| Summary | A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php |
| Queue | Horde Framework Packages |
| Type | Bug |
| State | Unconfirmed |
| Priority | 2. Medium |
| Owners | |
| Requester | dan (at) reportallusa (dot) com |
| Created | 01/30/2018 (2661 days ago) |
| Due | |
| Updated | 01/30/2018 (2661 days ago) |
| Assigned | |
| Resolved | |
| Milestone | |
| Patch | No |
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
summarize this.
When configuring Portal Blocks->Account Info Configuration with the
LDAP backend, using Samba4 (Schema version Windows Server 2008 R2) as
the DC, that block will cause a Fatal Error for two reasons:
Easiest fix was in /lib//Block/Account/Ldap.php in the _getMaxPasswd()
function, $this->_ldap->search() call, currently $domaindn is being
passed. This is incorrect, $domaindn gets converted back to a string
by Horde_Ldap_Util::canonicalDN() a couple lines up. That result, $dn,
should be passed instead.
The second issue is more tricky to solve in a general case. In this
schema version (maybe it's a PHP7 thing in reality? I'm not sure),
executing an ldap_search() against a base DN will cause an Operations
Error unless ldap_set_option($link, LDAP_OPT_REFERRALS, 0) is called
before the search is executed. I was able to solve this in my
installation by putting in a check like:
if($base === 'DC=[mydomain],DC=com') { ldap_set_option($link,
LDAP_OPT_REFERRALS, 0); } //Only disable referrals if searching
against the full base DN
I don't know enough about the Horde config array to figure out a
general patch for it though.
Hope that helps!