lemonldap-ng issues
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues
2018-11-28T10:37:52Z
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1555
Do not remember choice in pdata when redirecting user for logout
2018-11-28T10:37:52Z
Clément OUDOT
Do not remember choice in pdata when redirecting user for logout
For example in CAS protocol, the user is redirected back to the CAS server when the logout has ended. When LL::NG is a CAS client configured with Choice, we get well redirected to CAS server, but the CAS authentication is remembered, so ...
For example in CAS protocol, the user is redirected back to the CAS server when the logout has ended. When LL::NG is a CAS client configured with Choice, we get well redirected to CAS server, but the CAS authentication is remembered, so when using the portal page, we are always redirected back to CAS server, we can not select another authentication Choice.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1554
Parameter portalRequireOldPassword is not restored after mail reset
2018-11-24T11:04:36Z
Clément OUDOT
Parameter portalRequireOldPassword is not restored after mail reset
In Mail Reset plugin, we modify portalRequireOldPassword so that the password change form do not require the old password, but we need to restore this parameter after.
In Mail Reset plugin, we modify portalRequireOldPassword so that the password change form do not require the old password, but we need to restore this parameter after.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1550
Error when enables "SSL, Custom " Auth modules with Choice
2018-11-29T20:19:44Z
Christophe Maudoux
chrmdx@gmail.com
Error when enables "SSL, Custom " Auth modules with Choice
### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefi...
### Concerned version
Version: 2.0
### Summary
Append SSL / LDAP / LDAP / / /
### Logs
[Wed Nov 21 20:37:46.066332 2018] [fcgid:warn] [pid 104980] [client 77.136.14.47:38540] mod_fcgid: stderr: Can't call method "conf" on an undefined value at /usr/share/perl5/Lemonldap/NG/Portal/Auth/SSL.pm line 66.
[Wed Nov 21 20:45:16.196593 2018] [fcgid:warn] [pid 105473] [client 77.136.14.47:38642] mod_fcgid: stderr: Can't use an undefined value as a subroutine reference at /usr/share/perl5/Lemonldap/NG/Portal/Lib/Choice.pm line 236.
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1547
Confirmation password not verified in menu password change form
2018-11-19T18:58:11Z
Clément OUDOT
Confirmation password not verified in menu password change form
When putting different passwords in new password/confirm password, the password is changed with the first value, the second value is not verified
When putting different passwords in new password/confirm password, the password is changed with the first value, the second value is not verified
2.0.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1542
Provide sessions attributes in template
2018-11-15T10:54:39Z
Clément OUDOT
Provide sessions attributes in template
For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can ca...
For customization, we need to be able to display some user informations in portal. So it would be great to load as template parameters all sessions attributes, with a prefix in key, for example : 'session_'
So to display 'cn', we can call this in template:
```html
<TMPL_VAR NAME="session_cn">
```
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1540
Wrong LDAP DN encoding when modifying password
2018-11-15T09:41:53Z
Clément OUDOT
Wrong LDAP DN encoding when modifying password
The LDAP DN is well stored in session after authentication:
```
$ cat e2e-tests/conf/sessions/805a2f0620a1839d5d4d18a2b67cc94f9af58708a17c88f42b9fba8f3f40c3b7 | json_pp
```
```js
{
"UA" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:6...
