https://www.redmine.org/https://www.redmine.org/favicon.ico?16793021292010-07-30T11:29:53ZRedmineRedmine - Defect #5545: Active Directory user account with a password {space} failed LDAP authenticationhttps://www.redmine.org/issues/5545?journal_id=188472010-07-30T11:29:53ZHansen Ler
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Resolved</i></li><li><strong>% Done</strong> changed from <i>0</i> to <i>100</i></li></ul><p>D:\redmine\app\models\auth_source_ldap.rb<br />under the function authenticate, change the password.blank? to password.nil?<br />i.e:</p>
<p>def authenticate(login, password)<br /> return nil if login.blank? || password.nil?</p>
<p>================<br />More Information
================<br />From <a class="external" href="http://api.rubyonrails.org/classes/Object.html">http://api.rubyonrails.org/classes/Object.html</a>,<br />blank?() - An object is blank if it‘s false, empty, or a whitespace string. For example, "", " ", nil, [], and {} are blank.</p>
<p>I wonder if it is alright to patch the redmine server or add as new functions. Anyways, that's the fix for now! Cheers!</p> Redmine - Defect #5545: Active Directory user account with a password {space} failed LDAP authenticationhttps://www.redmine.org/issues/5545?journal_id=188502010-07-30T11:56:46ZFelix Schäfer
<ul><li><strong>Status</strong> changed from <i>Resolved</i> to <i>New</i></li></ul><p>Thanks for the report and the possible fix, please don't set the status on "resolved" on redmine.org though, as this status is used for "committed to trunk but not in a release yet" issues.</p>
<p>The change seems sensible to me. Eric, I don't think you will want a patch for that, do you? ;-)</p> Redmine - Defect #5545: Active Directory user account with a password {space} failed LDAP authenticationhttps://www.redmine.org/issues/5545?journal_id=188572010-07-31T00:08:43ZEric Davis
<ul></ul><p>I'm not sure what you're asking for here. Do you want Redmine and it's LDAP to support users with an empty password?</p> Redmine - Defect #5545: Active Directory user account with a password {space} failed LDAP authenticationhttps://www.redmine.org/issues/5545?journal_id=188592010-07-31T09:40:39ZFelix Schäfer
<ul></ul><p>A space is not empty, though <code>String#blank?</code> will treat it as empty. The better thing to test for would a emptiness rather than blankness.</p> Redmine - Defect #5545: Active Directory user account with a password {space} failed LDAP authenticationhttps://www.redmine.org/issues/5545?journal_id=189492010-08-04T03:24:53ZHansen Ler
<ul></ul><p>For the latest Redmine v. 1.0.0, there is more than one password validation. That is in</p>
<p>redmine\app\models\auth_source_ldap.rb<br /><code>line 34: <br /> def authenticate(login, password)<br /> return nil if login.blank? || password.blank?<br /></code></p>
<p><a class="user active" href="https://www.redmine.org/users/52050">Line Bourdages</a> 95:
# Check if a DN (user record) authenticates with the password<br /> def authenticate_dn(dn, password)<br /> if dn.present? && password.present?<br />@</p>
<p>As the method .blank will remove white space and method .present = !blank, changing them to password.nil? at line 35 and !password.nil? at line 97 will allow single character {space} as the password.</p>
<p>Personally, I do think removing whitespaces for password is a good idea. This is because, for Microsoft LDAP, there is no enforcement to prevent spaces not to be used for leading or trailing. This maybe rare, but if a user did change it to this type, it's super hard to troubleshoot! Hence, .blank method may not be the best check.</p>
<p>That's the fix for now!</p> Redmine - Defect #5545: Active Directory user account with a password {space} failed LDAP authenticationhttps://www.redmine.org/issues/5545?journal_id=198822010-09-01T06:52:16ZHansen Ler
<ul></ul><p>This fix applies to version 1.0.1 as well</p>
<p>*Note: I cannot change the Affected version properties. Anyone can advise? <sup>_</sup></p>