Opened 8 years ago

Closed 7 years ago

#1757 closed task (fixed)

Log LDAP edits performed via Drupal website, or remove the functionality

Reported by: strk Owned by: webcom@…
Priority: normal Milestone:
Component: WebSite Keywords: ldap, userid
Cc: webcom@…

Description

I found out LDAP database can be also edited via Drupal, from URLs like: https://www.osgeo.org/user/409/edit/ldap_user_data (where 409 correspond to my own username).

For simplicity we might want to disable that form and have users sent to the LDAP editing form: https://www.osgeo.org/cgi-bin/auth/ldap_edit_user.py

Or, at least, we should have the Drupal mediated editing form also log edits, like the ldap-specific form linked above does since a few weeks.

For additional info: I noticed the Drupal form allows setting a "First Name" (givenName in LDAP database) whereas the ldap_edit_user.py script does not allow that (in case we want to add that).

Change History (4)

comment:1 by rduivenvoorde, 8 years ago

Yep, not working... If I go to

https://www.osgeo.org/user/91/edit

to (I thought being able to change my password after a password reset), you cannot even reset it there, as you get this image: https://duif.net/osgeo.png

Then trying to to click in the red-warning-bar link 'Have you forgotten your password' sents you to

https://www.osgeo.org/user/password

which shows 'Access Denied'

This link should either be:

https://www.osgeo.org/cgi-bin/auth/ldap_edit_user.py

where I CAN succesfully change my password, OR this fields there should just be hidden/replace by the ldap_edit_user.py link...

comment:2 by strk, 7 years ago

Component: Systems AdminWebSite
Owner: changed from sac@… to webcom@…

comment:3 by strk, 7 years ago

Richard can you try again now ? I tried and I was able to change the password (only the change is not logged).

Also now I've tweaked the text you get when requesting a new password (new account). From "Disabled by administrators" to "Go to <link> to register new account"

comment:4 by robe, 7 years ago

Resolution: fixed
Status: newclosed

I'm closing these since all these have been redirected to id.osgeo.org which I think is logged.

Note: See TracTickets for help on using tickets.