Patching the EC11.1 LDAP user creation bug

ec11.1-ldap-bug.txt

EC 11.1.x has a bug [OC-11384] when an LDAP user attempts to create a new account 
that has never existed in the Enterprise Chef database before, rather than linking 
with an existing internal user. 

Please apply the attached patch to your EC 11.1.x release:

  $ cd /opt/opscode/embedded/service/gem/ruby/1.9.1/bundler/gems/mixlib-authorization-c03f584a371b
  $ patch -p1 < /tmp/cache/ec11.1-ldap500error.patch 
  patching file lib/opscode/models/user.rb
  $ private-chef-ctl restart opscode-account
  ok: run: opscode-account: (pid 16585) 0s

ec11.1-ldap500error.patch

From 516722b48c700e9a7c201e587268b953ad73811c Mon Sep 17 00:00:00 2001
From: sdelano <[email protected]>
Date: Thu, 6 Mar 2014 08:58:50 -0800
Subject: [PATCH] [OC-11384] LDAP User Create - don't set :hash_type to :bcrypt

When creating new users that are externally authenticated (currently
only LDAP users) don't set the :hash_type of the user object to
:bcrypt (the default). Setting the :hash_type to :bcrypt enforces a
PostgreSQL schema constraint that the :hashed_password field must
also be set. Since the user password information is stored
externally, we're not going to be storing any password information
here. Setting the :hash_type to nil will not enforce any schema
constraints.
---
 lib/opscode/models/user.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/opscode/models/user.rb b/lib/opscode/models/user.rb
index c5916a1..479223b 100644
--- a/lib/opscode/models/user.rb
+++ b/lib/opscode/models/user.rb
@@ -155,7 +155,8 @@ def authz_model_class
 
       def initialize(*args)
         # Default set to bcrypt. Mapper will override this to whatever is persisted
-        @hash_type = HASH_TYPE_BCRYPT
+        @hash_type = external_authentication_enabled? ? nil : HASH_TYPE_BCRYPT
+
         super(*args)
       end
 
-- 
1.8.5.5