Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-28402

LDAP configuration values being stored in lower case, causing misconfiguration

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.3, 2.1.1, 2.2
    • Fix Version/s: 2.0.5, 2.1.2
    • Component/s: Authentication
    • Labels:
    • Environment:
      Windows Server 2003, Apache/2.2.17 (Win32), PHP/5.3.6
    • Database:
      MySQL
    • Testing Instructions:
      Hide
      • Configure the Active Directory domain security policy (Security Settings >> Account Policies >> Password Policiy >> Maximum password age), to expire passwords after a given time (e.g., 7 days). Make sure you use gpupdate to propage security policy changes to all domain controllers (including the local one).
      • Create or edit a user in Active Directory and set a new password for her, and make sure the password is configured to expire.
      • Configure Moodle to use that Active Directory as it's LDAP server (see instructions at http://docs.moodle.org/en/LDAP_authentication)
      • While configuring the LDAP server settings, make sure you enable password expiration (set it to 'LDAP') and set expiration warning to a sensible value (e.g., 5 days).
      • Log in with the Active Directory user created/modified above. Nothing should be notified to the user. Now log out.
      • Change the date in the Moodle Server to make the password be in the 'warning period' or simply wait enough time until we reach it
      • Log in again with the same user. A message should be printed telling the user the password is expiring in X days and offering her to change it (if possible from within moodle).
      Show
      Configure the Active Directory domain security policy (Security Settings >> Account Policies >> Password Policiy >> Maximum password age), to expire passwords after a given time (e.g., 7 days). Make sure you use gpupdate to propage security policy changes to all domain controllers (including the local one). Create or edit a user in Active Directory and set a new password for her, and make sure the password is configured to expire. Configure Moodle to use that Active Directory as it's LDAP server (see instructions at http://docs.moodle.org/en/LDAP_authentication ) While configuring the LDAP server settings, make sure you enable password expiration (set it to 'LDAP') and set expiration warning to a sensible value (e.g., 5 days). Log in with the Active Directory user created/modified above. Nothing should be notified to the user. Now log out. Change the date in the Moodle Server to make the password be in the 'warning period' or simply wait enough time until we reach it Log in again with the same user. A message should be printed telling the user the password is expiring in X days and offering her to change it (if possible from within moodle).
    • Affected Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE, MOODLE_22_STABLE
    • Fixed Branches:
      MOODLE_20_STABLE, MOODLE_21_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      wip_MDL-28402_HEAD_pwd_expiration_time_doesnt_work

      Description

      When configuring the LDAP authentication plugin (Plugins > Authentication > LDAP server) certain configuration fields such as "User attribute" and "Expiration attribute" are being converted to lower-case after clicking "save changes".

      I also did some digging around inside auth/ldap.auth.php and found that at around line 584 which is within the password_expire function, the default value of "$this->config->expireattr" is set to "pwdlastset" whilst in Moodle 1.9 this gives the correct value of "pwdLastSet". Since this shows that default values are being stored as lower-case also the problem may not sit with the edit form.

      I have tried setting these values manually within the database and can confirm that the table allows you to store the correct setting, although as soon as I go to LDAP Server settings and click "save changes" this reverts again.

      Please note that this is currently rendering expired password checking non-functional.

      NOTICED ON: Moodle 2.03 latest

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Votes:
                  0 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Fix Release Date:
                    10/Oct/11