← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #51990

[Bug 1818901] [NEW] LDAP account set up should not require internal password to be set

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Reported at
https://mahara.org/interaction/forum/topic.php?id=7827&offset=0&limit=10#post33568

When an LDAP user tries to log in via Mahara Mobile, they can't as
Mahara requires an internal Mahara password to be set even though it
will then be ignored as LDAP is used (see error message below).

When LDAP accounts are set up, they should not require an internal
Mahara password as it will be ignored since LDAP is going to be used.

Report:

My environment:
 Mahara 18.10
 mobile app 1.4.1

1. Authentication plugin
 The institution has  LDAP authentication plugin and Internal auth.

2. Add user from
a user is added by admin from "Adimn menu" -> Users -> Add user

The password can be anythin here, because users use LDAP password on
login time.

3. Login
Though the new user can login from Web interface, hi can not login by mobile app. At this time, I found server logs below.

----
AH01071: Got error 'PHP message: [WAR] 38
(snip)
WebserviceException->__construct("passwordchangerequired", "The user needs to reset their password. They must ...", 403) at /path/to/mahara/module/mobileapi/json/token.php:121\nPHP message: \nPHP message: [WAR] 38 (module/mobileapi/json/token.php:118) passwordchangerequired : The user needs to reset their password. They must log in to the site through a web browser to do this.\nPHP message: Call stack (most recent first):\nPHP message:   * log_message("passwordchangerequired : (snip)
----

Though the mobile app does not show error messeges, Mahara server seems
to be requesting user to change password.

3. change password
By admin, change authentication plugin from LDAP to Internal, and change password once. the password can be anythin.  The password has to be change once. Then return authentication plugin from Internal to LDAP.

4. Login from mobile app
We can login from mobile app.

5. Othre solution
Admin can add user by CSV "Adimn menu" -> Users -> "Add user by CSV". At that time, Turn off the option "Force password change" option. Then users do not be required to chage password at first login, so mobile app can login.

** Affects: mahara
     Importance: High
         Status: Confirmed

** Affects: mahara/19.04
     Importance: High
         Status: Confirmed

** Affects: mahara/19.10
     Importance: High
         Status: Confirmed


** Tags: auth

** Also affects: mahara/19.04
   Importance: High
       Status: Confirmed

** Also affects: mahara/19.10
   Importance: Undecided
       Status: New

** Changed in: mahara/19.10
    Milestone: None => 19.10.0

** Changed in: mahara/19.04
    Milestone: None => 19.04.1

** Changed in: mahara/19.10
       Status: New => Confirmed

** Changed in: mahara/19.10
   Importance: Undecided => High

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1818901

Title:
  LDAP account set up should not require internal password to be set

Status in Mahara:
  Confirmed
Status in Mahara 19.04 series:
  Confirmed
Status in Mahara 19.10 series:
  Confirmed

Bug description:
  Reported at
  https://mahara.org/interaction/forum/topic.php?id=7827&offset=0&limit=10#post33568

  When an LDAP user tries to log in via Mahara Mobile, they can't as
  Mahara requires an internal Mahara password to be set even though it
  will then be ignored as LDAP is used (see error message below).

  When LDAP accounts are set up, they should not require an internal
  Mahara password as it will be ignored since LDAP is going to be used.

  Report:

  My environment:
   Mahara 18.10
   mobile app 1.4.1

  1. Authentication plugin
   The institution has  LDAP authentication plugin and Internal auth.

  2. Add user from
  a user is added by admin from "Adimn menu" -> Users -> Add user

  The password can be anythin here, because users use LDAP password on
  login time.

  3. Login
  Though the new user can login from Web interface, hi can not login by mobile app. At this time, I found server logs below.

  ----
  AH01071: Got error 'PHP message: [WAR] 38
  (snip)
  WebserviceException->__construct("passwordchangerequired", "The user needs to reset their password. They must ...", 403) at /path/to/mahara/module/mobileapi/json/token.php:121\nPHP message: \nPHP message: [WAR] 38 (module/mobileapi/json/token.php:118) passwordchangerequired : The user needs to reset their password. They must log in to the site through a web browser to do this.\nPHP message: Call stack (most recent first):\nPHP message:   * log_message("passwordchangerequired : (snip)
  ----

  Though the mobile app does not show error messeges, Mahara server
  seems to be requesting user to change password.

  3. change password
  By admin, change authentication plugin from LDAP to Internal, and change password once. the password can be anythin.  The password has to be change once. Then return authentication plugin from Internal to LDAP.

  4. Login from mobile app
  We can login from mobile app.

  5. Othre solution
  Admin can add user by CSV "Adimn menu" -> Users -> "Add user by CSV". At that time, Turn off the option "Force password change" option. Then users do not be required to chage password at first login, so mobile app can login.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1818901/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next