search

centreon / .github

Apache License 2.0
0 stars 3 forks source link

Invalid credential error at LDAP authentication cause of case sensitive comparison of database contact_ldap_dn and LDAP contact info #18

Closed quiiinty closed 1 year ago

quiiinty commented 1 year ago

Module version

centreon.noarch 19.04.20-4.el7.centos (after checking the concerned file it doesn't seem fix on the last version neither)

Operating System

CentOS 7

Browser used

Version: 111.0.5563.148

Additional environment details (AWS, VirtualBox, physical, etc.): Virtual machine

Description

At LDAP authentication users may have "invalid credentials" error when the case of the contact_ldap_dn from LDAP is different from the Centreon database one. On LDAP side this information is case insensitive so it can change at a LDAP configuration, migration or other maintenance step and it is causing authentication problem even if the user is the correct one.

Steps to Reproduce

To reproduce the issue : --Log out from Centreon --Change the user DN case on Centreon database table "contact", field "contact_ldap_dn" Ex: Change CN=TEST,OU=FR,OU=TEST,o=test,C=FR to CN=TEST,OU=FR,OU=TEST,O=TEST,C=FR --Try to login again > you should got "invalid credential" error

Describe the received result

"invalid credential" error

Describe the expected result

Be able to login

Logs

PHP error logs

"[17-Apr-2023 17:03:14 Europe/Paris] PHP Notice: Undefined index: ldap_auto_sync in /usr/share/centreon/www/class/centreonLDAP.class.php on line 962"



### Additional relevant information (e.g. frequency, ...)

This bug can be fix by adding function strtolower to make the comparison case insensitive on the /www/class/centreonAuth.LDAP.class.php 
--line 117 for 19.04 version:
$this->ldap->findUserDn($this->contactInfos['contact_alias']) !== $this->contactInfos['contact_ldap_dn'] replaced by strtolower($this->ldap->findUserDn($this->contactInfos['contact_alias'])) !== strtolower($this->contactInfos['contact_ldap_dn'])
--line 116 On the master branch:
$userDn !== $this->contactInfos['contact_ldap_dn'] replaced by strtolower($userDn) !== strtolower($this->contactInfos['contact_ldap_dn'])
quiiinty commented 1 year ago

Issue opened on the wrong repository. Closing it