Opened 9 years ago
Closed 8 years ago
#607 closed new feature (wontfix)
Stop anyone from logging in when using External Authentication
| Reported by: | jkenyon | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | Core | Version: | 7.3 |
| Keywords: | Cc: |
Description
Not sure which version this stopped working in... but we have had LogicalDOC configured to use External Authentication with Active Directory, with the "Group identifier attr" set to "(&(objectCategory=person)(objectClass=user)(memberOf=CN=LogicalDOC Users,OU=Security Groups,OU=Enterprise Groups,DC=example,DC=com))"
This allowed only users of the "LogicalDOC Users" security group to login. However we have noticed in 7.2.1 and 7.3 that any Active Directory account can login.
Change History (4)
comment:1 Changed 9 years ago by car031
- Resolution set to invalid
- Status changed from new to closed
comment:2 Changed 9 years ago by jkenyon
- Resolution invalid deleted
- Status changed from closed to reopened
- Summary changed from Anyone can login when using External Authentication to Stop anyone from logging in when using External Authentication
- Type changed from Bug to New Feature
Can we please request to get this feature added? Otherwise anyone that can authenticate against active directory will have a user profile created.
comment:3 Changed 8 years ago by car031
The actual AD integration is normally accepted and works well, we do not have other requests like this, we will will frop this ticket in the next future.
comment:4 Changed 8 years ago by car031
- Resolution set to wontfix
- Status changed from reopened to closed
Hi, when you connect LogicalDOC to AD you specify a set of nodes in which to lookup for users. LogicalDOC will authenticate the users in those nodes and it doesn't perform any check on the group they belongs to. The setting of the group nodes is only used to import groups from your AD.