GNOME Bugzilla – Bug 269611
LDAP Authentication Fails with username@DOMAIN
Last modified: 2005-01-25 10:44:11 UTC
Moved from Evolution 1.4 (where things worked fantastic) to Evolution 2.01 in SuSE 9.2. The Global Address List worked fine in 1.4 - but now the same settings in 2 do not work. Doing a E2K_DEBUG=4 on the connector I found: GC: Connecting to ldap://rdc02.company.org:3268/ ** (evolution-exchange-storage:12585): WARNING **: LDAP authentication failed (0x31) This seems to be from the fact that Evolution 2 uses username@DOMAIN instead of DOMAIN\username for it's username authentication string. This might cause problems for LDAP authentication since some Active Directory servers (especially those who have been converted from Exchange 5.5 to Global Directory Servers) still require DOMAIN\username. I attempted to use the patch provided as a result of bug 266926 and I noticed a similar one reported with the older 1.4 connector at bug 259395 . Neither seemed to work out. I'm wondering if allowing DOMAIN\username would fix the problem. E-mail, tasks and calendaring work fine. Steps to reproduce the problem: 1. Login using username@DOMAIN as the username 2. Try go look at the global address list Actual Results: Error returned stating there is an "incorrect URI, or the server is unreachable" Expected Results: Allow query of GAL. How often does this happen? All times.
Created attachment 44447 [details] [review] Fix LDAP authentication using user@domain
I ran into the same thing, and I fixed it in e2k_global_catalog.c I'm attaching my patch, which I will submit to the evolution-patches list tonight. I have tested it with NTLM compile, and it should work with non-NTLM, but I'm not 100% sure.
Ok, the patch seems to be assuming that the user enters his username as "user@domain" .. where as he is expected to enter only "user" as his username. This is a wrong assumption. Could you please let me know what you actually meant by "Login using username@DOMAIN as the username ". This should clarify things a bit for us.
Will compile the patch and test things out... To explain things for Sarfraaz Ahmed - when specifying an Active Directory login, the three components are domain, username and password. Sometimes a default domain will be specified (as in a single-domain directory), but if an organization has multiple domains you have to specify which one to authenticate with. With older releases you could do this by using DOMAIN_NAME\user_name as your username. You can't do this with newer releases - the \ character isn't parsed. you need to use the alternate format of DOMAIN_NAME@user_name.
Actually, the patch looks to see if "@" exists in the username before doing anything different. This should allow it to work at places where this is not required. I suppose an alternative would be to make domain\username work again. I'm a little unclear on why this stopped working.
Patch works - I can now query the Global Address List!
Reopening until this is commited.
This works for me after applying Sarfraaz' patch to #66926 for form-based authentication - however I had to delete my settings in .gconf, .gnome2 and .evolution for things to take effect.
This has been committed to 2.0.3 branch as well as to HEAD [ 2.1 ]