[Users] Fwd: [Bug 80485] zimbraAuthFallbackToLocal should not be ignored for admin accounts
Barry de Graaff
info at barrydegraaff.tk
Tue Dec 5 20:23:27 CET 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello All,
I like to congratulate Malte Stretz for fixing bug 80485
`zimbraAuthFallbackToLocal should not be ignored for admin accounts`
Basically, without the patch:
Zimbra has a surprising feature: On a domain which is configured for LDAP authentication
and where zimbraAuthFallbackToLocal is false, a user who is either an admin or a
domain admin still login with the local password.
That's bad, thanks Malte, I hope your PR is merged soon!
Regards, Barry
| https://bugzilla.zimbra.com/show_bug.cgi?id=80485
- --- Comment #11 from Malte Stretz <stretz at silpion.de> ---
https://github.com/Zimbra/zm-mailbox/pull/448
Kind regards,
Barry de Graaff
Zeta Alliance
Co-founder & Developer
zetalliance.org | github.com/Zimbra-Community
+31 617 220 227 | skype: barrydegraaff.tk
Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
- ----- Forwarded Message -----
From: DONOTREPLY at zimbra.com
To: info at barrydegraaff.tk
Sent: Tuesday, December 5, 2017 2:45:56 PM
Subject: RE: [Bug 80485] zimbraAuthFallbackToLocal should not be ignored for admin accounts
| DO NOT REPLY TO THIS EMAIL
|
| https://bugzilla.zimbra.com/show_bug.cgi?id=80485
- --- Comment #10 from Malte Stretz <stretz at silpion.de> ---
I just happen to run into the code where this is coded. It is in
store/src/java/com/zimbra/cs/account/ldap/LdapProvisioning.java
private void verifyPasswordInternal(Account acct, String password,
AuthMechanism authMech, Map<String, Object> context)
throws ServiceException {
Domain domain = Provisioning.getInstance().getDomain(acct);
boolean allowFallback = true;
if (!authMech.isZimbraAuth()) {
allowFallback =
domain.getBooleanAttr(Provisioning.A_zimbraAuthFallbackToLocal,
false) ||
acct.getBooleanAttr(Provisioning.A_zimbraIsAdminAccount, false)
||
acct.getBooleanAttr(Provisioning.A_zimbraIsDomainAdminAccount,
false);
}
- --
You are receiving this mail because:
You are on the CC list for the bug.
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v2.5.12
Comment: https://openpgpjs.org
wkYEAREIABAFAlom8i4JEHJd3RVtNqLQAABpmgCeKwVrfQWXP/ZE7Dpp/ojH
o72MV4QAniKP8FwbqvSPetjH3lM7A6Qh7dpA
=vSwS
-----END PGP SIGNATURE-----
More information about the Users
mailing list