View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002169 | SOGo | Web Calendar | public | 2013-01-09 19:49 | 2013-04-05 18:44 |
Reporter | ryacketta | Assigned To | |||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 2.0.3a | ||||
Fixed in Version | 2.0.5 | ||||
Summary | 0002169: Possible bug with session and LDAP filtering | ||||
Description | We use an LDAP attribute to grant/deny access to SOGo. When I set the attribute to disabled SOGo refuses my login as expected ldapsearch -x -LLL -h *** "(uid=useruid)" accountStatusCalendar As seen above, attribute is disabled and I can not login Jan 09 14:33:05 sogod [19916]: SOGoRootPage Login for user 'useruid' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 If I set the attribute to active I am allowed to login [root@server ~]# ldapsearch -x -LLL -h ** "(uid=useruid)" accountStatusCalendar Jan 09 14:35:29 sogod [19916]: SOGoRootPage successful login for user 'useruid' - expire = -1 grace = -1 Now the kicker, I log out and set the attribute to disabled and yet SOGo will allow me to login until I run sogo-tool to expire sessions. [root@server ~]# ldapsearch -x -LLL -h ** "(uid=useruid)" accountStatusCalendar Jan 09 14:36:01 sogod [19920]: SOGoRootPage successful login for user 'useruid' - expire = -1 grace = -1 /usr/sbin/sogo-tool expire-sessions 1 Jan 09 14:45:54 sogod [20820]: SOGoRootPage Login for user 'useruid' might not have worked - password policy: 65535 grace: -1 expire: -1 bound: 0 | ||||
Additional Information | filter settings in SOGo.conf authenticationFilter = "(accountStatusCalendar=active)"; If I am not mistaken authenticationFilter is only used for MySQL logins and can / should be removed. The same filter used in SOGo.conf works for ldapsearch as well ldapsearch -x -LLL -h * "(accountStatusCalendar=active)" uid dn: uid=useruid,ou=**,o=***** | ||||
Tags | No tags attached. | ||||
A fix should be in the next nightly build: |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2013-01-09 19:49 | ryacketta | New Issue | |
2013-01-09 19:52 | ludovic | Status | new => assigned |
2013-01-09 19:52 | ludovic | Assigned To | => jraby |
2013-02-05 17:11 |
|
Note Added: 0005338 | |
2013-02-05 19:37 |
|
Status | assigned => feedback |
2013-02-05 19:37 |
|
Fixed in Version | => 2.0.5 |
2013-02-05 19:37 |
|
View Status | private => public |
2013-02-05 19:37 |
|
Description Updated | |
2013-02-05 19:37 |
|
Additional Information Updated | |
2013-02-05 19:57 |
|
Description Updated | |
2013-03-06 14:11 |
|
Relationship added | has duplicate 0002263 |
2013-03-07 13:42 | francis | Relationship added | parent of 0001719 |
2013-04-05 18:43 | ludovic | Status | feedback => closed |
2013-04-05 18:44 | ludovic | Resolution | open => fixed |