Subscriber Classes: Allow for Active Directory / Kerberos usernames
|Reported by:||Rich||Owned by:||hasienda|
|Severity:||critical||Keywords:||user resolver Kerberos ActiveDirectory LDAP|
|Cc:||rjollos, doki_pen||Trac Release:||0.12|
At present there's a simple test against the sid of the user, for example:
if re.match(r'^[^@]+@.+', ticket['reporter']): sid, auth, addr = None, 0, ticket['reporter'] else: sid, auth, addr = ticket['reporter'], 1, None
This means that any users with a sid like user@… get treated from this point forwards as unauthenticated.
This has disastrous consequences e.g. their email address (in session_attribute) can never be retrieved as the where clause contains 'authenticated = 0'!
Change History (3)
comment:3 Changed 4 years ago by hasienda
- Cc rjollos doki_pen added; anonymous removed
- Keywords user resolver Kerberos ActiveDirectory LDAP added
- Owner changed from doki_pen to hasienda
- Priority changed from high to normal
- Summary changed from Subscriber Classes : Allow for Active Directory / Kerberos usernames to Subscriber Classes: Allow for Active Directory / Kerberos usernames