Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CS12: LDAP Cannot Handle List Values for the "Mail:" Field #68

Closed
sean-horn opened this issue Jan 21, 2015 · 1 comment
Closed

CS12: LDAP Cannot Handle List Values for the "Mail:" Field #68

sean-horn opened this issue Jan 21, 2015 · 1 comment
Assignees
@stevendanna
Labels
Component: ldap Type: Bug Does not work as expected.

Comments

@sean-horn
Copy link
Contributor

  1. Attempt a login on an LDAP configured CS12 system with Manage as a valid user
  2. Login fails if LDAP user record mail: field is a list, and not a single string.

As a customer, I would like Chef Server 12 to handle list values for the "mail:" field in user records, as in

mail: ["[email protected]","[email protected]", "[email protected]"]

The code that handles the returned LDAP user record is
https://github.com/chef/oc_erchef/blob/95d80e2af0b143e66c111584ed4626db8cfa6663/apps/oc_chef_wm/src/oc_chef_wm_authn_ldap.erl#L189-L198

The EC11 LDAP module handled it by just taking the first entry found in the mail: list, every time https://github.com/opscode/mixlib-authorization/blob/master/lib/opscode/authentication/strategies/ldap.rb#L124-L137

Rebug Debugging On The Issue Shows

% 13:45:44 <0.3858.11>({mochiweb_acceptor,init,3}) 
% oc_chef_wm_authn_ldap:find_and_authenticate_user(<0.21883.11>, <<"USERNAME">>, <<"**********">>, [{host,"ldap.example.com"}, 
{port,389}, 
{timeout,60000}, 
{bind_dn,"cn=BINDUSER,ou=people,dc=exampe,dc=com"}, 

{bind_password,"******"}, 

{base_dn,"ou=people,dc=example,dc=com"}, 

{login_attribute,"uid"}, 
{encryption,none}])

% 13:45:44 <0.3858.11>({mochiweb_acceptor,init,3}) 
% oc_chef_wm_authn_ldap:find_and_authenticate_user/4 -> {error, 
{badmatch, 
["[email protected]", 
"[email protected]", 
"[email protected]"]}} 
redbug done, timeout - 1 
([email protected])3>
@sean-horn sean-horn added the bug label Jan 21, 2015
@sean-horn
Copy link
Contributor Author

ZenDesk 2151 contains all other information including example LDAP user record.

@sean-horn sean-horn changed the title CS12 LDAP Cannot Handle Duplicated Primary Fields or Array Value Fields CS12: LDAP Cannot Handle Duplicated Primary Fields or Array Value Fields Jan 21, 2015
@sean-horn sean-horn changed the title CS12: LDAP Cannot Handle Duplicated Primary Fields or Array Value Fields CS12: LDAP Cannot Handle List Values for the "Mail:" Field Jan 27, 2015
@sean-horn sean-horn mentioned this issue Jan 27, 2015
Closed
@stevendanna stevendanna self-assigned this Feb 2, 2015
stevendanna added a commit to chef-boneyard/oc_erchef that referenced this issue Feb 6, 2015
@stevendanna
Select first value of a given LDAP field.
c4cc1c0 
LDAP fields such as mail may be specified multiple times.  This
selects the first one.

Closes chef/chef-server#68
@stevendanna stevendanna mentioned this issue Feb 7, 2015
Merged
@tas50 tas50 added Type: Bug Does not work as expected. and removed bug labels Jan 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stevendanna stevendanna

Labels
Component: ldap Type: Bug Does not work as expected.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stevendanna @tas50 @sean-horn