Defect #5327

Auth source LDAP parameters being filled incorrectly

Added by Radek Antoniuk over 11 years ago. Updated over 10 years ago.

Status:ReopenedStart date:2010-04-15
Priority:LowDue date:
Assignee:Jean-Philippe Lang% Done:

0%

Category:UI
Target version:-
Resolution:Cant reproduce Affected version:

Description

if you go to the page of LDAP auth source configuration, the username/password fields are automatically pre-filled with current credentials.
which is wrong, because they are optional.

if you firstly define LDAP auth source (without user/pass).
then go again to edit the settings and click save (without clearing the username/password fields)
and then it fucks up the configuration because it saves my credentials for LDAP connection.

History

#1 Updated by Felix Schäfer over 11 years ago

  • Status changed from New to Closed
  • Resolution set to Cant reproduce

I cannot reproduce that, and I think you browser fills out these fields, as redmine doesn't save your password but only a hash of it (i.e. it couldn't fill the field with your actual password).

#2 Updated by Radek Antoniuk over 11 years ago

That might be the issue.
However it means, that the fields in that form should have different IDs than the one on the login form.
Because this way we have naming clashes.

#3 Updated by Felix Schäfer over 11 years ago

  • Category set to UI
  • Status changed from Closed to Reopened
  • Assignee set to Jean-Philippe Lang
  • Priority changed from Normal to Low

Well, I don't know what browser you are using, but I am using safari on mac, and I don't have problems even with autofill activated. The problem with changing the IDs is that the IDs are the names of the attributes of the objects at hand, and the user model and the LDAP_Auth model happen to share the attributes login and password.

I've set the assignee to jplang to see what his take is on the matter, but I suppose we won't change the IDs of the fields just to get around some funny-behaving browser, sorry.

#4 Updated by Thibault B over 10 years ago

Well I'm really sorry to reopen this issue but I'm experiencing the same weird behaviour on my Redmine 1.2.0 installs.

At first I also thought this was a browser-related behaviour (Firefox 4), but I tried with IE with the same results and I specially installed Chrome to verify.

In all cases if I leave the fields blank they get filled with the account login/password. I'm trying to connect to a LDAP server that requires authentication, let's say LDAP authenication is :

  • login MyDomain\MyID and password is MyPassword (password is 10 characters)
    and Redmine account is :
  • admin/admin (password is 5 characters)

if I put the LDAP login/password in the LDAP configuration page everything seems to be find, but after validation I can't connect. And if I come back on the page the login is still MyDomain\MyID but the LDAP password is 15 characters (10+5).

Whatever the browser I'm using, even browser where the redmine authentication is not stored I'm experiencing this issue.

I really can't figure out why, and really don't know how this could be browser-related.

Thank you very much,
thibault

#5 Updated by Thibault B over 10 years ago

Well, the 15 characters thing seems to be a hard-coded thing. Whatever the size of password you put in, if you open it afterwards the password is displayed by fifteen dots.

I'll keep on investigate on whatever can cause this issue if this can help anybody in the future.

#6 Updated by Thibault B over 10 years ago

Talked to fast, this is a browser-related issue.
The connection problem I'm experiencing is an environment-related issue.

Glad I didn't bother anyone. I'll leave it here as it might help someone.

Also available in: Atom PDF