mahara-contributors team mailing list archive

Thread
Date

[Bug 1044168] Re: Users can not log in via LDAP using a different remote username

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1044168@xxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Aug 2013 01:10:57 -0000
Reply-to: Bug 1044168 <1044168@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The "username for external authentication" field is currently only used
by SAML and XMLRPC. The other bug we've recently filed, to only expose
this field when it's actually usable, should help prevent confusion
about this in the future.

Basically, it makes the most sense for auth plugins that DON'T require
you to enter your username/password into the Mahara login form. Then
what happens is this:

1. You log in via some other method (i.e., roaming across from Moodle in MNet)
2. The external auth source sends your username to Mahara as part of the authentication process
3. Mahara compares this to your "username for external authentication" (i.e., your value in the auth_remote_user table for that auth instance)
4. If it finds a match, it uses that to decide which Mahara account the account in the external auth method should authenticate you into.

It's worth noting that this field could also be used by a user whose
auth method is NOT xmlrpc or saml, if their auth method is the parent
auth to an XMLRPC or SAML method. What parent auth does, is makes it so
that you have one Mahara account, and you can log in to it via
XMLRPC/SAML (using the username in external username), or you can log in
to it using the parent auth via the Mahara login form.

** Changed in: mahara
Status: Triaged => Won't Fix

** Changed in: mahara
Status: Won't Fix => Invalid

** Information type changed from Private Security to Public

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1044168

Title:
Users can not log in via LDAP using a different remote username

Status in Mahara ePortfolio:
Invalid

Bug description:
Version: master
Platform: ubuntu, postgres, apache2, php5, and OpenLDAP server
Browsers: Chrome, FF

Assumptions:
- an internal mahara account: u01 using Internal auth
- an institution: A which allow LDAP auth with User Attribute = uid (named A: My LDAP)
- an LDAP account: uid='john'

Actions:
1. Site admin opened "Account settings" of account: u01
2. Admin changed 'Authentication method' to A: My LDAP
3. Admin updated 'Username for external authentication' to 'john', clicked "Save changes", finally logged out
4. In Login box, entered username=john, password=<LDAP password for account john>, then clicked "Login"

Expected results:
- Logged in as user: u01

Actual results:
- Failed to login. Error message: "You have not provided the correct credentials to log in. Please check your username and password are correct.", or
- A new user will be created if the option "We auto-create users" is enable

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1044168/+subscriptions

References

[Bug 1044168] [NEW] Users can not log in via LDAP using a different remote username
From: Son Nguyen, 2012-08-31