Defect #4189

Users who change their password when authenticating via ldap cannot log in

Added by jacob briggs over 11 years ago. Updated over 11 years ago.

Status:ClosedStart date:2009-11-09
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:Invalid Affected version:

Description

Users who change their password when authenticating via ldap cannot log in. To recreate this, follow these steps :

1: Create new user in LDAP, and give them a password. I used "foo"
2: Log in to redmine. Observe that the log in is successful.
3: Log out of redmine
4: Change the users password in LDAP. I used (predictably) "bar"
5: Log in to redmine. Observe a page which looks like :

Internal error

An error occurred on the page you were trying to access.
If you continue to experience problems please contact your redMine administrator for assistance.

Back

For extra credit, you can try to log in with the wrong password. You will get an "Invalid user or password" message. This, and tcpdump, tells me that the password is being checked against LDAP everytime.

History

#1 Updated by Vinod Singh over 11 years ago

We are also using Redmine where authentication is handled by LDAP (Active Directory) and never faced this problem.

#2 Updated by Felix Schäfer over 11 years ago

Can't reproduce either with authentication against OpenLDAP.

#3 Updated by jacob briggs over 11 years ago

This may be a problem with a plug in. I tried to make the user this issue was happening with an admin, and got the same error.

It looks like the root cause is that users.last_login_on is NULL, but there is a trigger on that table which fires on update. The trigger try's to

insert into login_history (user_id, login, new_login) values (old.id, old.last_login_on, new.last_login_on);

but the field login_history.login cannot have NULLS, so the update fails.

Someone on #redmine said it was a bug I should file, so I did, but now I feel I jumped the gun....

#4 Updated by Jean-Philippe Lang over 11 years ago

Please read SubmittingBugs.

#5 Updated by jacob briggs over 11 years ago

  • Status changed from New to Resolved

Jean-Philippe Lang wrote:

Please read SubmittingBugs.

I did before I submitted the bug. It turns out that the person I inherited out install of redmine off had changed some things which caused this issue, but hadn't told me about it. Now I look like an idiot in public.

When the person on IRC advised me to log a bug about it, I didn't think they were Joe Random User - I thought that they thought that I had found something that fit all criteria for bug filing.

So yeah, sorry about wasting everyone's time, the previous admin will be getting an earful.

#6 Updated by Jean-Philippe Lang over 11 years ago

  • Status changed from Resolved to Closed
  • Resolution set to Invalid

#7 Updated by Eric Davis over 11 years ago

jacob briggs wrote:

When the person on IRC advised me to log a bug about it, I didn't think they were Joe Random User - I thought that they thought that I had found something that fit all criteria for bug filing.

That was probably me. I had him file a bug report because no one in #redmine could figure out what the problem was and we needed to get some feedback from some other users who where using LDAP. Sorry for the confusion.

Also available in: Atom PDF