Full_Name: Tim Cera Version: 2.4.23-26.el6_3.2 OS: CentOS URL: ftp://ftp.openldap.org/incoming/ Submission from: (NULL) (74.252.34.1) Currently using tikiwki (PHP) with LDAP authentication, and began experimenting with xwiki (Java) also with LDAP authentication. Both against an Active Directory server. With both systems you cannot authenticate a password with either a comma or a period, so suspect it is the underlying OpenLDAP libraries. The test password had both a comma and period, and the account is locked right now so I can't easily test which one or both are required to activate the bug. I did try looking for this bug suspecting that it would have been reported, and didn't find it. Hope this isn't a duplicate.
--On Wednesday, February 06, 2013 12:50 PM +0000 tim@cerazone.net wrote: > Full_Name: Tim Cera > Version: 2.4.23-26.el6_3.2 > OS: CentOS > URL: ftp://ftp.openldap.org/incoming/ > Submission from: (NULL) (74.252.34.1) > > > Currently using tikiwki (PHP) with LDAP authentication, and began > experimenting with xwiki (Java) also with LDAP authentication. Both > against an Active Directory server. With both systems you cannot > authenticate a password with either a comma or a period, so suspect it is > the underlying OpenLDAP libraries. The test password had both a comma > and period, and the account is locked right now so I can't easily test > which one or both are required to activate the bug. I would suspect you are incorrect if you are having this problem with a Java program, since Java would not be linked to the OpenLDAP C libraries. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
xwiki uses jldap. http://www.openldap.org/jldap/ Without delving deeper, I don't know whether jldap uses openldap libraries or not. I thought that it might since it was an openldap project. Though if jldap and openldap are different enough then this issue points to a problem then with Active Directory. On the other hand, Windows login, email, ...etc. were unaffected by the comma and period in the password. Regardless - take the comma and period out of my password, both tikiwiki and xwiki work.
--On Wednesday, February 06, 2013 6:33 PM +0000 TCera@sjrwmd.com wrote: > --_000_EE54DB3B9E0D63489B0845CE62912E8C3BAD846ABY2PRD0511MB441_ > Content-Type: text/plain; charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > xwiki uses jldap. > > http://www.openldap.org/jldap/ JLDAP is written in java, and does not use the OpenLDAP C libraries. If you are going to use Java, I highly recommend you look at the unboundID SDK. I would also note that PHP's LDAP Support is known to be utterly broken. There is no indication anywhere here in your report that indicates a bug with the OpenLDAP software. --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
quanah@zimbra.com wrote: > --On Wednesday, February 06, 2013 6:33 PM +0000 TCera@sjrwmd.com wrote: > >> --_000_EE54DB3B9E0D63489B0845CE62912E8C3BAD846ABY2PRD0511MB441_ >> Content-Type: text/plain; charset="us-ascii" >> Content-Transfer-Encoding: quoted-printable >> >> xwiki uses jldap. >> >> http://www.openldap.org/jldap/ > > JLDAP is written in java, and does not use the OpenLDAP C libraries. If > you are going to use Java, I highly recommend you look at the unboundID SDK. > > I would also note that PHP's LDAP Support is known to be utterly broken. > There is no indication anywhere here in your report that indicates a bug > with the OpenLDAP software. If he could reproduce the issue using OpenLDAP's command line tools, there would be reason to suspect libldap. But no such problem occurs for me using e.g. ldapsearch. Closing this ITS. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
changed state Open to Closed