LDAP user cannot login after changing its password in LDAP server with encryption enabled. #24832

Closed
SergioBertolinSG opened this Issue May 25, 2016 · 3 comments

Projects

None yet

4 participants

@SergioBertolinSG
Member

Steps to reproduce:

  1. Enable encryption. (app, go to admin page, relogin with admin)
  2. Set up LDAP server.
  3. Login with an LDAP user.
  4. Log out.
  5. Change LDAP user password in LDAP server.
  6. Login with LDAP user.

Expected behaviour:

LDAP user can login with new password.

Actual behaviour

An error is shown, bad signature.

Server configuration

Operating system:
Ubuntu 14.04

Web server:
Apache

Database:
MySQL

PHP version:
5.5.9

ownCloud version: (see ownCloud admin page)
Current master
{"installed":true,"maintenance":false,"version":"9.1.0.4","versionstring":"9.1.0 pre alpha","edition":""}

Updated from an older ownCloud or fresh install:
Fresh

The content of config/config.php:


Are you using external storage, if yes which one: local/smb/sftp/...
No

Are you using encryption:
No

Logs



Client configuration

Chrome

cc @schiesbn

@SergioBertolinSG SergioBertolinSG added this to the 9.1-current milestone May 25, 2016
@PVince81 PVince81 closed this in #24833 May 25, 2016
@cdamken
Contributor
cdamken commented Jul 4, 2016

@PVince81 After upgrading to 9.0.3,Is needed to run a occ command to fix the Private Keys?

@PVince81
Collaborator
PVince81 commented Jul 5, 2016

@cdamken AFAIK there is no OCC command to fix encryption stuff.

@PVince81
Collaborator
PVince81 commented Jul 5, 2016

@cdamken when changing a LDAP password directly, the user needs to login with the new password then go to the personal page and enter the old password and new password to decrypt + reencrypt the keys with the new password.

This is because the key cannot be used with the new password yet. So there's that error. However, the error is expected to happen on the server and be ignored, and let the user fix it by going to the personal page. But due to this bug, the error was blocking the UI instead of letting the user through.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment