Forum LAMS for Tech-Heads - General Forum: Bug: Incorrect auth. method set when manually creating user

By: Ernie Ghiglione

[ Reply | Forward ]

Hi Jon,

LAMS supports -by default, three different ways of authentication users:

LAMS Database: these are users that were created in LAMS directly (no external user database involved)

Web-Auth: an external system that was a predecessor of OpenID and I'm doubt that anyone use these days -but it's there

LDAP: as you guys do, using an external LDAP server for authentication.

(Note that we also support OpenID and SAML2 using other LAMS modules).

What these means is that if the user was created via LDAP, then the authentication module will be LDAP. So when the user comes to the login page and attempts a login, LAMS will send the details to the LDAP server to validate them.

If the user is a local user (LAMS Database), LAMS will check with its own user records to validate the user.

Now if I understand you correctly, you are saying that a user that you created manually in LAMS (which should default to LAMS Database authentication) it shows -when you edit his/her details as LDAP Authentication. Is this correct?

If so, it could be that the user login that you use to create it with in LAMS was the exact same as the one it has in LDAP. So when a sysadmin does a LDAP synchronization, then the Authentication method for this user would be overwrite and set to LDAP authentication instead.

Is this the case?

If not, let me know because this can potentially be a bug.

Thanks,

Ernie

Posted by Ernie Ghiglione

By: Jonathan Maybaum

[ Reply | Forward ]

Hi Ernie,
No, what you said is not what happens....

I create a user manually and specify LDAP authentication, but that choice is apparently ignored, and the user is given LAMS Database authentication instead.

My recollection is that it worked properly when I imported users from a file.

--JM

Posted by Jonathan Maybaum

By: Ernie Ghiglione

[ Reply | Forward ]

Hi Jon,

Thanks for the clarification.

Let me check how this works again and get back to you shortly.

Today, while I was replying earlier, I did a test where I changed an existing LAMS database user to LDAP and had no problem doing so.

Have you tried to edit the user and change it to LDAP authentication? That seems to work for me.

Cheers,

Ernie

Posted by Ernie Ghiglione

By: Jonathan Maybaum

[ Reply | Forward ]

Ernie,
Yes, I can change the user to LDAP after it has been created...the problem is the initial creation with the wrong auth type.

--JM

Posted by Jonathan Maybaum

By: Ernie Ghiglione

[ Reply | Forward ]

I create a user manually and specify LDAP authentication, but that choice is apparently ignored, and the user is given LAMS Database authentication instead.

Ok.

I don't thing this is actually a bad thing though as you are creating locally in LAMS.

If LAMS is configured to use LDAP authentication by default, then you don't even need to create the user at all.

The user will attempt to login for the first time in LAMS and if the user is valid, LAMS will query LDAP to get all the necessary details and generate the user on the fly (with LDAP as his/her authentication method).

Does this make sense?

Thanks,

Ernie

Posted by Ernie Ghiglione

By: Jonathan Maybaum

[ Reply | Forward ]

I understand what you are saying, but I want to have the new user assigned to a group before they log in for the first time...I don't see how that can happen if their account doesn't exist before they try to log in for the first time.

Maybe this problem would be solved if we set LDAP as the default auth method, but I don't see where to do that....

--JM

Posted by Jonathan Maybaum