We are moving to Git Issues for bug tracking in future releases. During transition, content will be in both tools. If you'd like to file a new bug, please create an issue.

Bug 6221 - LDAP authentication for new user account fails
LDAP authentication for new user account fails
Status: NEW
Product: OJS
Classification: Unclassified
Component: General
Other Linux
: P3 blocker
Assigned To: PKP Support
Depends on:
  Show dependency treegraph
Reported: 2010-11-18 09:19 PST by Tim McGeary
Modified: 2012-09-21 13:15 PDT (History)
1 user (show)

See Also:
Version Reported In:
Also Affects:


Note You need to log in before you can comment on or make changes to this bug.
Description Tim McGeary 2010-11-18 09:19:58 PST
Upon setting LDAP authentication, non-LDAP users were succeeding in creating user accounts, as well as LDAP users were able to set different passwords than their LDAP password, which later prevented them from logging back into OJS because OJS was depending on LDAP for password authentication rather than the password stored in the OJS DB.  Thus the account was essentially locked and unusable, which is a blocker for institutions only using LDAP usernames for single sign on.

We found a bug on line 81 of RegistrationForm.inc.php.

This line:

$this->addCheck(new FormValidatorCustom($this, 'username', 'required', 'user.register.form.usernameExists', create_function('$username,$form,$auth', 'return (!$auth->userExists($username) || $auth->authenticate($username, $form->getData(\'password\')));'), array(&$this, $this->defaultAuth))); 

should be changed to this:

$this->addCheck(new FormValidatorCustom($this, 'username', 'required', 'Incorrect Username or Password', create_function('$username,$form,$auth', 'return $auth->authenticate($username, $form->getData(\'password\'));'), array(&$this, $this->defaultAuth)));