Bug 509941 - TPS LDAP auth with bind dn broken
Summary: TPS LDAP auth with bind dn broken
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: TPS
Version: 1.1
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Jack Magne
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2009-07-07 01:55 UTC by Jack Magne
Modified: 2009-07-22 23:37 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-22 23:37:08 UTC
Embargoed:

Attachments (Terms of Use)
Patch to fix this issue. (1.35 KB, patch)
2009-07-07 01:59 UTC, Jack Magne 		no flags Details | Diff
View All

Description Jack Magne 2009-07-07 01:55:42 UTC 
Recently, for another bug, we put in some code that performs proper LDAP authentication failover. Unfortunaly, it turns out this code breaks the case where a bind dn is specified in the TPS's CS.cfg. This type of LDAP authentication is used in Security Officer mode. It appears that the regular user bind with regular TPS authentication works just fine.

To follow is a simple patch that fixes this.
Comment 1 Jack Magne 2009-07-07 01:57:39 UTC 
The reason why the code is broken, is because Security Officer related Ldap auth requires simple binding. There is a call in the code to perform this simple binding, but unfortunatly, due to new failover code, this binding is not done in the proper place.
Comment 2 Jack Magne 2009-07-07 01:59:26 UTC 
Created attachment 350710 [details]
Patch to fix this issue.

This should fix the issue. I've tested the regular auth case and the security officer auth case. CFU, please review and see if you can determine that this fix will not affect the fail over mechanism.
Comment 3 Christina Fu 2009-07-07 18:45:39 UTC 
(In reply to comment #2)
> Created an attachment (id=350710) [details]

cfu+
Comment 4 Jack Magne 2009-07-07 18:57:36 UTC 
Spec file:

Index: pki-tps.spec
===================================================================
--- pki-tps.spec        (revision 683)
+++ pki-tps.spec        (working copy)
@@ -34,7 +34,7 @@
 ## Package Header Definitions
 %define base_name         %{base_prefix}-%{base_component}
 %define base_version      1.1.0
-%define base_release      41
+%define base_release      42
 %define base_group        System Environment/Daemons
 %define base_vendor       Red Hat, Inc.
 %define base_license      LGPLv2 with exceptions
@@ -314,6 +314,8 @@
 ###############################################################################
 
 %changelog
+* Tue Jul 7 2009 Jack Magne <jmagne> 1.1.0-42
+- Bugzilla Bug #309941 - TPS LDAP auth with bind dn broken.
 * Mon Jul 6 2009 Andrew Wnuk <awnuk> 1.1.0-41
 - Bugzilla Bug #509833 - cleaning debug log
 * Mon Jul 6 2009 Matthew Harmsen <mharmsen> 1.1.0-40
Comment 5 Jack Magne 2009-07-07 18:59:41 UTC 
svn commit -m "Bugzilla Bug #509941 TPS LDAP auth with bind dn broken"
Sending        base/tps/src/authentication/LDAP_Authentication.cpp
Sending        dogtag/tps/pki-tps.spec
Transmitting file data ..
Committed revision 684.
Comment 6 Jack Magne 2009-07-07 19:00:11 UTC 
Fixed in next TPS build.
Comment 7 Asha Akkiangady 2009-07-09 23:12:18 UTC 
Verified.

LDAP authentication works fine in the Security Officer mode. Able to enroll a security officer token, login to the so workstation and enroll/format user tokens.
Note You need to log in before you can comment on or make changes to this bug.