Thread: Miscellaneous Hacks - LDAP Authentication
View Single Post
  #17  
Old 11-27-2008, 10:35 PM
Haqa Haqa is offline
 
Join Date: Jul 2008
Posts: 38
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default
Quote:
Originally Posted by anybodytech View Post
Very nice mod - installed with no fuss.

I though had the problem that my LDAP server was containing a new user where the username was not used in vB, but the email was already taken by another username in vB.

This means that your plugin tries to create the new user when a correct username/password is issued (seen from the LDAP server). But due to that the email already exists i vB with another username then the creation of the new user fails. This is properly okay, as two different users can not have the same email. But the error messages indicates that a wrong password/username is issued.

My suggestion for improvement is to give better response to this case.

Best regards
Tom
Thanks

I'll have to look into this bug, that's NOT what's meant to happen - It's supposed to rename the user to match the LDAP...

I can see what you mean though, the error message is unhelpful in this instance, but in keeping with normal login failure message procedure, I've tried not to allow a potential brute-force attacker know what he/she got wrong (username/password etc). A more "helpful" error message might give away the fact that users are being created on the fly from an external database, and that might give an opportunity to inject a user into the system. (Sorry if I seem paranoid, but it's my job, I work with system security all day).

H.
Reply With Quote
 
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01231 seconds
  • Memory Usage 1,765KB
  • Queries Executed 11 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD_SHOWPOST
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_quote
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_box
  • (1)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (1)post_thanks_postbit_info
  • (1)postbit
  • (1)postbit_onlinestatus
  • (1)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • reputationlevel
  • showthread
Included Files:
  • ./showpost.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showpost_start
  • bbcode_fetch_tags
  • bbcode_create
  • postbit_factory
  • showpost_post
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • showpost_complete