View Issue Details

Jump to NotesJump to History
This bug affects 1 person(s).
 4
IDProjectCategoryView StatusDate SubmittedLast Update
14181Bug reportsAuthenticationpublic2018-10-24 21:342019-01-10 17:16
Reporterjpgaudreau Assigned ToLouisGac 
PrioritynoneSeverityminor 
Status closedResolutionnot fixable 
Product Version3.13.x 
Summary14181: Untranslated LDAP error message is shown to the user when authentifcation fail because of a wrong password
Description

When LDAP authentication is used, an only english error message from LDAP is shown to the user when the authentifcation fail because of a wrong password.

I think this message should be translated and more user friendly than just outputing the error message from the ldap server (see attachment print screen).

Code is in the following page, at line 544: application/core/plugins/AuthLDAP/AuthLDAP.php
$this->setAuthFailure(100, ldap_error($ldapconn));

Maybe output the message from self::ERROR_USERNAME_INVALID like we see elsewhere in the code?

Thank you in advance for checking this issue!

Steps To Reproduce
  • Configure ldap authentication
  • Set default system language to something other than english
  • Try to login with an existing username but with a wrong password
TagsNo tags attached.
Attached Files
ldap_wrong_password_error.png (27,810 bytes)   
ldap_wrong_password_error.png (27,810 bytes)   
Bug heat4
Complete LimeSurvey version number (& build)3.14.10
I will donate to the project if issue is resolvedNo
Browserchrome
Database type & versionmysql 5.6
Server OS (if known)Redhat 7
Webserver software & version (if known)apache
PHP Version7.2

Users monitoring this issue

There are no users monitoring this issue.

Activities

DenisChenu

DenisChenu

2018-10-25 00:15

developer   ~49434

It's the error from ldap, can be anything , bad password or something other …
jpgaudreau

jpgaudreau

2018-10-25 11:32

reporter   ~49436

Hi Denis,

yes you are right about that. Still, I think these error messages should be translated, or at least the very common one like "wrong password", since it is displayed to the end user.

It would be quite possible to get the ldap error code with function "ldap_errno" and display an error message accordingly. (list of codes here https://www-01.ibm.com/support/docview.wss?uid=swg21214189)

Regards
DenisChenu

DenisChenu

2018-10-25 15:12

developer   ~49440

Maybe only for some LDAP error ? Or somthing like this :
«LDAP server return this error : %s, error code %s»
jpgaudreau

jpgaudreau

2018-10-25 16:02

reporter   ~49442

I think this could be a possibility, If the "LDAP server return this error :" is translated. I found a similar behavior in the GitLab application (see attachment)

But i've also checked in other application like Moodle and Jenkins (attachment) and it seems that there is always one generic "Invalid user or password" for the end user when ldap_bind fails and the ldap error details is put in a debug info (error log).

Personnally, I like the second one best but the first one would be acceptable.

Thanks for your feedback

Sign_in_·_GitLab_-_2018-10-25_09.50.59.png (25,375 bytes)   
Sign_in_·_GitLab_-_2018-10-25_09.50.59.png (25,375 bytes)   
Sign_in_[Jenkins]_-_2018-10-25_09.49.23.png (20,971 bytes)   
Sign_in_[Jenkins]_-_2018-10-25_09.49.23.png (20,971 bytes)   

Issue History

Date Modified Username Field Change
2018-10-24 21:34 jpgaudreau New Issue
2018-10-24 21:34 jpgaudreau File Added: ldap_wrong_password_error.png
2018-10-25 00:15 DenisChenu Note Added: 49434
2018-10-25 11:32 jpgaudreau Note Added: 49436
2018-10-25 15:12 DenisChenu Note Added: 49440
2018-10-25 16:02 jpgaudreau File Added: Sign_in_·_GitLab_-_2018-10-25_09.50.59.png
2018-10-25 16:02 jpgaudreau File Added: Sign_in_[Jenkins]_-_2018-10-25_09.49.23.png
2018-10-25 16:02 jpgaudreau Note Added: 49442
2019-01-10 17:16 LouisGac Assigned To => LouisGac
2019-01-10 17:16 LouisGac Status new => closed
2019-01-10 17:16 LouisGac Resolution open => not fixable