Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent behaviour when LDAP user is not activated #4404

Open
2 of 7 tasks
leepfrog-ger opened this issue Jul 9, 2018 · 2 comments
Open
2 of 7 tasks

Inconsistent behaviour when LDAP user is not activated #4404

leepfrog-ger opened this issue Jul 9, 2018 · 2 comments
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented topic/authentication type/enhancement An improvement of existing functionality

Comments

@leepfrog-ger
Copy link

leepfrog-ger commented Jul 9, 2018
edited
Loading

  • Gitea version (or commit ref): 1.4.2
  • Git version: not relevant
  • Operating system: Windows
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant

Description

Consider the following scenario:

  • A user is authenticating via an LDAP authentication source
  • The authentication source has synchronization enabled and during one of those syncs it determines that all users need to be disabled (e.g. due to LDAP user synchronization timeout disables all users #4402)
  • Now affected accounts are disabled in the database even though the "live" check against LDAP will pass successful

Actual behaviour

The resulting behaviour is not consistent:

  • Users can login via web interface just fine (as this uses a live check against LDAP)
  • Users can Pull/Push through HTTPS just fine (as this uses a live check against LDAP)
  • Users cannot push/pull through SSH (tested with built-in SSH server; as this uses the "is_active" flag from the database)

Expected behaviour

The expectied behvaiour would be that either all of the three above work or all fail, but not a mix of both.

Personally I'd prefer if all would work (meaning that upon an SSH connection attempt a live check against LDAP would need to take place) but I'll leave that up for discussion.
@lafriks lafriks added the type/enhancement An improvement of existing functionality label Jul 10, 2018
@stale
Copy link

stale bot commented Jan 19, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added issue/stale and removed issue/stale labels Jan 19, 2019
@stale
Copy link

stale bot commented Mar 23, 2019

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale stale bot added the issue/stale label Mar 23, 2019
@lunny lunny added issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented and removed issue/stale labels Mar 24, 2019
@aravindhsampath aravindhsampath mentioned this issue Aug 23, 2019
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
issue/confirmed Issue has been reviewed and confirmed to be present or accepted to be implemented topic/authentication type/enhancement An improvement of existing functionality
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lunny @lafriks @leepfrog-ger @delvh