Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0007833TestLinkLDAP authenticationpublic2017-01-30 14:432017-01-31 09:45
Reportertjosephine 
Assigned Tofman 
PriorityhighSeveritymajorReproducibilityalways
StatusassignedResolutionopen 
PlatformAny platformOSOS Version
Product Version1.9.15 (2015 Q4) 
Fixed in Version 
Summary0007833: LDAP users can log in TestLink with any non-emptystring password
DescriptionWe have setup LDAP authentication for users.

In new version 1.9.15, we are able to login successfully in TestLink by providing any string as password.

I can reproduce this issue on all my TestLink installations running 1.9.15.
The 1.9.14 installation has no issue.

Thanks in advance for providing help or support
Steps To ReproduceHave a TestLink installation 1.9.15 with LDAP authentication for users.

- select TestLink url
- Provide user name as usual
- provide any password, for ex. "az"
- Click on LOGIN
- Login successful: TestLink displays the index.php menu
Additional InformationNo issue in 1.9.14
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
BrowserChrome v.51
PHP Version5.6.14
TestCaseID
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
(0025943)
fman (administrator)
2017-01-30 17:02

1) get latest stable code (1.9.16), do fresh install, retest and provide feedback
2) please provided detailed steps to reproduce
(0025944)
tjosephine (reporter)
2017-01-30 21:05

I tested with latest code 1.9.16 and was not able to login successfully in TestLink until I realize the setting for LDAP has changed.

[TestLink 1.9.16] in config.inc.php:
$tlCfg->authentication['ldap'] = array();
$tlCfg->authentication['ldap'][1]['ldap_server'] = 'localhost';
$tlCfg->authentication['ldap'][1]['ldap_port'] = '389';
$tlCfg->authentication['ldap'][1]['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap'][1]['ldap_root_dn'] = 'dc=mycompany,dc=com';
$tlCfg->authentication['ldap'][1]['ldap_bind_dn'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap'][1]['ldap_bind_passwd'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap'][1]['ldap_tls'] = false; // true -> use tls

[TestLink 1.9.15] in config.inc.php:
$tlCfg->authentication['ldap_server'] = 'localhost';
$tlCfg->authentication['ldap_port'] = '389';
$tlCfg->authentication['ldap_version'] = '3'; // could be '2' in some cases
$tlCfg->authentication['ldap_root_dn'] = 'dc=mycompany,dc=com';
$tlCfg->authentication['ldap_bind_dn'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_bind_passwd'] = ''; // Left empty for anonymous LDAP binding
$tlCfg->authentication['ldap_tls'] = false; // true -> use tls

After updating my custom_config.inc.php with the new changes by adding ['ldap'][1] everywhere, the user authentication was successful.

Did I miss something? Is there an indication in the forum to use the new authentication['ldap'] = array() for TestLink 1.9.15? because I am confused now.

Thanks
(0025945)
fman (administrator)
2017-01-31 09:45

my fault this implementation has not been communicated in the right way.
What you have done is OK. GOOD!!

- Issue History
Date Modified Username Field Change
2017-01-30 14:43 tjosephine New Issue
2017-01-30 17:02 fman Note Added: 0025943
2017-01-30 17:02 fman Assigned To => fman
2017-01-30 17:02 fman Status new => feedback
2017-01-30 21:05 tjosephine Note Added: 0025944
2017-01-30 21:05 tjosephine Status feedback => assigned
2017-01-31 09:45 fman Note Added: 0025945



Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker