Technical details  

Unique users and groups  

The Bug Genie expects only one user to exist per username. If more than one is found, an error is shown stating that the password was rejected.

If you have a group restriction, if multiple groups exist per group name, that group name is ignored.

New sessions and session validation  

When logging in, the UID will be looked up using the control user. If the user is found, and a group restriction is set, we check to see if the user is allowed access, and if not, an error is shown. If the user is not found, an error is also shown.

If we are creating a new session, the user's password is checked by binding to the directory. If the bind is successful, we then either create a new user in TBG's user table, or update the existing one with the latest realname and email from the directory. Users are assigned a random password. If the user could not be found, an error occurs.

If we are validating an existing session, all of the above occurs but no bind is made. We instead move straight to the entry in the users table. If no entry exists, we return an error as the session is no longer valid, otherwise we update the entry as per before.

Logging in to an Active Directory server  

When logging in to a LDAP directory provided by Active Directory, no DOMAIN\ prefix is necessary, except on the control user. A 'password rejected' error may occur if the user is disabled, or if the user's password is set to expire on next login.

Protocol options  

We use protocol version 3.0. In addition, we turn off referals.