The LDAP DN is well stored in session after authentication:
```
$ cat e2e-tests/conf/sessions/805a2f0620a1839d5d4d18a2b67cc94f9af58708a17c88f42b9fba8f3f40c3b7 | json_pp
```
```js
{
"UA" : "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:61.0) Gecko/20100101 Firefox/61.0",
"_dn" : "cn=Clément OUDOT,ou=users,dc=example,dc=com",
"_session_kind" : "SSO",
"_loginHistory" : {
"successLogin" : [
{
"_utime" : 1542126092,
"ipAddr" : "127.0.0.1"
}
]
},
"ipAddr" : "127.0.0.1",
"_session_id" : "805a2f0620a1839d5d4d18a2b67cc94f9af58708a17c88f42b9fba8f3f40c3b7",
"_auth" : "LDAP",
"_lastAuthnUTime" : 1542126092,
"_utime" : 1542126092,
"authenticationLevel" : 1,
"_userDB" : "LDAP",
"uid" : "coudot2",
"_user" : "coudot2",
"_whatToTrace" : "coudot2",
"_startTime" : "20181113172132",
"mail" : "clement@oodo.net",
"cn" : "Clément OUDOT",
"_choice" : "2LDAP",
"_updateTime" : "20181113172132"
}
```
But we have an error when modifying password:
```
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=1 BIND anonymous mech=implicit ssf=0
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=1 BIND dn="cn=Clément OUDOT,ou=users,dc=example,dc=com" method=128
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=1 RESULT tag=97 err=49 text=
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 op=2 UNBIND
Nov 13 17:22:06 ader-worteks slapd[1205]: conn=1020 fd=16 closed
```
2.0.0
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1539
Option to enable / disable languages choice display
2018-11-08T21:58:18Z
Christophe Maudoux
chrmdx@gmail.com
Option to enable / disable languages choice display
Manager boolean
Manager boolean
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1536
Yubikey always valid if no internet connection
2018-11-06T21:07:22Z
Christophe Maudoux
chrmdx@gmail.com
Yubikey always valid if no internet connection
### Concerned version
Version: 2.0
### Summary
I register second factors (totp, yubikey…), then at the first user connexion, after the login / password prompt, a register prompt is asked (very good feature). Then after registering it...
### Concerned version
Version: 2.0
### Summary
I register second factors (totp, yubikey…), then at the first user connexion, after the login / password prompt, a register prompt is asked (very good feature). Then after registering it and going back to the login page, any second factor value is accepted as correct.
Portal is displayed but session not granted
Of course, I’ve restarted services, and check from others computers to avoid cache source issues.
### Possible fixes
Send error tpl
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1535
Append Portal parameter to modify Handler Internal Cache
2018-11-10T19:32:25Z
Christophe Maudoux
chrmdx@gmail.com
Append Portal parameter to modify Handler Internal Cache
### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests
### Summary
Be able to modify handler Internal Cache from ini file to customize unit tests
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1534
Provide ipAddr in $req->env for rules
2018-11-09T11:05:49Z
Clément OUDOT
Provide ipAddr in $req->env for rules
We had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.
We had in 1.9 the $ipAddr that could be used in rules, we need the same in 2.0.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1533
OIDC Consent always required
2018-10-30T22:26:54Z
Christophe Maudoux
chrmdx@gmail.com
OIDC Consent always required
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
OIDC Consent always required despite user already gave it
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
OIDC Consent always required despite user already gave it
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1532
The source list for CSP directive 'form-action' contains an invalid source
2018-11-03T22:31:21Z
Christophe Maudoux
chrmdx@gmail.com
The source list for CSP directive 'form-action' contains an invalid source
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
### Log
```
[debug] Display type logo...
### Concerned version
Version: 2.0
Platform: Apache2
### Summary
The source list for Content Security Policy directive 'form-action' contains an invalid source: '/?cancel=1'. It will be ignored.
### Log
```
[debug] Display type logo for module Twitter
[debug] Authentication choice Twitter will be displayed
[debug] Displaying authentication choice 5_Facebook
[debug] Use URL /?cancel=1
[debug] Display type logo for module Facebook
[debug] Authentication choice Facebook will be displayed
[debug] Displaying authentication choice 6_SAML
[debug] Use URL /?cancel=1
[debug] Display type logo for module SAML
[debug] Authentication choice SAML will be displayed
[debug] Displaying authentication choice 7_OpenID_Connect
[debug] Use URL /?cancel=1
[debug] Display type logo for module OpenIDConnect
[debug] Authentication choice OpenID Connect will be displayed
[debug] Displaying authentication choice 8_CAS
[debug] Use URL /?cancel=1
[debug] Display type logo for module CAS
[debug] Authentication choice CAS will be displayed
[debug] Skin returned: login
[debug] Calling sendHtml with template login
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/login.tpl
[debug] Set CSP form-action with request URL: /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1
[debug] Apply following CSP : default-src 'self';img-src 'self' data:;style-src 'self';font-src 'self';connect-src 'self';form-action 'self' * /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1 /?cancel=1;frame-ancestors 'none';
```
![Capture_d_écran_2018-10-29_21-40-00](/uploads/7f3416d84b44f2e753ebc2649bf9f911/Capture_d_écran_2018-10-29_21-40-00.png)
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1531
LDAP parameters are dropped if authentication backend is AD
2018-10-29T16:04:52Z
Clément OUDOT
LDAP parameters are dropped if authentication backend is AD
If we choose AD as authentication backend, all LDAP parameters are dropped.
