You are viewing the PKP Support Forum | PKP Home Wiki

LDAP mulitauthentication...again

Are you responsible for making OJS work -- installing, upgrading, migrating or troubleshooting? Do you think you've found a bug? Post in this forum.

Moderators: jmacgreg, btbell, michael, bdgregg, barbarah, asmecher

Forum rules
What to do if you have a technical problem with OJS:

1. Search the forum. You can do this from the Advanced Search Page or from our Google Custom Search, which will search the entire PKP site. If you are encountering an error, we especially recommend searching the forum for said error.

2. Check the FAQ to see if your question or error has already been resolved.

3. Post a question, but please, only after trying the above two solutions. If it's a workflow or usability question you should probably post to the OJS Editorial Support and Discussion subforum; if you have a development question, try the OJS Development subforum.

LDAP mulitauthentication...again

Postby sqro » Mon Jul 15, 2013 4:18 am

My question is somewhat similar to the topic viewtopic.php?f=8&t=1893&p=36385&hilit=ldap+default#p36385

We have an AD server to which i have successfully connected with LDAP plugin as authentication source. This AD has to be authentication source for "internals" from our university meanwhile OJS internal database authentication is intended for external users. This is typical situation I guess

The problem appears with user registration. I setup LDAP as default authentication source. With enabled user profile synchronization.
During the registration of a new user it really does not matter what password is provided for a user account residing in LDAP. When we provide username existing in LDAP regardless if You provide proper password or not the account is created in OJS but the authorization is possible with the proper LDAP password only - the password entry in database is irrelevant as I could clear it.

Meanwhile OJS claims
Specifying a default authentication source other than OJS has the following effects:
If a user attempts to register a new account with this site with a username that exists on the authentication source (but not in the OJS database), the registration attempt is only allowed if the supplied password is valid for that user account.

I would rather expect explicit denial of a new user creation if the account name is from the LDAP and the password is invalid for that account. That would prevent conflicting of usernames which could appear sooner or later.

Am I doing anything wrong or misunderstand something?

And anticipating prospective problem
How to solve a situation when there in LDAP appears a new user with the same account name as already existing (external) in OJS database?

kind regards and thanks for really great work with PKP
Przemyslaw Skurowski
Posts: 7
Joined: Tue Jan 08, 2013 8:58 am

Return to OJS Technical Support

Who is online

Users browsing this forum: No registered users and 2 guests