View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002162 | SOGo | Web General | public | 2013-01-08 00:00 | 2013-01-11 17:14 |
Reporter | jobisoft | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | won't fix | ||
Product Version | 2.0.3a | ||||
Target Version | 2.0.4 | ||||
Summary | 0002162: Login behaviour in MultiDomain Mode seems to be weird/broken (find user by password match) - alternative suggestion + platch | ||||
Description | Consider the following setup:
The user is not forced to enter a domain suffix at the login. If user info@acme wants to login, he can just use "info" and his password. Same is valid for info@coyote. The correct account is found by matching the password. This is not good. The provided patch enables the following behaviour by pre-processing the uid input field: if SOGoEnableDomainBasedUID YES && SOGoLoginDomains set: if SOGoEnableDomainBasedUID YES && SOGoLoginDomains unset: if SOGoEnableDomainBasedUID NO | ||||
Tags | No tags attached. | ||||
2013-01-08 00:00
|
|
The problem seems to be more global and needs discussion. The CardDAV authentication (with Thunderbird Sogo Connector 10.0.4) also uses the password match method. Instead of fixing every login/authentication change the general "uid" handling in multidomain mode? I am somewhat lost, I did not yet find the zentral method/file, where I could start working... Edit: It is a different issue, I will look into it and file a new bugreport for that |
|
The current design respects what we want to do - chain authentication and first-match in sources. If you don't want that, use email-based logins. |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2013-01-08 00:00 | jobisoft | New Issue | |
2013-01-08 00:00 | jobisoft | File Added: patch_2.0.3a_alternative_login_behaviour | |
2013-01-08 13:46 | francis | Target Version | => 2.0.4 |
2013-01-10 15:11 | jobisoft | Note Added: 0005124 | |
2013-01-10 21:50 | jobisoft | Note Edited: 0005124 | |
2013-01-11 17:14 | ludovic | Note Added: 0005140 | |
2013-01-11 17:14 | ludovic | Status | new => closed |
2013-01-11 17:14 | ludovic | Resolution | open => won't fix |