Anonymous Login
2019-09-22 19:37 PDT

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001208Pending RequestsCore Infrastructurepublic2014-08-16 10:09
Reporterrickliu 
Assigned To 
PrioritynormalSeveritymajorReproducibilityalways
StatusnewResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0001208: User not able to login via LDAP if his contact has been import via LDAP
DescriptionI'm using commit f67360f9a3f6f65f7d025cbcb78661731637033c
for my test server.

After the clean installation
and immediately login as admin,
if I do "Import contacts from LDAP directory" first,
then those users (imported contacts) are not able to login.

The login page doesn't show any messages,
but just redirect back to the login page.

From MySQL database "users" table,
I can see new user account is created.
However,
if login as admin, and view "User Admin's Active Users",
I can't see the newly created users,
nor under "User Admins' Inactive Users".
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0002698

rickliu (reporter)

I did some further investigations:

If I import user's contacts via LDAP
(which add user record to "contacts" table in DB),
and the user never login to the system,

then I'm able to manually create user account through
"create a user" button under "edit contact" page of the user.
(which add user record to "users" table in DB and
matches "user_contact" to "contact_id" in "contacts" table).



However, in my case,
if I import user's contacts via LDAP,
(which add user record to "contacts" table in DB),
and the user login to the system before I manually create user account,

then the system still add user record to "users" table in DB,
but doesn't match "user_contact" to "contact_id" in "contacts" table.
(the "user_contact" field is 0)

If I edit this field directly in DB to match the "contact_id",
then the user is able to login the system and see the pages,
instead of be redirect back to login page without any error messages.

~0002702

caseydk (administrator)

So you've discovered the first piece in that the "Import contacts from LDAP" only creates *Contacts* and not Users, so they should not be able to log in.

It looks like the actual problem here is that you need a good way to be able to connect an existing User to an existing Contact. That would set the user_contact as you expect along with updating any other internal configuration.


Until that is created, please discourage your users from login into the system until you send them the welcome email. I don't know of a better work around at the moment.

~0002703

rickliu (reporter)

maybe in createsqluser function,
(web2project/classes/w2p/Authenticators/LDAP.class.php)
after pulling $ldap_attribs['mail'],
and before actually creating new user record $u->store(),
the system could attempt to search for matching emails.

However,
this should presume contacts table set "contact_email" field to be unique,
which should normally be the case.
Each email should only belong to a user.

Although some company might have group email,
(eg. multiple recipients for single emails)
I believe the current contact doesn't belong to category.
+Notes

-Issue History
Date Modified Username Field Change
2012-11-22 15:51 rickliu New Issue
2012-11-23 08:44 rickliu Note Added: 0002698
2012-11-23 12:24 caseydk Project v3.0 Release => Pending Requests
2012-11-23 12:28 caseydk Note Added: 0002702
2012-11-23 13:30 rickliu Note Added: 0002703
2014-08-16 10:09 caseydk Category General => Core Infrastructure
+Issue History