piotras
commented
12 years ago The original idea is to allow one person to have different accounts. But all this is done on application level.
Closed feri closed 12 years ago
piotras
commented
12 years ago The original idea is to allow one person to have different accounts. But all this is done on application level.
feri
commented
12 years ago The problem is that the LDAP dir does not always have proper name fields for the users. If they are left "blank", then the auth code will return the 1st person object who has that "blank" 1stname and lastname. See the code: https://github.com/midgardproject/midgardmvc_core/blob/master/services/authentication/ldap.php#L87
piotras
commented
12 years ago @feri you should set person after user is created. set_person performs update() on user's object. http://www.midgard-project.org/api-docs/midgard/core/ratatoskr/midgard-2.0-midgard-user.html#midgard-user-set-person
feri
commented
12 years ago @piotras: Yes, I understand that. However the LDAP auth code is not good in our case, since the person lookup based on LDAP firstname and lastname will not return proper results. We need to have some other checks as well. I am writing a wrapper now, will see how it will work.
feri
commented
12 years ago I have created a new auth service (ie. a twisted LDAP auth) and deployed to the server. Seems to do the job well, so closing this issue.
20 of our current users are mapped to the same midgard_person. This SQL query reveals the problematic midgard_user objects:
mysql> select * from midgard_user where id not in (select id from midgard_user where id>0 group by person_guid order by id asc);
=== Proposed fix === We need to iterate through these users and create new person object for each of them. The new person object must be unique.
But more importantly the LDAP authentication method should be patched. Each user should have a different person attached to it, even though that's against the original design idea of Midgard.