LDAP "Just For Auth"

Daniel_Henninger · May 1, 2006, 3:17pm

Hi Folk! I was wondering if there would be an easy way to implement NOT having to enter a password for creating a new user when LDAP auth is used? Obviously the password isn’‘t going to be used (or is it???), so I’'m basically having to type it in for nothing. =) Just a minor thing obviously.

jeff_garner · May 1, 2006, 3:27pm

Is this an existing user in an existing LDAP db?

Daniel_Henninger · May 1, 2006, 5:46pm

Yes, it is.

Daniel_Henninger · May 1, 2006, 5:47pm

And note that I do not want to use the “simply query LDAP for list of users” functionality or else I’'m left with far more people on the server than I want, or having to reinvent aspects of our LDAP service.

Daniel_Henninger · May 1, 2006, 6:00pm

Interesting… apparantly if you have LDAP auth enabled, both the person’'s LDAP password, and their ‘‘local password’’ work. =( Definitely not what I was after either. Am I missing a config option?

Timothy_Collett · May 1, 2006, 8:52pm

Really? That’'s not what I see…

I’'ve got my wildfire.xml set up with LdapAuthProvider, but everything else coming through a DefaultProvider, and when I (just now) tested using the local password, it told me it was invalid. Everyone logs in just fine using their LDAP passwords.

Timothy Collett

Daniel_Henninger · May 1, 2006, 8:59pm

Just to clarify, when I say local password, I mean:

Before setting up LDAP, I had created some accounts, lets say account “daniel”… after stopping the server and configuring it for LDAP, and starting back up, I was able to log in using both my LDAP and the password I had set manually before.

So basically =D Are we talking about the same local password?

Timothy_Collett · May 2, 2006, 12:43pm

Yep. My “local password” is the password set through the Wildfire admin console.

I set the local password for one of my users to “testing”, tried to log in with that password, and it told me I had an invalid username or password. Then I logged right back in with the LDAP password.

Timothy Collett

Daniel_Henninger · May 2, 2006, 5:35pm

Hrm, well that’'s very bizarre. =( I wonder why it “likes” me?

Daniel_Henninger · September 11, 2006, 12:43pm

Any word on this?

Alvaro_R · September 11, 2006, 11:29pm

my guess would be that you have 2 different users with the same login… have you tried to modify the profile (say add a user from gmail) log out, and login with the other password to see if the user is there ?

Message was edited by: alvarow - fixed a typo

Daniel_Henninger · September 12, 2006, 12:42am

Well for all practical purposes I do, but what I was saying is that’'s part of the issue.

Here’'s the situation. Lets say I want to use LDAP for authentication only, but want to manually populate my list of users.

First off, I have to enter a password for each and every user. Ideally that wouldn’'t be required. But none-the-less, lets say I enter some silly default like “nopassword” for all of the users. Now, since I have it set up for LDAP auth against my LDAP service, all of the users can log in with their LDAP passwords. HOWEVER, they can also log in with their local “nopassword” password. The main issues I was having was:

If using LDAP auth, shouldn’'t allow local auth as an option.
Ideally, if using LDAP auth, shouldn’'t even have to enter a password. Could say Password: (disabled because LDAP used for authentication)

I got around the issue via other means, but I think the issue still exists. Haven’'t tested it recently. =)