SID-00946: LdapUserMapping not working after upgrade to 5.0.0

Status:	Answered	TWiki version:	5.0.0	Perl version:	5.8.8
Category:	CategoryAuthentication	Server OS:	SLES 10SP2	Last update:	15 years ago

I recently upgraded our TWiki-4.2.1 to 5.0.0, and now loginnames are no longer resolved to WikiNames when logged in.

When parsing existing pages the cUID is correctly resolved to a WikiName (based on the mail attribute of the LDAP entry). After logging in, the username of the authenticated user is no longer resolved but all other usernames are still working, ie. the Windows usernames are resolved to WikiName for all but the authenticated user.

The previous TWiki-4.2.1 continues to work.

LdapNG-2.1 LdapContrib-2.99.7

$TWiki::cfg{UserMappingManager} = 'TWiki::Users::LdapUserMapping'; $TWiki::cfg{Register}{EnableNewUserRegistration} = 0; $TWiki::cfg{Register}{HidePasswd} = 1; $TWiki::cfg{PasswordManager} = 'TWiki::Users::LdapUser'; $TWiki::cfg{MinPasswordLength} = 1; $TWiki::cfg{Ldap}{LoginFilter} = 'objectClass=person'; $TWiki::cfg{Ldap}{LoginAttribute} = 'sAMAccountName'; $TWiki::cfg{Ldap}{WikiNameAttribute} = 'mail'; $TWiki::cfg{Ldap}{NormalizeWikiName} = 1; $TWiki::cfg{Ldap}{MapGroups} = 1; $TWiki::cfg{Ldap}{Version} = '3'; $TWiki::cfg{Ldap}{UseSASL} = 0; $TWiki::cfg{Ldap}{SASLMechanism} = 'PLAIN CRAM-MD5 EXTERNAL ANONYMOUS'; $TWiki::cfg{Ldap}{NormalizeLoginName} = 0; $TWiki::cfg{Ldap}{AllowChangePassword} = 0; $TWiki::cfg{Ldap}{GroupFilter} = 'objectClass=group'; $TWiki::cfg{Ldap}{GroupAttribute} = 'cn'; $TWiki::cfg{Ldap}{MemberAttribute} = 'member'; $TWiki::cfg{Ldap}{MemberIndirection} = 1; $TWiki::cfg{Ldap}{TWikiGroupsBackoff} = 1; $TWiki::cfg{Ldap}{NormalizeGroupName} = 1; $TWiki::cfg{Ldap}{MaxCacheAge} = 86400; $TWiki::cfg{Ldap}{PageSize} = 500; $TWiki::cfg{Ldap}{Exclude} = 'TWikiGuest, TWikiContributor, TWikiRegistrationAgent, TWikiAdminGroup, NobodyGroup';

-- ThomasBAndersen - 2010-08-12

Discussion and Answer

The problem appears to be _userReallyExists in TWikiUserMapping.pm. On line 252 the return value has been changed between 4.2.1 and 5.0.0 from 1 to 0. I changed the function to return 1 again, and things appear to be working.

<verbatim> } else { # passwd==none case generally assumes any login given exists... # (not positive if that makes sense for rego..) return 1; ######### ^ this was changed }

return 0; } </verbatim>

-- ThomasBAndersen - 2010-08-16

If you answer a question - or someone answered one of your questions - please remember to edit the page and set the status to answered. The status selector is below the edit box.