Again: SecondaryPasswordManager and Registration

Hallo,

since i got no real answer on my last question topic, i hope that assigning the question to the LdapContrib support page gives it more attention by the author of the extension

I use Foswiki-1.0.5, Sat, 25 Apr 2009, build 3705, Plugin API version 2.0 with LdapContrib 3.1.0 from the debian repository. I switched on the LdapUserMapping, LdapPasswdUser, LdapApacheLogin and the Secondary PasswordManager is set to HtpasswdUser.

LDAP Accounts work fine, but there are problems with the SecondaryPasswordManager and .htpasswd users:

When i enable TemplateLogin i can authenticate LDAP users, but the .htpasswd users get the message that they could not be authenticated. I had to switch to LdapApacheLogin with Basic LDAP auth and fallback to .htpasswd

Apache Log when i try to login a .htpasswd user:

- LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/login/Main/WebHome
- LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/login/Main/WebHome

nothing in foswiki log

When i register an new .htpasswd user through the registration page the email adress is not written to the .htpasswd file nor to the user topic.

Apache Log:

- LdapApacheLogin - new: Foswiki::LoginManager::LdapApacheLogin=HASH(0xabe2360) , referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
- LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
- LdapUserMapping - called login2cUID(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
- LdapPasswdUser - called fetchPass(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
- LdapUserMapping - called isGroup(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
- LdapUserMapping - called login2cUID(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
- LdapUserMapping - asking SUPER, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration

foswiki log

| 2009-05-15T17:53:51Z info | admin | save | Main.WikiUsers | | 141.99.156.38 |
 | 2009-05-15T17:53:51Z info | RegistrationAgent | save | Main.AliBaba | | 141.99.156.38 |
 | 2009-05-15T17:54:01Z info | AliBaba | register | Main.AliBaba | timm.wunderlich@uni-siegen.de | 141.99.156.38

The password system tells me that it is read only

when i set the context passwords_modifyable in "sub readOnly" in LdapPasswdUser.pm i am allowed change the password of a .htpasswd user, but when i try to the system tells me that the old password is wrong

Apache Log

- LdapApacheLogin - new: Foswiki::LoginManager::LdapApacheLogin=HASH(0x927f6c8) , referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapUserMapping - asking SUPER, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapApacheLogin - new: Foswiki::LoginManager::LdapApacheLogin=HASH(0xa0104a0) , referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapUserMapping - asking SUPER, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
- LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword

Similar problem with ChangeEmail and ResetPassword

If somebody has any suggestions how to solve these problems it would give me a great pleasure.

Best regards,

Timm

I also have exactly the same problem. I need to authenticate staff against a large central (and basically inaccessible for updates) LDAP database, but also add local users for external collaborators, students etc.

This seems like the intent of SecondaryPasswordManager, but it seems that the implementation is broken.

-- LincolnTurner - 17 Jun 2009

Regarding the ResetPassword I understood from the task Item1701 that it is not supposed to work when authenticating via external systems. Maybe it is a missing feature. Using change password functionality via ldap will require write access there and can be enabled in the LdapContrib though that is probably known by you.

Maybe I have a similar issue but I do not have the requirement that the second password manager must work in parallel to ldap. In case of using ldap and .htpasswd in parallel then I understand that the login name must be different from any existing ldap login name. AFAI understood upon login only the ldap is querried unless the user doesn't exist there. However, upon registration an entry is created in the .htpasswd but I don't know how and if this entry will be kept in sync when the password changes on ldap e.g. via windows password change.

2 might be bug, so maybe open it as a task.

-- IngoKappler - 30 Jun 2009

We are finding that the secondary password manager is also not working. And we need it. Cheers.

-- MarcusLeonard - 18 Aug 2009

Yo. My main man Dennis has put our explanation and fix into the task: Foswiki:Tasks/Item8192. This basically makes the failover to internal password work.

-- MarcusLeonard - 20 Aug 2009