Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implementation of trustExternal() method in authldap plugin #205

Closed
wants to merge 2 commits into from

Conversation

@brenard
Copy link

@brenard brenard commented Mar 26, 2013

It's an implementation of trustExternal() method of authldap plugin.

I had an configuration parameter to enable/disable this feature.

It's useful when, for example, you use Apache capability to authenticate user and you only want to retrieve his informations from LDAP (name, mail, groups, ...).

@@ -36,6 +36,10 @@ public function __construct() {
return;
}

if ($this->getConf('external')) {
Copy link
Collaborator

@selfthinker selfthinker Apr 7, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor issue: Some indention is missing here.

Loading

Copy link
Author

@brenard brenard Apr 7, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in my second commit.

Loading

@splitbrain
Copy link
Owner

@splitbrain splitbrain commented Apr 7, 2013

Loading

@brenard
Copy link
Author

@brenard brenard commented May 17, 2013

Hello,

Do you have any suggestion about this feature to permit merge ? I use it in production since two month now, and it work very well.

Thank's

Loading

@selfthinker
Copy link
Collaborator

@selfthinker selfthinker commented Jun 2, 2013

We weren't considering any new features, because we were in feature freeze. We discuss pull requests every 2 weeks (but only bug-related ones during feature freeze) and have started to discuss old PRs today, but ran out of time to go through all of them. That means you will get feedback in 2 weeks at the latest.

Loading

@brenard
Copy link
Author

@brenard brenard commented Jun 2, 2013

Ok, it's clear now :) Thank's for this explanation.

Loading

@michitux
Copy link
Collaborator

@michitux michitux commented Jun 16, 2013

As DokuWiki uses the "u" GET-parameter instead of the username that's supplied by the web server this means that any user which gets through the external authentication can switch to any other user account which is most probably not wanted. The code should at least check if $INPUT->bool('http_credentials') is false.

As this doesn't really depend on LDAP but could actually be used with any auth backend (that would only be responsible for managing the user details but not the password) and a simple http authentication it might be better to implement this as separate auth plugin that uses another (configurable) auth plugin for loading/changing/... the user data. The plugin could simply forward all requests to the other auth plugin and only handle trustExternal().

Loading

@splitbrain
Copy link
Owner

@splitbrain splitbrain commented Jun 16, 2013

I agree with @michitux

Loading

@splitbrain splitbrain closed this Jun 16, 2013
splitbrain added a commit that referenced this issue Apr 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

4 participants