[Users] Fwd: [Bug 80485] zimbraAuthFallbackToLocal should not be ignored for admin accounts
Malte S. Stretz
mss at msquadrat.de
Wed Dec 6 11:02:28 CET 2017
Hi Barry,
thanks for the congratulations, the change wasn't merged yet though. I'm
positive that it will be soonish.
I must say that working on the Zimbra core codebase got a lot better
since it moved to GitHub. And Synacor does indeed merge external
changes, though slowly.
Cheers,
Malte
On 05.12.2017 20:23, Barry de Graaff wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Hello All,
>
> I like to congratulate Malte Stretz for fixing bug 80485
>
> `zimbraAuthFallbackToLocal should not be ignored for admin accounts`
>
> Basically, without the patch:
> Zimbra has a surprising feature: On a domain which is configured for LDAP authentication
> and where zimbraAuthFallbackToLocal is false, a user who is either an admin or a
> domain admin still login with the local password.
>
> That's bad, thanks Malte, I hope your PR is merged soon!
>
> Regards, Barry
>
>
>
> | https://bugzilla.zimbra.com/show_bug.cgi?id=80485
>
> - --- Comment #11 from Malte Stretz <stretz at silpion.de> ---
> https://github.com/Zimbra/zm-mailbox/pull/448
>
>
> Kind regards,
>
> Barry de Graaff
> Zeta Alliance
> Co-founder & Developer
> zetalliance.org | github.com/Zimbra-Community
>
> +31 617 220 227 | skype: barrydegraaff.tk
> Fingerprint: 97f4694a1d9aedad012533db725ddd156d36a2d0
>
> - ----- Forwarded Message -----
> From: DONOTREPLY at zimbra.com
> To: info at barrydegraaff.tk
> Sent: Tuesday, December 5, 2017 2:45:56 PM
> Subject: RE: [Bug 80485] zimbraAuthFallbackToLocal should not be ignored for admin accounts
>
> | DO NOT REPLY TO THIS EMAIL
> |
> | https://bugzilla.zimbra.com/show_bug.cgi?id=80485
>
> - --- Comment #10 from Malte Stretz <stretz at silpion.de> ---
> I just happen to run into the code where this is coded. It is in
> store/src/java/com/zimbra/cs/account/ldap/LdapProvisioning.java
>
>
> private void verifyPasswordInternal(Account acct, String password,
> AuthMechanism authMech, Map<String, Object> context)
> throws ServiceException {
>
> Domain domain = Provisioning.getInstance().getDomain(acct);
>
> boolean allowFallback = true;
> if (!authMech.isZimbraAuth()) {
> allowFallback =
> domain.getBooleanAttr(Provisioning.A_zimbraAuthFallbackToLocal,
> false) ||
> acct.getBooleanAttr(Provisioning.A_zimbraIsAdminAccount, false)
> ||
> acct.getBooleanAttr(Provisioning.A_zimbraIsDomainAdminAccount,
> false);
> }
>
> - --
> You are receiving this mail because:
> You are on the CC list for the bug.
> -----BEGIN PGP SIGNATURE-----
> Version: OpenPGP.js v2.5.12
> Comment: https://openpgpjs.org
>
> wkYEAREIABAFAlom8i4JEHJd3RVtNqLQAABpmgCeKwVrfQWXP/ZE7Dpp/ojH
> o72MV4QAniKP8FwbqvSPetjH3lM7A6Qh7dpA
> =vSwS
> -----END PGP SIGNATURE-----
>
More information about the Users
mailing list