0002162: Login behaviour in MultiDomain Mode seems to be weird/broken (find user by password match) - alternative suggestion + platch - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0002162	SOGo	Web General	public	2013-01-08 00:00	2013-01-11 17:14

Reporter	jobisoft	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	won't fix
Product Version	2.0.3a
Target Version	2.0.4

Summary	0002162: Login behaviour in MultiDomain Mode seems to be weird/broken (find user by password match) - alternative suggestion + platch
Description	Consider the following setup: multiDomain (acme and coyote) SOGoEnableDomainBasedUID YES SOGoLoginDomains unset user info@acme and user info@coyote defined with different passwords The user is not forced to enter a domain suffix at the login. If user info@acme wants to login, he can just use "info" and his password. Same is valid for info@coyote. The correct account is found by matching the password. This is not good. The provided patch enables the following behaviour by pre-processing the uid input field: if SOGoEnableDomainBasedUID YES && SOGoLoginDomains set: user may login by just typing "info" or "info@selected-domain" if SOGoEnableDomainBasedUID YES && SOGoLoginDomains unset: user MUST add a domain suffix, which is mathed against all mailDomains to find correct domainId if SOGoEnableDomainBasedUID NO no change of behaviour
Tags	No tags attached.

2013-01-08 00:00	patch_2.0.3a_alternative_login_behaviour (2,832 bytes)

jobisoft 2013-01-10 15:11 reporter ~0005124 Last edited: 2013-01-10 21:50	The problem seems to be more global and needs discussion. The CardDAV authentication (with Thunderbird Sogo Connector 10.0.4) also uses the password match method. Instead of fixing every login/authentication change the general "uid" handling in multidomain mode? I am somewhat lost, I did not yet find the zentral method/file, where I could start working... Edit: It is a different issue, I will look into it and file a new bugreport for that

ludovic 2013-01-11 17:14 administrator ~0005140	The current design respects what we want to do - chain authentication and first-match in sources. If you don't want that, use email-based logins.

Date Modified	Username	Field	Change
2013-01-08 00:00	jobisoft	New Issue
2013-01-08 00:00	jobisoft	File Added: patch_2.0.3a_alternative_login_behaviour
2013-01-08 13:46	francis	Target Version	=> 2.0.4
2013-01-10 15:11	jobisoft	Note Added: 0005124
2013-01-10 21:50	jobisoft	Note Edited: 0005124
2013-01-11 17:14	ludovic	Note Added: 0005140
2013-01-11 17:14	ludovic	Status	new => closed
2013-01-11 17:14	ludovic	Resolution	open => won't fix