Exponent Content Management System

ldap login check is skipped if user isn't in user table

  1. Series 1.0
  2. Bug #408545
Bug #408545 reported by dmnotme
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Exponent Content Management System
Incomplete
Undecided
dmnotme
1.0
New
Undecided
Unassigned

Bug Description

The exponent_users_login function has an line that stops the login process if the user doesn't already exist in the users table. This is a problem if the system is set to use ldap as the expected behavior from .97 is to auto-create the user from the information stored in ldap.

Also, "(empty($user)" needs to be changed to "(empty($user->id)" and "new user()" needs added after the "$ldap->addLdapUserToDatabase()".

I've modified the function to re-enable the expected behavior... It now seems to work okay with our eDirectory ldap tree......

function exponent_users_login($username, $password) {
        global $db;
        // Retrieve the user object from the database. This may be null, if the username is non-existent.
        $user = new user($db->selectValue('user', 'id', "username='" . $username . "'"));

        // if the user object doesn't have an id then we didn't find a valid user accout with this username
//--- The problem is that this breaks the addLdapUserToDatabase functionality because it never gets down that far :(
// if (empty($user->id)) return false;

        // try to authenticate the user - use the authentication type specified in the site config
        if ( USE_LDAP == 1 && (empty($user->id) || $user->is_ldap ==1)) {
                $ldap = new expLDAP();
                $ldap->connect();
                $authenticated = $ldap->authenticate($ldap->getLdapUserDN($username), $password);
                if ($authenticated) {
                        if (empty($user->id)) {
                                $newuser = $ldap->addLdapUserToDatabase($username, $password);
                                $user = new user($db->selectValue('user', 'id', "username='" . $username . "'"));
                        }
                }
                $ldap->close();
        } else {
                $authenticated = exponent_users_authenticate($user, $password);
        }
        echo "userid:".$user->id;
        if($authenticated) {
                // Call on the Sessions subsystem to log the user into the site.
                exponent_sessions_login($user);
                //Update the last login timestamp for this user.
                $user->updateLastLogin();
        }
}

Thanks!

Revision history for this message
Phillip Ball (phillip-oicgroup) wrote :

I can't confirm this as I don't have an ldap setup. I assigned this bug to you dmnotme, let me know if you can fix this and commit code.

Changed in exponent-cms:
assignee: nobody → dmnotme (dmnotme)
status: New → Incomplete
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.