View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0003113 | mantisbt | security | public | 2003-04-09 09:03 | 2004-12-11 03:02 |
Reporter | karl | Assigned To | vboctor | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | i386 | OS | RedHat Linux | OS Version | 7.2 and 7.3 |
Product Version | 0.18.0a4 | ||||
Fixed in Version | 0.19.2 | ||||
Summary | 0003113: LDAP authentication failure | ||||
Description | Once an account is established in Matis and LDAP authentication is being used I can use a blank password to log in. It doesn't matter if a Mantis password is set or if an LDAP password is set or both. A valid password (either Mantis or LDAP) is also OK for successful login. | ||||
Steps To Reproduce |
| ||||
Additional Information | It's interesting to note that if I use any incorrect password I cannot login. | ||||
Tags | No tags attached. | ||||
After further research it appears that if LDAP is set up for anonymous access then a blank password will return TRUE. See the first user comment at http://www.php.net/manual/en/function.ldap-bind.php This is the work around I used (as I don't allow anonymous access to Mantis): *** ldap_api.php.orig Wed Apr 16 14:18:37 2003 * 124,129 **
|
|
For 0.19.0a1 I've solved the problem with this patch: *** ldap_api.php.orig Fri Jul 16 20:30:08 2004 * 99,104 **
|
|