Instead of fetchDN, authentication now uses hasUser to check if the user
exists before querying the password, to prevent the exception from messing
up the whole authentication process
It's not safe to rely on PHP_AUTH_USER and PHP_AUTH_TYPE because
PHP cgi handlers (fgcid for example) only set the REMOTE_USER environment variable
and the authentication type for negogiation methods (Kerberos for example) is neither
Basic nor Digest.
We may have to add REDIRECT_REMOTE_USER for authentication for proxy setups.
Check if authentication is possible during authentication, to generate more
useful error and log messages, in case the backend configuration is wrong
ref #6457
Class names in namespaces should not be chosen as once we didn't have
such. The fact that we already did "use Db\Connection as DbConnection"
is the best hint that naming was wrong.
So this patch renames Db\Connection to Db\DbConnection and does the
same with DbQuery. DbQuery has been adjusted to fit our new SimpleQuery
and to handle the new Filter implementation.
Drop external auth configuration from config.ini and move
implementation into a single backend provider named
'autologin'. This provider can strip realm names from
username with a custom regexp.
fixes#6081
Add authentication backend type msldap with default values for user_class
and user_name_attribute. Backend type ldap now logs an error when user_class
and user_name_attribute ist not configured. Rename membership.ini to
memberships.ini since all our INI configuration files are in the plurar
where it makes sense. The AuthenticationController now handles
authentication
refs #5685
refs #5638fixes#5218
Provide a new settings authenticationMode and delegate the
authentication handling to the webserver when the external authentication mode
is set. Add a new view 'logout' that will be shown after logout from external
authentication as the regular redirect to login is not possible.
refs #5405
This reverts commit 226eb4eded6aa098ad268edc8fba5ddec09b423b.
Conflicts:
library/Icinga/Authentication/Manager.php
This fix is not appropriate
refs #5506
The authentication manager should only try to set up all backends when
necessary. Remove the backend setup from the constructor and call it only when it is actually needed.
fixes#5506
Store messages in the current user session to be able to fetch messages from
other controllers, so that the use can be redirected back to the index, instead
of staying in the original action
refs #5100
Authentication/Session.php and its Subclasses do not have a open/closed -state
anymore. Read will refresh the session, write will always write the changes,
and opening/closing will be handled internally.
refs #5101
Remove the old calls to DbAdapterFactory and use ResourceFactory instead. Remove
the DbAdapterFactory and fix all unit tests that have been broken due to the changes.
Change the functionality of the ResourceFactory to also handle LdapConnections
resolves#4587