If we choose AD as authentication backend, all LDAP parameters are dropped.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1530
AD Password module is missing
2018-10-29T17:35:44Z
Clément OUDOT
AD Password module is missing
The Portal/Password/AD.pm module is missing
The Portal/Password/AD.pm module is missing
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1529
Custom modules are erased by package updates
2018-11-15T09:32:44Z
Clément OUDOT
Custom modules are erased by package updates
We have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" i...
We have the possibility to have Custom modules in 2.0, but as they are part of the distribution, if we modify them, they are erased by packages update.
We should not ship these modules inside LL::NG code, or call them "Custom.example" instead of "Custom.pm", or ship them in doc/, not in modules.
What do you think?
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1528
Issuer CAS redirect on bad service URL
2018-11-15T09:38:22Z
Clément OUDOT
Issuer CAS redirect on bad service URL
When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).
When service is http://cas.example.com/test/, we are redirected to http://cas.example.com/ (test/ is removed).
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1524
The choice is not saved in $req-data
2018-10-16T15:26:00Z
Clément OUDOT
The choice is not saved in $req-data
We have some code to read $req->data->{_authChoice} but this data is never set.
We have some code to read $req->data->{_authChoice} but this data is never set.
2.0.0
Clément OUDOT
Clément OUDOT
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1522
Notifications with checkbox does not work
2018-10-16T20:09:22Z
Christophe Maudoux
chrmdx@gmail.com
Notifications with checkbox does not work
### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button ...
### Concerned version
Version: 2.0
Platform: Apache
### Summary
If I submit the form twice without ticking the checbox, session is always granted.
Notification is not deleted
### Backends used
Demo
TODO : Add a goToPortal button & Modify unit tests to replay issue
2.0.0
Christophe Maudoux
chrmdx@gmail.com
Christophe Maudoux
chrmdx@gmail.com
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1518
Possibility to override portal messages
2018-10-17T09:44:45Z
Clément OUDOT
Possibility to override portal messages
In 1.9 we had the possibility to override portal messages, see https://lemonldap-ng.org/documentation/1.9/portalcustom#messages
This does not seem possible in 2.0 anymore, as translations are provided trough a JSON file.
How could we r...
In 1.9 we had the possibility to override portal messages, see https://lemonldap-ng.org/documentation/1.9/portalcustom#messages
This does not seem possible in 2.0 anymore, as translations are provided trough a JSON file.
How could we restore this feature?
2.0.0
Yadd
Yadd
https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/1517
Password backend not called with Choice
2018-11-19T17:40:07Z
Clément OUDOT
Password backend not called with Choice
I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemo...
I have a Choice configuration with LDAP/LDAP/LDAP configuration, but when trying to modify password, the LDAP directory is not called at all.
Here are the logs:
```
==> /var/log/apache2/error.log <==
[debug] Check configuration for Lemonldap::NG::Handler::PSGI::Main
[debug] Get configuration from cache without verification.
[debug] Lemonldap::NG::Handler::PSGI::Main: configuration is up to date
[debug] Get session 0e7d87c9809be37657096372bd2af908
[debug] removing cookie
[debug] User coudot was granted to access to /
[debug] Start routing default route
[debug] Processing importHandlerData
[debug] Processing restoreArgs
[debug] Processing controlUrl
[debug] Processing checkLogout
[debug] Processing code ref
[debug] Launching ::Auth::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::UserDB::Choice::_forAuthUser
[debug] Processing code ref
[debug] Launching ::Password::Choice::_modifyPassword
[debug] Choice 2LDAP selected
[debug] Choice 2LDAP selected from pdata
[debug] Bad old password
[debug] Unbind and disconnect from ldap://localhost
[debug] Returned error: 39
[debug] Skin returned: error
[debug] Calling sendHtml with template error
[debug] Starting HTML generation using /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Skin bootstrap selected from GET/POST parameter
[debug] Sending /usr/share/lemonldap-ng/portal/templates/bootstrap/error.tpl
[debug] Apply following CSP : form-action 'self';frame-ancestors 'none';
2.0.0
Yadd
Yadd