Mingle LDAP Bug

Follow

Comments

4 comments

  • Avatar
    Suzie Prince

    Hey Adam


    I have tried to reproduce this locally and have been unable to do so. Could it be that whatever is accessing the Mingle API is using a cached password?


    Thanks


    - Suzie

  • Avatar
    Adam Elsworth

    Hi Suzie,


    We are using a command-line tool to access to the mingle API, which requires the user to input their password each time the tool is run, so there's no chance that passwords are being cached by our command-line tool.


    We are running mingle on windows, using postgesql and have configured LDAP using active directory. Is it possible that the apache install that mingle uses is caching the password? Is there a command that can be run on mingle or the apache instance to force either to remove any cached LDAP values?


    Thanks,


    Adam.

  • Avatar
    Suzie Prince

    Hey Adam


    I think I might know what the issue is. I think that perhaps you have the web app set-up to use LDAP for security but for the API the setting is for basic authentication using Mingle's security.


    You can confirm if this is the case by taking a look at auth_config.xml. If the file shows the following then this is likely the issue. 


    basic_authentication_enabled: true
    basic_authentication:
    authentication: ldap


    To use LDAP to authenticate via the API change the settings to the following:


    basic_authentication_enabled: true
    basic_authentication: ldap
    authentication: ldap


    I hope this helps. Suzie.

  • Avatar
    Adam Elsworth

    Hello Suzie,


    That has fixed the problem. Thank you SO much for your help.


    Thanks,


    Adam.

Please sign in to leave a comment.