| Subject: | multiple uid attributes cause role lookups to fail |
| Date: | Fri, 13 Nov 2009 09:51:15 -0600 (CST) |
| To: | bug-Catalyst-Authentication-Store-LDAP [...] rt.cpan.org |
| From: | "James S. White" <whitejs [...] jameswhite.org> |
If a user has something like:
dn: uid=whitejs,ou=People,[% LDAP_BASEDN %]
...
uid: whitejs
uid: james
...
in their ldap entry, then role lookups fail
in the case of
user_basedn: 'ou=People,[% LDAP_BASEDN %]'
user_filter: (&(objectClass=posixAccount)(uid=%s))
user_scope: one
user_field: uid
user_search_options:
deref: always
use_roles: 1
role_basedn: 'ou=Sets,[% LDAP_BASEDN %]'
role_filter: (&(objectClass=groupOfUniqueNames)(uniqueMember=%s))
role_scope: one
role_field: cn
role_value: dn
role_search_options:
deref: always
role_search_as_user: 0
the first role lookup will succeed but all subsequent ones error with " Store claimed to have a restorable user, but restoration failed. Did you change the user's id_field?"
in the case of
user_basedn: 'ou=People,[% LDAP_BASEDN %]'
user_filter: (&(objectClass=posixAccount)(uid=%s))
user_scope: one
user_field: uid
user_search_options:
deref: always
use_roles: 1
role_basedn: 'ou=Group,[% LDAP_BASEDN %]'
role_filter: (&(objectClass=posixGroup)(uid=%s))
role_scope: one
role_field: cn
role_value: dn
role_search_options:
deref: always
role_search_as_user: 0
All role lookups are denied.