mahara-contributors team mailing list archive

[François Marier <francois@xxxxxxxxxx>]

** Changed in: mahara
       Status: New => Fix Committed

** Changed in: mahara
    Milestone: None => 1.3.0

** Changed in: mahara
   Importance: Undecided => Medium

** Changed in: mahara
     Assignee: (unassigned) => PiersHarding (piers-ompka)

-- 
Multiple institutions with separated LDAP servers authentication
https://bugs.launchpad.net/bugs/536959
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Fix Committed

Bug description:
Hello Mahara people,

I'm running Mahara 1.2.2 with several institutions, each using a different LDAP server for authentication.
A normal procedure is when guest is logging in, Mahara loops through array of all LDAP servers defined as institutions auth methods. When binding within certain LDAP is successful loop will be braked and Mahara will login user.
However if one of LDAP servers is experiencing difficulties, i.e. network problems, server unavailable, expired SSL certificate etc, Mahara will throw an exception and loop will be braked, resulting as bad-login. In another words, if any of LDAP servers goes offline authentication will be "disabled" for all institutions despite the fact that each institution uses different LDAP server. Of course if first LDAP in array is offline the rest is useless as loop is interrupted by exception, if last one is offline the chance of bad-login is much lower as previous one may pass...

 The problem is in auth/ldap/lib.php line #146

throw new AuthUnknownUserException('Cannot connect to any LDAP hosts');

I solved the issue by commenting this line and adding code for logging LDAP errors, though I would like to avoid code hacking. Will someone consider this for upcoming releases?

Thanks for reading.

Cheers,

Andrej