[Koha] LDAP - shows wrong patron account.
Barry Cannon
barry at oslo.ie
Tue May 8 23:30:01 NZST 2012
Hello,
We have a site currently running Koha 3.6.0 against an LDAP (AD)
server for authentication. On more than one occasion a borrower (different
each time) has reported logging into their account with their login details
but being presented with somebody else's account details. As you can imagine
the site are very concerned about the security implications of this problem.
I checked the session table (in case CGI::Session had generated 2 identical
session id's, which should be impossible anyway) and cleared it down but it
didn't take long for another user to report the problem.
I will enable some more verbose logging on the LDAP connection but I am
wondering if anyone else has ever experienced such a problem?
Thanks
Barry at oslo.ie
http://www.oslo.ie
More information about the Koha
mailing list