|Anonymous | Login | Signup for a new account||2019-09-16 04:23 BST|
|Main | My View | View Issues | Change Log | Roadmap|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0001740||SiT!||LDAP||public||2011-12-01 09:09||2013-02-10 16:24|
|Product Version||3.65 LTS|
|Target Version||Fixed in Version|
|Summary||0001740: ldapSync action fails if a user on the LDAP server (treated as Customer contact) has no surname.|
|Description||ldapSync action fails if a user on the LDAP server (treated as Customer contact) has no surname. When you add a contact to the local database through the administrative interface the fields "Forename" and "Surname" are required, but if you create users in AD for example surname is optional. No warnings or error messages are shown to the user. You need to examine the error log and then classes.inc.php to find out that the problem is in the function check_valid and empty surname.|
|Tags||No tags attached.|
|As described this is not a 'block' bug, please see http://sitracker.org/wiki/Bugs#A_guide_to_bug_severity [^]|
Unfortunately we require a surname within SiT (as otherwise finding contacts would be very difficult).
It is correct that no errors are feedback to the user, I'm not 100% sure how to achieve this unless we display an error to every logged in admin user?
I agree though a clearer error should be made in the error log regarding this
In AD there are 4 fields that refer to the username:
'name' - full name
'givenName' - first name
'sn' - surname
You require fields 'givenName' and 'sn' to be completed, but in AD users can exist with these fields blank and only 'name' field completed. SiT doesn't recognize this field and thus it leads to additional requirements for AD administrators as they must check all user accounts in AD and fill in missing information.
If we need both first name and surname an AD administrator should know that all users must have these fields filled in. It should be mentioned somewhere in the documentation and maybe on the LDAP configuration page.
Or maybe SiT can handle the 'name' field in AD when importing users from LDAP?
this might be a small detail, but to prevent confusion;
it's dangerous to call the user's name for username, as the username is the part to identify yourself to the system.
the username uses "sAMAccountName" in Windows AD.
You are right, Tomse.
I should use "real name" instead of "username". I didn't mean the user login itself (sAMAccountName).
|2011-12-01 09:09||v0hkus||New Issue|
|2011-12-03 10:23||ivan||Note Added: 0004346|
|2011-12-03 10:23||ivan||Severity||block => major|
|2011-12-04 20:24||paulh||Note Added: 0004353|
|2011-12-04 20:24||paulh||Severity||major => minor|
|2011-12-04 20:24||paulh||Status||new => acknowledged|
|2011-12-05 13:13||v0hkus||Note Added: 0004355|
|2011-12-05 16:59||Tomse||Note Added: 0004356|
|2011-12-05 17:16||v0hkus||Note Added: 0004357|
|2013-02-10 16:24||paulh||Relationship added||related to 0001759|
|Copyright © 2000 - 2019 MantisBT Team|