LDAP password change not always working #7135
Comments
|
cc @nextcloud/ldap |
|
I use nextcloud 13.0.2 with LDAP authentication (user_ldap: 1.3.1). As admin i can change the passwords for all users in the users overview, but no one can change his own password under the settings menu. |
|
@LasseSH it's opt-in in LDAP settings |
|
Thanks for the fast reply, I already had the option activated. I just wanted to exclude the LDAP permissions as the source of the error. |
|
Bump @blizzz |
skjnldsv
added
0. Needs triage
|
I don't see the DN being escaped anywhere. Is it still a problem? Edit: To be more precise, it is normalized when we read it first. But if that was an issue, we would have had various problems for a long time. |
|
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Sorry, totaly forgot about this since we adapted the naming scheme for our use case. But the issue still persists with Nextcloud 15.0.10 and LDAP 1.5.0. Example User1: CN=user1\, user1,OU=Users,DC=example,DC=org Both can login, but only the 2nd can change the password. Looking at it like this, is it possible that because the DN uses a comma separator there is some wierd string spliting going on in the backend ? |
ghost
removed
the
|
cc @blizzz |
|
Works for me with a user containing a comma in his DN (but on OpenLDAP). Could be specific to AD. |
|
P.S.: On Samba4 (compatible to AD 2008 R2) setting the password does not work for anybody despite getting back a success for the replace operation. |
|
This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions. |
Hello,
there is a bug that prevents users from changing thier passwords if the userDN contains a comma (e.g. cn=test, test1…).
Logfiles show the request being made as “cn=test\2C test1…” but i don’t get any error messages it just says “Unable to change password”. Removing the comma from the AD object instantly resolves this issue.
Steps to reproduce
Expected behaviour
Users should be able to change thier password.
Actual behaviour
Error "Unable to change password"
Server configuration
4x vCPUs
8GB RAM
Operating system:
3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 GNU/Linux
Web server:
Nginx
Database:
Mariadb
PHP version:
php-pear 5.6.30+dfsg-0+deb8u1
php-xml-parser 1.3.4-7
php5-cli 5.6.30+dfsg-0+deb8u1 amd64
php5-common 5.6.30+dfsg-0+deb8u1 amd64
php5-curl 5.6.30+dfsg-0+deb8u1 amd64
php5-fpm 5.6.30+dfsg-0+deb8u1 amd64
php5-gd 5.6.30+dfsg-0+deb8u1 amd64
php5-imagick 3.2.0~rc1-1 amd64
php5-intl 5.6.30+dfsg-0+deb8u1 amd64
php5-json 1.3.6-1 amd64
php5-ldap 5.6.30+dfsg-0+deb8u1 amd64
php5-mysql 5.6.30+dfsg-0+deb8u1 amd64
php5-readline 5.6.30+dfsg-0+deb8u1 amd64
Nextcloud version: (see Nextcloud admin page)
Nextcloud Version: 12.03
User_LDAP Version: 1.2.1
Updated from an older Nextcloud/ownCloud or fresh install:
Fresh
Where did you install Nextcloud from:
Debian Repository
The text was updated successfully, but these errors were encountered: