Closed (fixed)
Project:
LDAP integration
Version:
6.x-1.x-dev
Component:
Code
Priority:
Critical
Category:
Bug report
Assigned:
Reporter:
Created:
14 Jan 2008 at 22:56 UTC
Updated:
2 Jan 2014 at 23:45 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #1
rmunsch commentedConfirmed. This is still ocurring, and is really bad. I experiemented with using a couple bogus port numbers with Start-TLS checked: no connection is made, user is NOT logged in.
Setting back to 389 throws this:
and the user IS LOGGED IN successfully. AD info is read (First Name, Email, etc. fields are read and populated). But the login is done unencrypted, plus this great ugly red box o' warnings appears; module is unusable at this time by anyone who doesn't want to send login data in the clear.
EDIT: argh, didn't check report version. This is on 6.x-1.0-alpha2.
Comment #2
miglius commentedComment #3
miglius commentedCould you verify if attached patch solves this issue, i.e., drops the connection unless tls is working.
Comment #4
miglius commentedHaven't received any feedback, but committed the patch anyways.