ShMaunder / JMapMyLDAP

LDAP Integration for Joomla! 2.5+
shmanic.com/tools/jmapmyldap
26 stars 19 forks source link

User Creation Clear Password #20

Open thamimanuel opened 10 years ago

thamimanuel commented 10 years ago

Good Day

I have installed and configured JMapMyLDAP with OpenLDAP on ubuntu 14.04 and Joomla 2.5. Everything works except after user creation the user cannot login due to password error. I used the "openldap" example template and when I check on the openldap server side the password is saved as "clear" even though on "Shmanic LDAP: Host Config" I have selected "md5-based64" password hash.

When user logs in they get this: "Error Found the LDAP user 'thamiz', but unable to bind with supplied password."

Joomla still logs the user in with password saved in Joomla DB, which means password that user supplied is correct except that on Openldap server its stored differently.

What am I missing?

ShMaunder commented 9 years ago

Hi, are you still having problems?

Would be great to see a full LDAP debug log for this which should report the password save issue. In /libraries/shmanic/user/adapters/ldap.php to log what is actually being written to LDAP you can remove the line:

// NEVER audit the actual password!
$this->_changes[$this->getPassword(true)] = '*********';

Also, the clearing of passwords from the Joomla DB is highly recommended (there is an included script in /cli/clear_db_passwords.php which can be ran as part of a cron job) to prevent the Joomla DB from storing passwords like that.

brother-tshober commented 9 years ago

Hello,

I encounter the same problem. Installed and configured JMapMyLDAP with OpenLDAP on a Debian Wheezy System. It seems like the connection to the LDAP server is fine, this means that the user is found. However the password is never recognized as correct, and I always get the same message:

[10303] Found the LDAP user 'joberhauser', but unable to bind with supplied password.

I suppose it may be some problem with the encoding between the Joomla and the LDAP server but I am not sure where to look for solutions and how to fix it.

Removing the line as suggested in the second post also does not lead to more detailed logs, or at least I do not know where to look for them.

Any help would be highly appreciated as I am stuck at this point.

ftreguer commented 9 years ago

Hello,

(it's a little bit late but I try)

thamimanuel, I had the same problem. Have you set "Password Prefix" to "Yes" in your LDAP Host Configuration? OpenLDAP needs the prefix. Just a test. When you open a phpldapadmin, go to your user and show your password inspecting element (type="text", not "password" for input in DOM). Before modification in joomla you can see the prefix ({MD5} for example). After modification in joomla, go to phpldapadmin, show password and add the prefix. You can test if the password matches.

If you set "Yes" to "Password Prefix" parameter, it will works. ShMaunder could say if I'm right.

Fabien

PhillyWebGuy commented 6 years ago

Has this issue ever been resolved? I'm trying to connect to MS AD and having the same issue.