LDAP Auth + OTP (Yubi key) doesn't work: Password length?
#2,512 opened on Sep 1, 2022
Repository metrics
- Stars
- (7,799 stars)
- PR merge metrics
- (No merged PRs in 30d)
Description
Hello,
Describe the bug If we enable OTP for LDAP auth on our usermanagment (webadm), then login fails with LDAP OK, but OTP failed.
Set up
- Version: v0.4.0
- Puppet / Yaml config:
...
env:
...
- SPRING_LDAP_URLS=ldap://%{hiera('yubiauth_host')}:389
- SPRING_LDAP_USERFILTER_SEARCHBASE=ou=People,dc=example,dc=com
- SPRING_LDAP_USERFILTER_SEARCHFILTER=(&(uid={0})(objectClass=inetOrgPerson))
- SPRING_LDAP_ADMINUSER=cn=webadmin,ou=Accounts,dc=example,dc=com
- SPRING_LDAP_ADMINPASSWORD=%{hiera('global_ldap_webadmin')}
Enable OTP for Useraccount, on LDAP, so it looks like: userpasswordLooooooonnnnnnggggggYubiOTP string
So the string is based on the LDAP userpassword + OTP which is 45 chars long. The password can than be up to 80 chars long or longer. I can see on the LDAP logs, that the user is found, so admin password and search works. I will try later to disable OTP for my account to see, if it help, but it could be possible, that there is a char limit for the password field.
cu denny