Bug 509941 - TPS LDAP auth with bind dn broken
TPS LDAP auth with bind dn broken
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: TPS (Show other bugs)
1.1
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Jack Magne
Asha Akkiangady
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-07-06 21:55 EDT by Jack Magne
Modified: 2009-07-22 19:37 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:37:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to fix this issue. (1.35 KB, patch)
2009-07-06 21:59 EDT, Jack Magne
no flags Details | Diff

  None (edit)
Description Jack Magne 2009-07-06 21:55:42 EDT
Recently, for another bug, we put in some code that performs proper LDAP authentication failover. Unfortunaly, it turns out this code breaks the case where a bind dn is specified in the TPS's CS.cfg. This type of LDAP authentication is used in Security Officer mode. It appears that the regular user bind with regular TPS authentication works just fine.

To follow is a simple patch that fixes this.
Comment 1 Jack Magne 2009-07-06 21:57:39 EDT
The reason why the code is broken, is because Security Officer related Ldap auth requires simple binding. There is a call in the code to perform this simple binding, but unfortunatly, due to new failover code, this binding is not done in the proper place.
Comment 2 Jack Magne 2009-07-06 21:59:26 EDT
Created attachment 350710 [details]
Patch to fix this issue.

This should fix the issue. I've tested the regular auth case and the security officer auth case. CFU, please review and see if you can determine that this fix will not affect the fail over mechanism.
Comment 3 Christina Fu 2009-07-07 14:45:39 EDT
(In reply to comment #2)
> Created an attachment (id=350710) [details]

cfu+
Comment 4 Jack Magne 2009-07-07 14:57:36 EDT
Spec file:

Index: pki-tps.spec
===================================================================
--- pki-tps.spec        (revision 683)
+++ pki-tps.spec        (working copy)
@@ -34,7 +34,7 @@
 ## Package Header Definitions
 %define base_name         %{base_prefix}-%{base_component}
 %define base_version      1.1.0
-%define base_release      41
+%define base_release      42
 %define base_group        System Environment/Daemons
 %define base_vendor       Red Hat, Inc.
 %define base_license      LGPLv2 with exceptions
@@ -314,6 +314,8 @@
 ###############################################################################
 
 %changelog
+* Tue Jul 7 2009 Jack Magne <jmagne@redhat.com> 1.1.0-42
+- Bugzilla Bug #309941 - TPS LDAP auth with bind dn broken.
 * Mon Jul 6 2009 Andrew Wnuk <awnuk@redhat.com> 1.1.0-41
 - Bugzilla Bug #509833 - cleaning debug log
 * Mon Jul 6 2009 Matthew Harmsen <mharmsen@redhat.com> 1.1.0-40
Comment 5 Jack Magne 2009-07-07 14:59:41 EDT
svn commit -m "Bugzilla Bug #509941 TPS LDAP auth with bind dn broken"
Sending        base/tps/src/authentication/LDAP_Authentication.cpp
Sending        dogtag/tps/pki-tps.spec
Transmitting file data ..
Committed revision 684.
Comment 6 Jack Magne 2009-07-07 15:00:11 EDT
Fixed in next TPS build.
Comment 7 Asha Akkiangady 2009-07-09 19:12:18 EDT
Verified.

LDAP authentication works fine in the Security Officer mode. Able to enroll a security officer token, login to the so workstation and enroll/format user tokens.

Note You need to log in before you can comment on or make changes to this bug.