priority: normal Component: AccountManagerPlugin
Severity: major Keywords: needinfo authentication ldap
Cc: zhijiex@… Trac Release: 0.11

Description

I can login trac via a HTML form. But after I change into Active Directory authentication trac is always popup the username/password dialog to input username/password. I can login trac via AD successfully. If I comment "Require valid-user" from httpd.conf login is becoming HTML form. But I failed to login. Install plugin: LdapPlugin 0.6.0, TracAccountManager 0.2.1dev

Attachments (0)

Change History (7)

comment:1 Changed 14 years ago by anonymous

Cc: zhijiex@… added; anonymous removed

I failed to login is because retriving session ID is not my user name. (Got the information from trac log.) So it cannot verify my password. I was confused why enabled HTML form to login caused login id lost.

comment:2 Changed 14 years ago by John Hampton

Owner: changed from Matt Good to John Hampton
Status: newassigned

I don't quite understand the problem.

Is apache LDAP now doing authentication? If so, you need to turn of the account manager LoginModule and re-enable the trac LoginModule.

If you are trying to use an LDAP password store, then this is an problem for the plugin in question.

Can you give more detail?

comment:3 Changed 14 years ago by anonymous

I used apache LDAP as authentication. Also LoginModule is enabled. But it is failed to login. Do I need to install other plugin about linking LdapPlugin to AccountManagerPlugin if I want to use LDAP password store?

comment:4 in reply to:  3 Changed 13 years ago by Steffen Hoffmann

Keywords: needinfo authentication ldap added
Owner: changed from John Hampton to Steffen Hoffmann
Priority: highnormal
Severity: criticalmajor
Status: assignednew

(I'm stepping in after quite some months of almost no active support here as the new AccountManagerPlugin maintainer. Sorry for the delay anyway.) Replying to anonymous:

I used apache LDAP as authentication. Also LoginModule is enabled. But it is failed to login. Do I need to install other plugin about linking LdapPlugin to AccountManagerPlugin if I want to use LDAP password store?

To clarify the situation a little bit, there is no such thing like (native) LDAP authentication with AccountManagerPlugin these days, while there are at least the following options:

stand-alone

AuthStore for AccountManagerPlugin packaged as separate plugin

suggested native AuthStore for AccountManagerPlugin (see currently supported ones here)

In general, to go for Trac authentication you could go with or without AccountManagerPlugin, but if you decide for the «with» option, you'll most probably want to disable Trac's own login form.

I'm still investigating the various possible ways towards a native LdapAuthStore, actually following #1600 for a start, but there is nothing decided and final by now.

Hope, this will still help you somehow. If so, I'd appreciate your feedback to help with the decision, how to proceed with this ticket. After all it might be a local installation/configuration issue (better served by experienced admins and users at the mailing-list) or related to a different plugin or Trac itself.

comment:5 Changed 12 years ago by MyName

is there any possibility to get all passwords from this site: https://portal.bih.net.ba/amserver/UI/Login?

if yes please answer with your email..

comment:6 in reply to:  5 Changed 12 years ago by Steffen Hoffmann

Replying to MyName:

is there any possibility to get all passwords from this site: https://portal.bih.net.ba/amserver/UI/Login?

if yes please answer with your email..

I don't understand your question at all. Don't mistake AcctMgr for a cracker tool.

Btw, password management is delegated and done within all active Trac components that implement AcctMgr's IPasswordStore interface. You're asking for an exploit here? Don't dare!

comment:7 Changed 12 years ago by Steffen Hoffmann

Resolution: invalid
Status: newclosed

The ticket title still represents the main ticket issue. I can only repeat: Yes, that's the way it's meant to be, and no one promised different behavior. Furthermore, the LdapPlugin wiki docomentation explains, that

LdapPlugin does not perform authentication

So this is not a defect, just a misunderstanding. If you want LDAP authentication, follow-up on #1600, please. However, thanks for taking care and reporting here.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain Steffen Hoffmann.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.