[ZendTo] Re: Antwort: Re: Antwort: Re: LDAPAuthorization for zendto

Jules Jules at Zend.To
Tue Dec 14 15:26:27 GMT 2010


Yes, I agree that's not perfect. But I can't find a decent way within 
the existing data structures of implementing this without a nasty hack :-(

There are other reasons the authentication might fail, even when they 
have put in the right username and password, such as too many failed 
login attempts causing them to be locked out. But that's all implemented 
in a different place, which doesn't have access to the LDAP code at all.

The return code is just a true/false value, and I really don't want to 
change that if I can avoid it. Using a non-zero value to represent 
failure is *really bad* in my book, as in the current code a result of 0 
is failure and 1 is success. I really don't want to represent "failure 
but for a different reason" as 2.

I admit you get the "username or password incorrect" error message as 
well, when ideally you shouldn't, but at least the first error message 
it gives is the correct one.

Any better ideas of how I can implement it neatly and logically?

Jules.

On 14/12/2010 15:09, patrick.gaikowski at kaufland.com wrote:
>
> Hello Jules,
>
> yes this was the missing point.
>
> An optimization would be to have only the error message "Authorisation 
> failed" when the Authentication was successful. In this context the 
> Input credentials seems to be wrong but the aren't. As you can see on 
> the screenshot the user seems to be logged in but isn't logged in 
> because auf missing rights.
>
>
>
>
>
>
>
>
> Greetings
>
> Patrick
>
>
>
> http://www.kaufland.de
>
> Kaufland Informationssysteme GmbH & Co. KG
> Postfach 12 53 - 74149 Neckarsulm
> Kommanditgesellschaft
> Sitz: Neckarsulm
> Registergericht: Amtsgericht Stuttgart HRA 104163
>
> Diese Nachricht enthält vertrauliche Informationen und ist 
> ausschließlich für
> den Adressaten bestimmt. Jeder Gebrauch durch Dritte ist verboten. 
> Falls Sie
> die Daten irrtümlich erhalten haben, nehmen Sie bitte Kontakt mit dem
> Absender auf und löschen Sie die Daten auf jedem Computer und Datenträger.
> This message contains confidential information and is intended solely 
> for the
> use by the addressee. Any use of this message by a third party is 
> prohibited.
> If you receive this message in error, please contact the sender and 
> delete the
> data from any computer and data carrier.
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CITP CEng
www.Zend.To

Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/3ffbb2ee/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 5220 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/3ffbb2ee/attachment-0002.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1477 bytes
Desc: not available
Url : http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20101214/3ffbb2ee/attachment-0003.gif 


More information about the ZendTo mailing list