I encountered a strange thing regarding the LDAP authentication.
After a period of time, the function load_ldap_user takes an earlier pwd.
This is from the apache logs (debug level = 1)
there is a username who has the pwd "WrongPwd" and who had logged in earlier.
Now, when another user=mohit_gupta02 tries to log in, here is the flow,
1) in login.bml, the pwd is correct
[Tue Apr 12 13:24:40 2005] [error] login.bml:user:mohit_gupta02:pwd:RightPw
2) it enters load_user
[Tue Apr 12 13:24:40 2005] [error] just entered load_user
3) canonical_username is fine too
[Tue Apr 12 13:24:40 2005] [error] canonical user ok:mohit_gupta02
4) suddenly, in load_user, in the snippet below, the pwd becomes WrongPwd
[Tue Apr 12 13:24:40 2005] [error] first time:load_user:user:mohit_gupta02:pwd:Wr
here is the snippet info in load_user
*********load_user snippet************
# setup LDAP handler if this is the first time
if ($user ne "system"){
if ($LJ::LDAP_HOST && ! $LJ::AUTH_EXISTS) {
require LJ::LDAP;
$LJ::AUTH_EXISTS = sub {
my $user = shift;
LJ::debug("first time:load_user:user:$user:pwd:$pass");
my $rec = LJ::LDAP::load_ldap_user($user,$pass);
return $rec ? $rec : undef;
};
}
}
# if user doesn't exist in the LJ database, it's possible we're using
# an external authentication source and we should create the account
# implicitly.
my $lu;
if (ref $LJ::AUTH_EXISTS eq "CODE" && ($lu = $LJ::AUTH_EXISTS->($user)))
{
my $name = ref $lu eq "HASH" ? ($lu->{'nick'} || $lu->{name} || $user) : $user;
LJ::debug("creating account in load user");
if (LJ::create_account({
'user' => $user,
'name' => $name,
'email' => ref $lu eq "HASH" ? $lu->{email} : "",
'password' => $pass,
'status' => "A",
}))
{
# this should pull from the master, since it was _just_ created
LJ::debug("created account in load user");
return $get_user->("master");
}
}
*********end of load_user snippet******************
5) and so when load_ldap_user is called, the user=ITLINFOSYS\mohit_gupta02, whereas the pwd=WrongPwd and not RightPwd which is what he entered.
***********load_ldap_user snippet*******************
sub load_ldap_user {
my ($user,$pass) = @_;
return undef unless $user =~ /^[\w ]+$/;
my $ldap = Net::LDAP->new($LJ::LDAP_HOST)
or return undef;
my $DOMAIN = "ITLINFOSYS\\";
my $test = $DOMAIN.$user;
my $mesg = $ldap->bind("$test",
password => $pass,
version => 3);
if ($mesg->{'resultCode'} != 0) {
LJ::debug("shit:user:$test:pass=$pass:")
}
***********end of load_ldap_user snippet*************
here is the debug message I get.
[Tue Apr 12 13:24:40 2005] [error] shit:user:ITLINFOSYS\\mohit_gupta02:pass=H
where on earth is $pass changing?? and how come?
is something being cached somewhere?
help!