cross
New Foswiki release 2.1.6 is available with important security fixes.
Sourceforge foswiki email lists being discontinued. Subscribe to the new Foswiki announce and discuss lists at MailingLists
This question about LDAP: Task filed

Again: SecondaryPasswordManager and Registration

Hallo,

since i got no real answer on my last question topic, i hope that assigning the question to the LdapContrib support page gives it more attention by the author of the extension wink

I use Foswiki-1.0.5, Sat, 25 Apr 2009, build 3705, Plugin API version 2.0 with LdapContrib 3.1.0 from the debian repository. I switched on the LdapUserMapping, LdapPasswdUser, LdapApacheLogin and the Secondary PasswordManager is set to HtpasswdUser.

LDAP Accounts work fine, but there are problems with the SecondaryPasswordManager and .htpasswd users:
  1. When i enable TemplateLogin i can authenticate LDAP users, but the .htpasswd users get the message that they could not be authenticated. I had to switch to LdapApacheLogin with Basic LDAP auth and fallback to .htpasswd
    • Apache Log when i try to login a .htpasswd user:
      - LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/login/Main/WebHome
      - LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/login/Main/WebHome
    • nothing in foswiki log
  2. When i register an new .htpasswd user through the registration page the email adress is not written to the .htpasswd file nor to the user topic.
    • Apache Log:
      - LdapApacheLogin - new: Foswiki::LoginManager::LdapApacheLogin=HASH(0xabe2360) , referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
      - LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
      - LdapUserMapping - called login2cUID(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
      - LdapPasswdUser - called fetchPass(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
      - LdapUserMapping - called isGroup(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
      - LdapUserMapping - called login2cUID(AliBaba), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
      - LdapUserMapping - asking SUPER, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/UserRegistration
    • foswiki log
      | 2009-05-15T17:53:51Z info | admin | save | Main.WikiUsers | | 141.99.156.38 |
       | 2009-05-15T17:53:51Z info | RegistrationAgent | save | Main.AliBaba | | 141.99.156.38 |
       | 2009-05-15T17:54:01Z info | AliBaba | register | Main.AliBaba | timm.wunderlich@uni-siegen.de | 141.99.156.38 
      
  3. The password system tells me that it is read only
    • when i set the context passwords_modifyable in "sub readOnly" in LdapPasswdUser.pm i am allowed change the password of a .htpasswd user, but when i try to the system tells me that the old password is wrong
    • Apache Log
      - LdapApacheLogin - new: Foswiki::LoginManager::LdapApacheLogin=HASH(0x927f6c8) , referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapUserMapping - asking SUPER, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapApacheLogin - new: Foswiki::LoginManager::LdapApacheLogin=HASH(0xa0104a0) , referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapPasswdUser - secondaryImpl: Foswiki::Users::HtPasswdUser, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapUserMapping - asking SUPER, referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
      - LdapUserMapping - called login2cUID(HerbertTester), referer: http://foswiki.wineme.fb5.uni-siegen.de/cgi-bin/foswiki/view/System/ChangePassword
  4. Similar problem with ChangeEmail and ResetPassword
If somebody has any suggestions how to solve these problems it would give me a great pleasure.

Best regards,

Timm

I also have exactly the same problem. I need to authenticate staff against a large central (and basically inaccessible for updates) LDAP database, but also add local users for external collaborators, students etc.

This seems like the intent of SecondaryPasswordManager, but it seems that the implementation is broken.

-- LincolnTurner - 17 Jun 2009

Regarding the ResetPassword I understood from the task Item1701 that it is not supposed to work when authenticating via external systems. Maybe it is a missing feature. Using change password functionality via ldap will require write access there and can be enabled in the LdapContrib though that is probably known by you.

Maybe I have a similar issue but I do not have the requirement that the second password manager must work in parallel to ldap. In case of using ldap and .htpasswd in parallel then I understand that the login name must be different from any existing ldap login name. AFAI understood upon login only the ldap is querried unless the user doesn't exist there. However, upon registration an entry is created in the .htpasswd but I don't know how and if this entry will be kept in sync when the password changes on ldap e.g. via windows password change.

2 might be bug, so maybe open it as a task.

-- IngoKappler - 30 Jun 2009

We are finding that the secondary password manager is also not working. And we need it. Cheers.

-- MarcusLeonard - 18 Aug 2009

Yo. My main man Dennis has put our explanation and fix into the task: Foswiki:Tasks/Item8192. This basically makes the failover to internal password work.

-- MarcusLeonard - 20 Aug 2009

QuestionForm edit

Subject LDAP
Extension LdapContrib
Version
Status Task filed
Topic revision: r8 - 20 Aug 2009, MarcusLeonard - This page was cached on 20 Sep 2018 - 18:56.

The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy