| ../irclogs/#mantishelp.2010-01-11.log | ||
| --- scribe started --- | 00:00 | |
| CIA-22 | Mantisbt: s.mazeland * ra44eadaedcbf /lang/ (strings_portuguese_brazil.txt strings_ukrainian.txt): Localisation updates from http://translatewiki.net (2010-01-10) | 00:17 |
|---|---|---|
| dhx_m | back | 00:45 |
| CIA-22 | Mantisbt: Paul master-1.2.x * rf765794d0223 / (core.php core/compress_api.php): IIS: If we are using zlib.output_compression, we should still call ob_start() -> such that error handler can send a full patch | 00:52 |
| CIA-22 | Mantisbt: paul master-1.2.x * r984905606208 /file_download.php: 0011153: Truncated download | 00:53 |
| CIA-22 | Mantisbt: hickseydr * r9a1eb4932f43 /core/compress_api.php: Compress API now depends upon Utility API | 02:02 |
| CIA-22 | Mantisbt: hickseydr * r2c0c60fa8f4f /core/print_api.php: Fix #11373: Page links have incorrect spacing (first, prev, 1, 2...) | 02:03 |
| CIA-22 | Mantisbt: hickseydr master-1.2.x * r5e2d92c9f712 /core/print_api.php: Fix #11373: Page links have incorrect spacing (first, prev, 1, 2...) | 02:03 |
| CIA-22 | Mantisbt: hickseydr master-1.2.x * r7ea8aa4406a7 /core/ (file_api.php print_api.php): Fix #11352: Use icon_path configuration option to find filetype icons | 02:40 |
| CIA-22 | Mantisbt: hickseydr * rff696f35fe88 /core/ (file_api.php print_api.php): Fix #11352: Use icon_path configuration option to find filetype icons | 02:40 |
| g0rd0n | <paul_____> current trunk code automatically moves realname, automatically stores email and automitically creates accounts <- personally, i like this behavior. i even hacked the code so that i map the ldap groups to the right permissions in mantis on login | 10:38 |
| paul_____ | g0rd0n: it's more a case of it needs to be more flexible | 11:12 |
| paul_____ | for example, I use mantis in a school | 11:12 |
| paul_____ | we automatically create accounts for staff | 11:13 |
| paul_____ | but students dont have access | 11:13 |
| g0rd0n | paul_____: yes, i agree... i also had to hack the ldap email field, which is 'email' in my case, but is hard coded as 'mail' | 11:13 |
| paul_____ | i've fixed that locally | 11:13 |
| paul_____ | you see, my version | 11:14 |
| paul_____ | supports multiple servers | 11:14 |
| paul_____ | i.e. for (server1 to server10) { ldap_connect; ldap_bind } | 11:14 |
| g0rd0n | oh dear :) | 11:14 |
| paul_____ | well, that deals with a server being offline/unavailable temporarily | 11:14 |
| paul_____ | so for the most part | 11:15 |
| paul_____ | it's single lookups | 11:15 |
| paul_____ | where i'm coming from is | 11:15 |
| paul_____ | I dont like the idea of storing md5(hash) in db | 11:15 |
| paul_____ | think plugins a minute | 11:16 |
| paul_____ | we've got a rough plan for adding plugin support | 11:16 |
| paul_____ | potentially then, you might want to allow ldap login, or fall back to sha1() | 11:16 |
| paul_____ | (or even allow ldap login, but require a sha1() from the db for admin rights | 11:17 |
| paul_____ | what i'd then anticipate doing is storing a mantis_external_auth_details_table | 11:19 |
| paul_____ | to contain info pulled from other sources, that you could easily build/force a resync of | 11:19 |
| g0rd0n | hmm | 11:21 |
| paul_____ | if you dont have show_realnames on to show realnames not usernames, the previous ldap stuff is/was fine | 11:22 |
| paul_____ | things like creating users or not are a flaw | 11:22 |
| paul_____ | but I consider never create user to always create user to be equally broken | 11:22 |
| g0rd0n | my understanding is that if ldap fails, mantis will fall back to its db, in which case having the password synced with ldap is good since the user does not have to change it in two places | 11:22 |
| paul_____ | no | 11:23 |
| paul_____ | if ( !$t_br ) { 85 log_event( LOG_LDAP, "bind to ldap server failed - authentication error?" ); 86 trigger_error( ERROR_LDAP_AUTH_FAILED, ERROR ); | 11:23 |
| paul_____ | we trigger an authentication error atm is the ldap_bind fails | 11:24 |
| g0rd0n | yeah i guess the only solution is to somehow map ldap groups to mantis permissions, one of which being not to create a user at all | 11:24 |
| g0rd0n | oh i se | 11:24 |
| paul_____ | so whilst we store password in db for 'fallback' | 11:24 |
| paul_____ | if ldap server isn't available we error | 11:24 |
| paul_____ | :) | 11:24 |
| g0rd0n | so it's useless :P | 11:24 |
| paul_____ | tbh, I think that if someone is running LDAP | 11:26 |
| paul_____ | it's likely to be Active Directory (aka windows) | 11:26 |
| g0rd0n | not in my case :$ | 11:26 |
| paul_____ | what I was gonna go on to say | 11:26 |
| paul_____ | is given that: | 11:26 |
| paul_____ | a) often ldap auth is used for logon to pc | 11:26 |
| paul_____ | b) there's a chance webserver will be using some form of integrated/ldap authentication | 11:27 |
| paul_____ | or firewall | 11:27 |
| dhx_m | boo | 11:28 |
| g0rd0n | lol | 11:28 |
| paul_____ | I think it's a reasonable assumption to assume that if LDAP servers are all down | 11:28 |
| paul_____ | whether you can log into mantis probably isn't an issue :P | 11:29 |
| g0rd0n | yeh | 11:30 |
| g0rd0n | we use ldap for mantis / mediawiki / forum and other web stuff | 11:31 |
| g0rd0n | i must admit i have no idea about ldap, it's an accomplishment for me having the code changed so that it works for us :) | 11:32 |
| paul_____ | nuclear_eclipse: there? | 22:26 |
Generated by irclog2html.py