abhaypradhan (abhaypradhan) wrote in lj_dev,
abhaypradhan
abhaypradhan
lj_dev

Livejournal LDAP auth problems

Hi.

I encountered a strange thing regarding the LDAP authentication.
After a period of time, the function load_ldap_user takes an earlier pwd.

This is from the apache logs (debug level = 1)
there is a username who has the pwd "WrongPwd" and who had logged in earlier.

Now, when another user=mohit_gupta02 tries to log in, here is the flow,

1) in login.bml, the pwd is correct
[Tue Apr 12 13:24:40 2005] [error] login.bml:user:mohit_gupta02:pwd:RightPwd

2) it enters load_user
[Tue Apr 12 13:24:40 2005] [error] just entered load_user

3) canonical_username is fine too
[Tue Apr 12 13:24:40 2005] [error] canonical user ok:mohit_gupta02

4) suddenly, in load_user, in the snippet below, the pwd becomes WrongPwd
[Tue Apr 12 13:24:40 2005] [error] first time:load_user:user:mohit_gupta02:pwd:WrongPwd

here is the snippet info in load_user

*********load_user snippet************
# setup LDAP handler if this is the first time
if ($user ne "system"){
if ($LJ::LDAP_HOST && ! $LJ::AUTH_EXISTS) {
require LJ::LDAP;
$LJ::AUTH_EXISTS = sub {
my $user = shift;
LJ::debug("first time:load_user:user:$user:pwd:$pass");
my $rec = LJ::LDAP::load_ldap_user($user,$pass);
return $rec ? $rec : undef;
};
}
}

# if user doesn't exist in the LJ database, it's possible we're using
# an external authentication source and we should create the account
# implicitly.
my $lu;
if (ref $LJ::AUTH_EXISTS eq "CODE" && ($lu = $LJ::AUTH_EXISTS->($user)))
{
my $name = ref $lu eq "HASH" ? ($lu->{'nick'} || $lu->{name} || $user) : $user;
LJ::debug("creating account in load user");
if (LJ::create_account({
'user' => $user,
'name' => $name,
'email' => ref $lu eq "HASH" ? $lu->{email} : "",
'password' => $pass,
'status' => "A",
}))
{
# this should pull from the master, since it was _just_ created
LJ::debug("created account in load user");
return $get_user->("master");
}
}

*********end of load_user snippet******************

5) and so when load_ldap_user is called, the user=ITLINFOSYS\mohit_gupta02, whereas the pwd=WrongPwd and not RightPwd which is what he entered.

***********load_ldap_user snippet*******************

sub load_ldap_user {
my ($user,$pass) = @_;
return undef unless $user =~ /^[\w ]+$/;

my $ldap = Net::LDAP->new($LJ::LDAP_HOST)
or return undef;

my $DOMAIN = "ITLINFOSYS\\";
my $test = $DOMAIN.$user;
my $mesg = $ldap->bind("$test",
password => $pass,
version => 3);

if ($mesg->{'resultCode'} != 0) {
LJ::debug("shit:user:$test:pass=$pass:");
}
***********end of load_ldap_user snippet*************

here is the debug message I get.
[Tue Apr 12 13:24:40 2005] [error] shit:user:ITLINFOSYS\\mohit_gupta02:pass=Hax0rrox:

where on earth is $pass changing?? and how come?
is something being cached somewhere?

help!
Subscribe

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 3 comments