You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@manifoldcf.apache.org by "Karl Wright (JIRA)" <ji...@apache.org> on 2011/05/02 23:49:04 UTC
[jira] [Created] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Active directory authority doesn't handle unknown user case properly
--------------------------------------------------------------------
Key: CONNECTORS-195
URL: https://issues.apache.org/jira/browse/CONNECTORS-195
Project: ManifoldCF
Issue Type: Bug
Components: Active Directory authority
Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
Reporter: Karl Wright
The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028610#comment-13028610 ]
Karl Wright commented on CONNECTORS-195:
----------------------------------------
I should also note that the original attached patch is INCORRECT, and should not be used.
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Assignee: Karl Wright
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028090#comment-13028090 ]
Karl Wright commented on CONNECTORS-195:
----------------------------------------
The patch requires the name of an attribute that all users have. "uid" is what it uses now. Online references are not clear on whether or not this will always work with Active Directory. It especially does not seem to exist for Windows 2000. Another suggestion is "sAMAccountName", which exists for all versions of Windows. Replacing "uid" in the patch with "sAMAccountName" may therefore make it work better.
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028091#comment-13028091 ]
Karl Wright commented on CONNECTORS-195:
----------------------------------------
The following reference is very helpful.
http://msdn.microsoft.com/en-us/library/ms679635%28v=VS.85%29.aspx
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13028606#comment-13028606 ]
Karl Wright commented on CONNECTORS-195:
----------------------------------------
Every user in AD must have a SID, according to Microsoft documents for AD. If we find any user without a SID, the user does not exist. I checked in changes to that effect: r1099322.
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Assigned] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Wright reassigned CONNECTORS-195:
--------------------------------------
Assignee: Karl Wright
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Assignee: Karl Wright
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Wright updated CONNECTORS-195:
-----------------------------------
Attachment: CONNECTORS-195.patch
Patch which may work to resolve the issue
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CONNECTORS-195) Active directory authority
doesn't handle unknown user case properly
Posted by "Karl Wright (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CONNECTORS-195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Karl Wright resolved CONNECTORS-195.
------------------------------------
Resolution: Fixed
Fix Version/s: ManifoldCF next
Verified that the committed fix does the expected thing on a certain user's setup. Awaiting final verification that it does not break a user with a correct setup, although this would be extremely unlikely.
> Active directory authority doesn't handle unknown user case properly
> --------------------------------------------------------------------
>
> Key: CONNECTORS-195
> URL: https://issues.apache.org/jira/browse/CONNECTORS-195
> Project: ManifoldCF
> Issue Type: Bug
> Components: Active Directory authority
> Affects Versions: ManifoldCF 0.1, ManifoldCF 0.2, ManifoldCF next
> Reporter: Karl Wright
> Assignee: Karl Wright
> Fix For: ManifoldCF next
>
> Attachments: CONNECTORS-195.patch
>
>
> The active directory authority does not properly detect an non-existing user in Active Directory. Instead it returns S-1-1-0, which permits the unknown user to see all public documents.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira