Summary | Groups and attrisdn in non-flat LDAP directory do not work |
Queue | Horde Framework Packages |
Queue Version | Git master |
Type | Bug |
State | Resolved |
Priority | 2. Medium |
Owners | jan (at) horde (dot) org |
Requester | Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de |
Created | 02/02/2010 (5633 days ago) |
Due | |
Updated | 07/13/2011 (5107 days ago) |
Assigned | 07/01/2011 (5119 days ago) |
Resolved | 07/13/2011 (5107 days ago) |
Github Issue Link | |
Github Pull Request | |
Milestone | |
Patch | No |
Milestone ⇒
Taken from Ben Klang
State ⇒ Feedback
http://git.horde.org/horde-git/-/commit/053896a29a21e3ce9d63e198f25521b24fd9367a
New Attachment: Ldap.php.diff
There is one caveat with this patch, as findUserDN runs in the group
context it uses the search base for groups. If this is different for
groups and users it will not find the dn.
So maybe there should be the DN stored in the cookie?
There is one caveat with this patch, as findUserDN runs in the group
context it uses the search base for groups. If this is different for
groups and users it will not find the dn.
So maybe there should be the DN stored in the cookie?
Assigned to Jan Schneider
Taken from ben
Summary ⇒ Groups and attrisdn in non-flat LDAP directory do not work
Milestone ⇒ 4.1
ticket #9762.don't use it, as i manage them from Novell Imanager). I opened ticket
8851 regarding this.
I hope it can be added to next horde release.
I only notice this:
groups over LDAP can work with separate backend.
These parameter:
$conf['auth']['params']['uid']
$conf['auth']['params']['basedn']
could be undefined.
I manually added them to conf.php, but it's better adding them to
group backend, like:
$conf['group']['params']['uid]
A minor issue: if I login as adminitrator, I can only manage groups
defined into basedn, I can't see groups in subtree. But all groups
work as expected, regardless of subtree where they stay.
Priority ⇒ 2. Medium
State ⇒ Assigned
Summary ⇒ groups and attrisdn in non Flat LDAP Directory do not work
Assigned to ben
New Attachment: userdn.patch
adopted from passwd/config/hooks.php.dist.
But the code opens up a new can of worms. It works, but with a large
user base (we have over 3000 users) for example the startup of the
permission widget for kronolith calenders takes a long time, as the
userdn is retrieved for every known user.
Priority ⇒ 3. High
State ⇒ Unconfirmed
Patch ⇒ No
Milestone ⇒
Summary ⇒ groupS and attrisdn in non Flat LDAP Directory do not work
Type ⇒ Bug
Queue ⇒ Horde Framework Packages
group member entries (like Novell Edirectory) getGroupMemberShip will
not work.
The culprit is the following code:
if ($GLOBALS['conf']['group']['params']['attrisdn']) {
$filter .= $GLOBALS['conf']['auth']['params']['uid'] . '=';
}
$filter .= $user;
if ($GLOBALS['conf']['group']['params']['attrisdn']) {
$filter .= ',' . $GLOBALS['conf']['auth']['params']['basedn'];
}
The code assumes that a user DN is always flat under the basedn. In a
hierarchical directory structure with sub OU's this not the case, so
the real user DN must be used here!