View Issue Details

IDProjectCategoryView StatusLast Update
14181Bug reports[All Projects] Authenticationpublic2019-01-10 17:16
ReporterjpgaudreauAssigned ToLouisGac 
PrioritynoneSeverityminor 
Status closedResolutionnot fixable 
Product Version3.13.x 
Target VersionFixed in Version 
Summary14181: Untranslated LDAP error message is shown to the user when authentifcation fail because of a wrong password
Description

When LDAP authentication is used, an only english error message from LDAP is shown to the user when the authentifcation fail because of a wrong password.

I think this message should be translated and more user friendly than just outputing the error message from the ldap server (see attachment print screen).

Code is in the following page, at line 544: application/core/plugins/AuthLDAP/AuthLDAP.php
$this->setAuthFailure(100, ldap_error($ldapconn));

Maybe output the message from self::ERROR_USERNAME_INVALID like we see elsewhere in the code?

Thank you in advance for checking this issue!

Steps To Reproduce
  • Configure ldap authentication
  • Set default system language to something other than english
  • Try to login with an existing username but with a wrong password
TagsNo tags attached.
Complete LimeSurvey version number (& build)3.14.10
I will donate to the project if issue is resolvedNo
Browserchrome
Database & DB-Versionmysql 5.6
Server OS (if known)Redhat 7
Webserver software & version (if known)apache
PHP Version7.2

Activities

jpgaudreau

jpgaudreau

2018-10-24 21:34

reporter  

DenisChenu

DenisChenu

2018-10-25 00:15

developer   ~49434

It's the error from ldap, can be anything , bad password or something other …

jpgaudreau

jpgaudreau

2018-10-25 11:32

reporter   ~49436

Hi Denis,

yes you are right about that. Still, I think these error messages should be translated, or at least the very common one like "wrong password", since it is displayed to the end user.

It would be quite possible to get the ldap error code with function "ldap_errno" and display an error message accordingly. (list of codes here https://www-01.ibm.com/support/docview.wss?uid=swg21214189)

Regards

DenisChenu

DenisChenu

2018-10-25 15:12

developer   ~49440

Maybe only for some LDAP error ? Or somthing like this :
«LDAP server return this error : %s, error code %s»

jpgaudreau

jpgaudreau

2018-10-25 16:02

reporter   ~49442

I think this could be a possibility, If the "LDAP server return this error :" is translated. I found a similar behavior in the GitLab application (see attachment)

But i've also checked in other application like Moodle and Jenkins (attachment) and it seems that there is always one generic "Invalid user or password" for the end user when ldap_bind fails and the ldap error details is put in a debug info (error log).

Personnally, I like the second one best but the first one would be acceptable.

Thanks for your feedback



Issue History

Date Modified Username Field Change
2018-10-24 21:34 jpgaudreau New Issue
2018-10-24 21:34 jpgaudreau File Added: ldap_wrong_password_error.png
2018-10-25 00:15 DenisChenu Note Added: 49434
2018-10-25 11:32 jpgaudreau Note Added: 49436
2018-10-25 15:12 DenisChenu Note Added: 49440
2018-10-25 16:02 jpgaudreau File Added: Sign_in_·_GitLab_-_2018-10-25_09.50.59.png
2018-10-25 16:02 jpgaudreau File Added: Sign_in_[Jenkins]_-_2018-10-25_09.49.23.png
2018-10-25 16:02 jpgaudreau Note Added: 49442
2019-01-10 17:16 LouisGac Assigned To => LouisGac
2019-01-10 17:16 LouisGac Status new => closed
2019-01-10 17:16 LouisGac Resolution open => not fixable