You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What steps will reproduce the problem?
Configure gitblit to use LDAP authorization and read teams from LDAP. Specify LDAP
manager credentials for gitblit to use.
What is the expected output? What do you see instead?
The expected behavior is for gitblit to check team memberships for a user by using
the manager account, not that user's account since that user may not have the privileges
to see team memberships.
What version of the product are you using? On what operating system?
1.6.2 on Jetty 9, CentOS 6.3
Please provide any additional information below.
Browsing the source code, I noticed that after binding with the manager account, gitblit
rebinds as the user trying to log in (the comment says this is to prevent an LDAP injection
attack). Team memberships are then read after this, while bound to the LDAP server
as the user trying to log in, not the manager. I believe this is wrong since the user
doesn't have to be authorized to read team memberships.
Reported by hrvoje@mail.maracic.net on 2014-11-22 01:21:32
The text was updated successfully, but these errors were encountered:
Maybe. =)
To be honest I don't know yet what the best workflow is with labels and status and milestones and releases.
This is labeled as "Queued", i.e. implemented but not released. Which means it will be closed when the 1.9.0 is released. Maybe that isn't the smartest workflow and it could also be closed now.
I know, it's not consistent right now, as there are other implemented issues that have been closed. It's a bit of experimenting with workflows to see what works best in the Github frame.
Closing this as fixed. Turns out keeping it open is more irritating than helpful. Adding the issue to a yet-to-be released milestone serves as a better "Queued" status.
Originally reported on Google Code with ID 537
Reported by
hrvoje@mail.maracic.net
on 2014-11-22 01:21:32The text was updated successfully, but these errors were encountered: