[#14773] A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
Summary A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
Queue Horde Framework Packages
Type Bug
State Unconfirmed
Priority 2. Medium
Requester dan@reportallusa.com
Created 2018-01-30 (997 days ago)
Updated 2018-01-30 (997 days ago)
Patch No

dan@reportallusa.com 2018-01-30 16:24:19
First, sorry for the bad summary name, wasn't sure the best way to 
summarize this.

When configuring Portal Blocks->Account Info Configuration with the 
LDAP backend, using Samba4 (Schema version Windows Server 2008 R2) as 
the DC, that block will cause a Fatal Error for two reasons:

Easiest fix was in /lib//Block/Account/Ldap.php in the _getMaxPasswd() 
function, $this->_ldap->search() call, currently $domaindn is being 
passed. This is incorrect, $domaindn gets converted back to a string 
by Horde_Ldap_Util::canonicalDN() a couple lines up. That result, $dn, 
should be passed instead.

The second issue is more tricky to solve in a general case. In this 
schema version (maybe it's a PHP7 thing in reality? I'm not sure), 
executing an ldap_search() against a base DN will cause an Operations 
Error unless ldap_set_option($link, LDAP_OPT_REFERRALS, 0) is called 
before the search is executed. I was able to solve this in my 
installation by putting in a check like:
if($base === 'DC=[mydomain],DC=com') { ldap_set_option($link, 
LDAP_OPT_REFERRALS, 0); } //Only disable referrals if searching 
against the full base DN
I don't know enough about the Horde config array to figure out a 
general patch for it though.

Hope that helps!