E-mail Password Recovery Broken After Enabling LDAP Auth to AD

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
1/21/2011 6:03:16 AM
Tim Webster
Gravatar
Total Posts 8
View Posts

E-mail Password Recovery Broken After Enabling LDAP Auth to AD

Hello,

I have been playing around with the ldap authentication feature since the latest changes that allowed us to continue using the local authentication as well as falling back to ldap.  This feature is working for me but the problem I'm having is with the password recovery e-mail for local accounts.  When I try to recover a password I have to type the userID instead of an e-mail even though it says please enter your e-mail address.  It will actually say when I enter the e-mail address that the User Name not found.  When it asks me the password question and I enter answer it returns a response "You did not enter the correct answer".  At this point I'm dead in the water and will not be able to use LDAP because I also have local users that need password recovery.

 

I assume password recovery does not work for LDAP users but those users will only be employees so it's easier to train them to user our school's central password recovery application.

 

I currently have these two keys added to my  user.config and additionally I have port 636 defined on the ldap config page.

 <add key="UseSSLForLDAP" value="true" />
 <add key="UseLDAPFallbackAuthentication" value="true" />

 

Thanks for any help that can be provided.

 

Tim

1/21/2011 7:08:38 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

If using LDAP and db users you should not have it configured for "Use Email for Login" in Site Settings, the db users must also use usernames to login. Do you have it configured that way or not?

Hope it helps,

Joe

1/21/2011 11:18:16 AM
Tim Webster
Gravatar
Total Posts 8
View Posts

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

Hi Joe,

Thanks so much for getting back to me quickly. I checked the system settings security tab and "Use Email for Sign In?" is not checked. It won't even allow me to check it which I assume is by design. However, before I enabled LDAP it was checked and users were logging in with their e-mail address.  As a test I unchecked the enable LDAP check box and then found that the "Use Email for Sign In?" was checked again.  I unchecked it and then saved the settings and then went back and re-enabled LDAP.  Not the e-mail password recovery sends an e-mail as it should but unfortunately the password that it e-mails does not allow the user to log in.  I have tried the several times and the only way I can get the user to log back in is by changing the password in the manage user area.  I am using the hashed in db password format.

Tim

1/21/2011 12:14:03 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

Hi Tim,

For the next release I've added a check to make sure Use Email For Login will always be false if LDAP is enabled.

Password recovery should work, but with hashed it is really password reset since we have no way to decrypt the hash, so a new random password is generated and sent.

Hope it helps,

Joe

1/21/2011 1:26:46 PM
Tim Webster
Gravatar
Total Posts 8
View Posts

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

Hi Joe,

The problem is I have tried two different accounts, one created today, and in both cases the auto-generated password that gets e-mailed does not work.  The error when trying to log in says "Login failed!".

Tim

1/21/2011 1:33:39 PM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

I've asked Jamie, the developer who implemented the fallback to LDAP to look into this and see if he can reproduce the problem. Getting very close to a new release so if we can replicate it we can fix it, and I'd like to get it into the coming release, but I'm not setup here to test with ldap myself at the moment. 

Will follow up when we know more.

Best,

Joe

1/24/2011 10:34:09 AM
Jamie E
Gravatar
Total Posts 1203
View Posts
Proud member of the mojoPortal team

Help support mojoPortal!
Add-on modules

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

Hi Tim, I just found the problem in the login authentication code and forwarded a code patch to Joe. Thanks very much for the bug report!

Jamie

1/24/2011 11:09:16 AM
Joe Audette
Gravatar
Total Posts 18439
View Posts

Re: E-mail Password Recovery Broken After Enabling LDAP Auth to AD

Thanks Jamie!

I've committed this fix to the repository.

Best,

Joe

You must sign in to post in the forums. This thread is closed to new posts.