Project

General

Profile

Actions

Bug #8085

closed

web interface login: able to log in with valid ldap account but no matching rudder-users.xml entry

Added by Florian Heigl over 8 years ago. Updated over 8 years ago.

Status:
Released
Priority:
1 (highest)
Category:
Web - Maintenance
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

Hi,

as seen in topic:
A user that has no explicit entry in the users list in the xml file.

They'll be able to pass the web authentication and log in to a rudder session.

In 2.x you'd only see a link to the rudder docs and a "welcome" message
in 3.x+ you see the global compliance.

After discussion with Benoit this is actually to be considered a bug and not a feature.
You should not get in or at least get kicked out if you don't have actual permissions on the web interface.


Subtasks 1 (0 open1 closed)

Bug #8122: Merging #8085 from 2.11 broke branch 3.0ReleasedNicolas CHARLES2016-03-30Actions
Actions

Also available in: Atom PDF