The Bug Genie
The Bug Genie
star_faded.png
Please log in to subscribe to updates for this article
The Bug Genie:User Guide:Modules:LDAP:Technical Details
Last updated at Fri Aug 12 21:09, by lsproc

Technical details  ⇑ top

Unique users and groups  ⇑ top

The Bug Genie expects only one user to exist per username. If more than one is found, an error is shown stating that the password was rejected.

If you have a group restriction, if multiple groups exist per group name, that group name is ignored.

New sessions and session validation  ⇑ top

When logging in, the UID will be looked up using the control user. If the user is found, and a group restriction is set, we check to see if the user is allowed access, and if not, an error is shown. If the user is not found, an error is also shown.

If we are creating a new session, the user's password is checked by binding to the directory. If the bind is successful, we then either create a new user in TBG's user table, or update the existing one with the latest realname and email from the directory. Users are assigned a random password. If the user could not be found, an error occurs.

If we are validating an existing session, all of the above occurs but no bind is made. We instead move straight to the entry in the users table. If no entry exists, we return an error as the session is no longer valid, otherwise we update the entry as per before.

Logging in to an Active Directory server  ⇑ top

When logging in to a LDAP directory provided by Active Directory, no DOMAIN\ prefix is necessary, except on the control user. A 'password rejected' error may occur if the user is disabled, or if the user's password is set to expire on next login.

Protocol options  ⇑ top

We use protocol version 3.0. In addition, we turn off referals.


Article attachments

There are no file attached to this article

Article comments (1)