0010737: LDAP auth always fails

ID	Project	Category	View Status	Date Submitted	Last Update
0010737	mantisbt	ldap	public	2009-07-16 08:47	2009-10-07 14:19

Reporter	psnoblin	Assigned To	vboctor
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	git trunk
Target Version	1.2.0rc2

Summary	0010737: LDAP auth always fails
Description	While the most recent change allowing LDAP auth to create accounts is, in fact, awesome, it does have a slight bug, in that logins always fail.
Steps To Reproduce	Configure Mantis to use a true LDAP server (NOT the simulation package). Attempt to login (the issue occurs regardless of whether or not the account already exists.) Fail.
Additional Information	When building the LDAP query string, on line 269 of core/ldap_api.php, the variable '$t_username' is used, without ever having been defined. Simply changing it to '$p_username' fixed the issue, although I suspect that using an unvetted value is not the optimal solution.
Tags	patch

vboctor 2009-07-19 20:19 manager ~0022530	The typo is now fixed. Added LDAP string escaping, although it is not required in the default configuration since by default user names are not allowed to include *, ( and ). This is fixed in master-1.2.x and master. I haven't set fixed-in-version since this was recently introduced and hence no need to make it appear in the changelog.

vboctor 2009-07-19 20:31 manager ~0022531	@psnoblin, can you please confirm if this fixes the problem for you. Thanks.

psnoblin 2009-07-20 08:09 reporter ~0022533	This does indeed fix the issue. Thanks!

vboctor 2009-07-20 08:24 manager ~0022534	Thanks @psnoblin.

MantisBT: master-1.2.x 4d0a1d78 2009-07-19 20:15 vboctor Details Diff	Fixes 0010737: LDAP auth always fails.	Affected Issues 0010737
	mod - core/ldap_api.php	Diff File
MantisBT: master cce78bda 2009-07-19 20:15 vboctor Details Diff	Fixes 0010737: LDAP auth always fails.	Affected Issues 0010737
	mod - core/ldap_api.php	Diff File