Forum: help

Monitor Forum | Start New Thread Start New Thread
RE: Fusion Forge 6, bug when authbuiltin and authldap are enabled at the same time [ Reply ]
By: Franck Villaume on 2016-12-12 17:01
[forum:992]
Hi,

unfortunately, as far as I know, there is no workaround.
the username (login) has to be unique since FusionForge has a tied integration with the OS (thru nss) to provide ssh access for instance.

Fusion Forge 6, bug when authbuiltin and authldap are enabled at the same time [ Reply ]
By: Henri Massias on 2016-12-12 14:04
[forum:990]
Fusion Forge 6.0.4

We discovered a bug when enabling at the same time the authbuiltin and the authldap plugin.

If the login of a local account matches the login of an ldap account, the informations of the local account (name, email, password) are updated with the informations of the ldap account. Someone from the ldap directory, with a login already defined as a local account, will be able to take the control of this local account (project, account informations, …). This situation can happen in the case of homonyms for example.

The informations are synchronised even if the legitimate local user authenticates from the authbuiltin tab (in this case, the password is not updated) and even if the authbuiltin plugin is activated before the authldap plugin.
The consequence is that the login must be unique in the perimeter which covers the ldap directory and the local database.

Is there a workaround for this unwanted behavior?