© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
demo site
(Get the code!)
John, thank you for providing the requested details. I will make every effort to push on this and see what I can make of it.
"I think the result of the original code is that the system may try all authenticators if there is not an $args->{'org'} regardless of if there is an $authenticator-
I fully grant that being the author of this code does not guarantee I still understand it :) That said, this behavior is intentional. The system is designed to be inclusive by default, running every authenticator in the absence of more selective parameters (either 'org' or 'type'). In other words, passing in 'org' is a way to *skip* (filter) some authenticators, not to include certain ones. We could invert the logic, but it was written in this direction for ease of use and compatibility reasons.
Making the LDAP authenticator fail gracefully is worth doing in any case, and with fewer consequences to our current functional promises.