Anope Bug Tracker - Anope Development (1.9.x series)
View Issue Details
0001461Anope Development (1.9.x series)Nickservpublic2012-11-11 22:382012-11-30 10:55
ObiWan 
Adam 
normalminoralways
resolvedfixed 
 
 
0001461: ldap_authentication: More than one password possible
I've just noticed that when using the ldap authentication module it is possible to use the "old" password from the nickserv database and to use the "new" password from the ldap directory as you wish.

I think when enabling ldap authentication all tasks such as password change, registration, authentication etc. should just stick to the ldap module.
1. Have a database with existing users such as "tester" and a password "Start123".
2. Have a ldap directory with the user "tester" and the password "test123".
3. Both passwords would work on /msg nickserv identify...
No tags attached.
Issue History
2012-11-11 22:38ObiWanNew Issue
2012-11-11 22:52AdamNote Added: 0006302
2012-11-11 23:01ObiWanNote Added: 0006303
2012-11-30 10:55AdamNote Added: 0006304
2012-11-30 10:55AdamStatusnew => resolved
2012-11-30 10:55AdamResolutionopen => fixed
2012-11-30 10:55AdamAssigned To => Adam

Notes
(0006304)
Adam   
2012-11-30 10:55   
thanks, fixed in a4468dd56e96ea915d40627f3cb067084238e34a
(0006303)
ObiWan   
2012-11-11 23:01   
Ah ok. I understand. Well actually it sounds sensible. Would be some kind of a fallback password if the ldap server is offline.
(0006302)
Adam   
2012-11-11 22:52   
This was intentional. Instead, I need to make it so if you don't want the "old" nickserv password to work you should unload the encryption modules.