My favorites | Sign in
Project Home Downloads Wiki Issues Source
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 1799: Referrals not followed when authentication is simple
2 people starred this issue and may be notified of changes. Back to list
Status:  New
Owner:  ----


Sign in to add a comment
 
Reported by alex.ble...@gmail.com, Feb 23, 2013
Affected Version: 2.5.2

What steps will reproduce the problem?
1. When using an ldap account with a referral, log in
2. Authentication fails because the 'follow' is not passed through to the initial context

Please provide any additional information below.

The problem is with this method in Helper.java:

https://gerrit.googlesource.com/gerrit/+/v2.5.2/gerrit-server/src/main/java/com/google/gerrit/server/auth/ldap/Helper.java#line105

 DirContext open() throws NamingException {
    final Properties env = createContextProperties();
    if (username != null) {
      env.put(Context.SECURITY_AUTHENTICATION, "simple");
      env.put(Context.SECURITY_PRINCIPAL, username);
      env.put(Context.SECURITY_CREDENTIALS, password != null ? password : "");
      env.put(Context.REFERRAL, referral != null ? referral : "ignore");
    }
    return new InitialDirContext(env);

The issue is that the 'env.put(Context.REFERRAL)' is only used iff there is a username, when in fact it should be set regardless of the user name.

The fix is to move the referral line outside of the if block:

   DirContext open() throws NamingException {
    final Properties env = createContextProperties();
    env.put(Context.REFERRAL, referral != null ? referral : "ignore");
    if (username != null) {
      env.put(Context.SECURITY_AUTHENTICATION, "simple");
      env.put(Context.SECURITY_PRINCIPAL, username);
      env.put(Context.SECURITY_CREDENTIALS, password != null ? password : "");
    }
    return new InitialDirContext(env);

Sign in to add a comment

Powered by Google Project Hosting