Tickets :: [#9762] attrisdn in the Groups LDAP Setup does not work?

6.0.0-beta1

8/29/25

Summary	attrisdn in the Groups LDAP Setup does not work?
Queue	Horde Base
Queue Version	Git master
Type	Bug
State	Duplicate
Priority	2. Medium
Owners
Requester	Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de
Created	03/31/2011 (5265 days ago)
Due
Updated	07/01/2011 (5173 days ago)
Assigned	06/30/2011 (5174 days ago)
Resolved	07/01/2011 (5173 days ago)
Github Issue Link
Github Pull Request
Milestone	4.1
Patch	No

07/01/2011 10:09:29 AM	Jan Schneider	Comment #11 Taken from Jan Schneider State ⇒ Duplicate	Reply to this comment
Let's use a single ticket to track this.

06/30/2011 01:18:16 PM	Jan Schneider	Comment #10 State ⇒ Feedback Version ⇒ Git master	Reply to this comment
Try this. I simplified your patch and added support for other methods than listGroups(). I cannot test locally though at the moment.

06/30/2011 01:17:02 PM	Git Commit	Comment #9	Reply to this comment
Changes have been made in Git for this ticket: [jan] Add support for the attrisdn configuration setting (~~Bug #9762~~). 2 files changed, 35 insertions(+), 7 deletions(-) http://git.horde.org/horde-git/-/commit/053896a29a21e3ce9d63e198f25521b24fd9367a

05/19/2011 07:18:03 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #8 New Attachment: Ldap.php.diff	Reply to this comment
Hi, I have a patch for this problem, it seems to work very well. Apply the appended diff file to /usr/share/pear/Horde/Group/Ldap.php Sincerly, Klaus

05/19/2011 06:29:00 AM	christoph (dot) ohliger (at) fh-rosenheim (dot) de	Comment #7	Reply to this comment
[Show Quoted Text - 49 lines][Hide Quoted Text] Hi, it looks like the "attrisdn" parameter in the Groups LDAP driver does not work as expected. I do have a Novell edirectory and have set $conf[group][params][attrisdn] but got the following error messages: Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Indeed a search over /var/www/html/horde and /usr/share/pear only finds references to attrisdn here: [root@dmz-sv-webmail pear]# grep -Ri attrisdn /var/www/html/horde /usr/share/pear/ /var/www/html/horde/config/conf.xml: <configboolean name="attrisdn" required="false" /var/www/html/horde/config/conf.bak.php:$conf['group']['params']['attrisdn'] = true; /var/www/html/horde/config/conf.php:$conf['group']['params']['attrisdn'] = true; /usr/share/pear/Horde/Group/Kolab.php: 'attrisdn' => true, [root@dmz-sv-webmail pear]# So this looks like its not referenced in the code? Hi, it seems that I am also stopping at the same point when evaluating the new horde. I also expanded the code wihtin 3 to support LDAP group membership in Kronolith module and also have a "non flat" directory. Any news on this issue ?

04/01/2011 09:53:13 AM	Jan Schneider	Comment #6 State ⇒ Duplicate	Reply to this comment
I would have been helpful if you mentioned this. See ~~ticket #8847~~.

04/01/2011 09:24:52 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #5	Reply to this comment
Such a setup didn't work with Horde 3 either, unless I'm missing something. As far as I can see, Horde 3 only supported a single, fixed parent DN for expanding simple user names to full DNs in the LDAP group driver. Yes, but I wrote a patch for this and and a bug report against horde 3, but it is was probably not accepted. To support your setup, we need to do another DN lookup to find the user's DN. Alternatively, you could of course full DNs as user names in Horde. Hmm, but this would have consequences, at least some complicated scripting to convert our existing production database.

04/01/2011 09:15:01 AM	Jan Schneider	Comment #4 State ⇒ Assigned Assigned to Jan Schneider Milestone ⇒ 4.1	Reply to this comment
Such a setup didn't work with Horde 3 either, unless I'm missing something. As far as I can see, Horde 3 only supported a single, fixed parent DN for expanding simple user names to full DNs in the LDAP group driver. To support your setup, we need to do another DN lookup to find the user's DN. Alternatively, you could of course full DNs as user names in Horde.

04/01/2011 07:00:27 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #3 New Attachment: group.ldif	Reply to this comment
This feature was completely broken in Horde 3, at least it created an invalid filter string at one point. That's why I dropped it during the refactoring, since obviously nobody used it. Seems like I was wrong. Can you provide some LDIF examples of real-world groups that use full DNs for group members? yes of course. I anonymized the example of course, and removed some atributes only relevant to Edirectory. Please note, that both the people and the group container in our directory have a non-flat structure. The structure here is: ou=Campus,ou=Personen,o=physik (most of the accounts coming from the university metadirectory) ou=Local,ou=Personen,o=physik (accounts local to our directory) ou=Email-Only,o=physik (account with not unix attributes) ou=Gruppen,o=physik (groups with general relevance) ou=somechair,ou=Gruppen,o=physik (groups with relevance to one of our chairs)

03/31/2011 03:35:41 PM	Jan Schneider	Comment #2 State ⇒ Feedback	Reply to this comment
This feature was completely broken in Horde 3, at least it created an invalid filter string at one point. That's why I dropped it during the refactoring, since obviously nobody used it. Seems like I was wrong. Can you provide some LDIF examples of real-world groups that use full DNs for group members?

03/31/2011 03:16:49 PM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #1 Priority ⇒ 2. Medium Type ⇒ Bug Summary ⇒ attrisdn in the Groups LDAP Setup does not work? Queue ⇒ Horde Base Milestone ⇒ Patch ⇒ No State ⇒ Unconfirmed	Reply to this comment
Hi, it looks like the "attrisdn" parameter in the Groups LDAP driver does not work as expected. I do have a Novell edirectory and have set $conf[group][params][attrisdn] but got the following error messages: Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Indeed a search over /var/www/html/horde and /usr/share/pear only finds references to attrisdn here: [root@dmz-sv-webmail pear]# grep -Ri attrisdn /var/www/html/horde /usr/share/pear/ /var/www/html/horde/config/conf.xml: <configboolean name="attrisdn" required="false" /var/www/html/horde/config/conf.bak.php:$conf['group']['params']['attrisdn'] = true; /var/www/html/horde/config/conf.php:$conf['group']['params']['attrisdn'] = true; /usr/share/pear/Horde/Group/Kolab.php: 'attrisdn' => true, [root@dmz-sv-webmail pear]# So this looks like its not referenced in the code?