Opened 10 years ago
Closed 10 years ago
#607 closed new feature (wontfix)
Stop anyone from logging in when using External Authentication
| Reported by: | jkenyon | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Core | Version: | 7.3 |
| Keywords: | Cc: |
Description
Not sure which version this stopped working in... but we have had LogicalDOC configured to use External Authentication with Active Directory, with the "Group identifier attr" set to "(&(objectCategory=person)(objectClass=user)(memberOf=CN=LogicalDOC Users,OU=Security Groups,OU=Enterprise Groups,DC=example,DC=com))"
This allowed only users of the "LogicalDOC Users" security group to login. However we have noticed in 7.2.1 and 7.3 that any Active Directory account can login.
Change History (4)
comment:1 by , 10 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:2 by , 10 years ago
| Resolution: | invalid |
|---|---|
| Status: | closed → reopened |
| Summary: | Anyone can login when using External Authentication → Stop anyone from logging in when using External Authentication |
| Type: | Bug → New Feature |
Can we please request to get this feature added? Otherwise anyone that can authenticate against active directory will have a user profile created.
comment:3 by , 10 years ago
The actual AD integration is normally accepted and works well, we do not have other requests like this, we will will frop this ticket in the next future.
comment:4 by , 10 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | reopened → closed |
Hi, when you connect LogicalDOC to AD you specify a set of nodes in which to lookup for users. LogicalDOC will authenticate the users in those nodes and it doesn't perform any check on the group they belongs to. The setting of the group nodes is only used to import groups from your AD.