mahara-contributors team mailing list archive

Thread
Date

[Bug 1818901] Re: LDAP account set up should not require internal password to be set

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Cecilia Vela Gurovic <1818901@xxxxxxxxxxxxxxxxxx>
Date: Fri, 12 Jul 2019 02:43:03 -0000
Reply-to: Bug 1818901 <1818901@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/19.04
Status: Confirmed => In Progress

--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1818901

Title:
LDAP account set up should not require internal password to be set

Status in Mahara:
In Progress
Status in Mahara 19.04 series:
In Progress
Status in Mahara 19.10 series:
In Progress

Bug description:
Reported at
https://mahara.org/interaction/forum/topic.php?id=7827&offset=0&limit=10#post33568

When an LDAP user tries to log in via Mahara Mobile, they can't as
Mahara requires an internal Mahara password to be set even though it
will then be ignored as LDAP is used (see error message below).

When LDAP accounts are set up, they should not require an internal
Mahara password as it will be ignored since LDAP is going to be used.

Report:

My environment:
Mahara 18.10
mobile app 1.4.1

1. Authentication plugin
The institution has LDAP authentication plugin and Internal auth.

2. Add user from
a user is added by admin from "Adimn menu" -> Users -> Add user

The password can be anythin here, because users use LDAP password on
login time.

3. Login
Though the new user can login from Web interface, hi can not login by mobile app. At this time, I found server logs below.

----
AH01071: Got error 'PHP message: [WAR] 38
(snip)
WebserviceException->__construct("passwordchangerequired", "The user needs to reset their password. They must ...", 403) at /path/to/mahara/module/mobileapi/json/token.php:121\nPHP message: \nPHP message: [WAR] 38 (module/mobileapi/json/token.php:118) passwordchangerequired : The user needs to reset their password. They must log in to the site through a web browser to do this.\nPHP message: Call stack (most recent first):\nPHP message: * log_message("passwordchangerequired : (snip)
----

Though the mobile app does not show error messeges, Mahara server
seems to be requesting user to change password.

3. change password
By admin, change authentication plugin from LDAP to Internal, and change password once. the password can be anythin. The password has to be change once. Then return authentication plugin from Internal to LDAP.

4. Login from mobile app
We can login from mobile app.

5. Othre solution
Admin can add user by CSV "Adimn menu" -> Users -> "Add user by CSV". At that time, Turn off the option "Force password change" option. Then users do not be required to chage password at first login, so mobile app can login.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1818901/+subscriptions

References

[Bug 1818901] [NEW] LDAP account set up should not require internal password to be set
From: Kristina Hoeppner, 2019-03-06