WeBWorK Main Forum

ldap failover not working

ldap failover not working

by Jason Aubrey -
Number of replies: 2
Hi All,

We are using ldap authentication here, and it seems that the ldap failover mechanism is not working in spite of having set failover => 1 in $authen{ldap_options}. Is anyone else using ldap having this problem?

Here's the part of LDAP.pm I'm suspicious about:

# check against LDAP server
return 1 if $self->ldap_authen_uid($userID, $possibleClearPassword);

return 0 if ($userID !~ /admin/);

# optional: fail over to superclass checkPassword
if ($failover) {

This line was only added in the most recent revision of LDAP.pm and looks to be short-circuiting the failover bit for users who aren't "admin." See,

http://webwork.maa.org/viewvc/system/trunk/webwork2/lib/WeBWorK/Authen/LDAP.pm?r1=5319&r2=6143

Thanks,
Jason

In reply to Jason Aubrey

Re: ldap failover not working

by Mark Hamrick -

Jason, this would make two issues with the LDAP.pm.  One is the one you are seeing, which I caused.  Where I am at it is against university policies to store user's passwords in a none approved application.  For your code please remove the line   return 0 if ($userID !~ /admin/); in ldap.pm.  I will look at creating a variable much like the failover variable to deal with this the next version. I didn't realise that I had checked that line of code into WW.

The second issue that has come up this semester is that some LDAP servers will only work if the user id is in lower case.  I am going to have to add another option where the userid is converted to lowercase before being checked.