Subscriber Classes: Allow for Active Directory / Kerberos usernames
|Reported by:||Rich||Owned by:|
|Severity:||critical||Keywords:||user resolver Kerberos ActiveDirectory LDAP|
|Cc:||Ryan J Ollos, Robert Corsaro||Trac Release:||0.12|
At present there's a simple test against the sid of the user, for example:
if re.match(r'^[^@]+@.+', ticket['reporter']): sid, auth, addr = None, 0, ticket['reporter'] else: sid, auth, addr = ticket['reporter'], 1, None
This means that any users with a sid like user@… get treated from this point forwards as unauthenticated.
This has disastrous consequences e.g. their email address (in session_attribute) can never be retrieved as the where clause contains 'authenticated = 0'!
Change History (5)
comment:3 Changed 5 years ago by
|Cc:||Ryan J Ollos Robert Corsaro added; anonymous removed|
|Keywords:||user resolver Kerberos ActiveDirectory LDAP added|
|Owner:||changed from Robert Corsaro to Steffen Hoffmann|
|Priority:||high → normal|
|Summary:||Subscriber Classes : Allow for Active Directory / Kerberos usernames → Subscriber Classes: Allow for Active Directory / Kerberos usernames|