You need to be logged in to post messages
We are using LDAP Authetication against a Windows 2003 Active Directory. Authetication agaist LDAP works so if I use my Windows domain username and password I successfully gain access. But if I use a correct username and leave the password blank I also gain access.
I see this was an issue in v4.1 and it was supposed to have been patched.
http://www.concursive.com/ProjectManagementIssues.do?command=Details&pid=109&iid=3002&resetList=true
We are running 5.05 Enterprise.
By Claudia Wade
Hello Chris,
Once your LDAP session is established and you login to ConcourseSuite, the session is established via Tomcat and remains. If you return as the same user on the same machine the behavior you describe is accurate--you will not be required to enter a password. If you enter another user name you will need to enter the appropriate password. You can adjust the timeout settings on your LDAP server, but our current code does not address this issue.
Regards,
Claudia
Concursive Support
Hi Claudia,
I am not experiencing what you described. If I do a fresh boot of my computer then open a browser and connect to our Concourse instance, I can just enter my username and gain access to the app. No password entered. I even tested this from my home pc which had never connected to the suite I could access without a password.
In fact, I can login with my account using no password, log out and with out closing my browser login as another user without a password also.
regards
Chris
;)
;)
;)
