6.0.0-beta1
10/24/25

[#14773] A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
Summary A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
Queue Horde Framework Packages
Type Bug
State Unconfirmed
Priority 2. Medium
Owners ralf.lang (at) ralf-lang (dot) de
Requester dan (at) reportallusa (dot) com
Created 01/30/2018 (2824 days ago)
Due
Updated 05/29/2025 (148 days ago)
Assigned
Resolved
Github Issue Link
Github Pull Request
Milestone
Patch No

History
05/29/2025 07:26:23 PM Ralf Lang Assigned to Ralf Lang
 
01/30/2018 04:24:19 PM dan (at) reportallusa (dot) com Comment #1
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Type ⇒ Bug
Summary ⇒ A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
Queue ⇒ Horde Framework Packages
Milestone ⇒
Patch ⇒ No
Reply to this comment
First, sorry for the bad summary name, wasn't sure the best way to 
summarize this.

When configuring Portal Blocks->Account Info Configuration with the 
LDAP backend, using Samba4 (Schema version Windows Server 2008 R2) as 
the DC, that block will cause a Fatal Error for two reasons:

Easiest fix was in /lib//Block/Account/Ldap.php in the _getMaxPasswd() 
function, $this->_ldap->search() call, currently $domaindn is being 
passed. This is incorrect, $domaindn gets converted back to a string 
by Horde_Ldap_Util::canonicalDN() a couple lines up. That result, $dn, 
should be passed instead.

The second issue is more tricky to solve in a general case. In this 
schema version (maybe it's a PHP7 thing in reality? I'm not sure), 
executing an ldap_search() against a base DN will cause an Operations 
Error unless ldap_set_option($link, LDAP_OPT_REFERRALS, 0) is called 
before the search is executed. I was able to solve this in my 
installation by putting in a check like:
if($base === 'DC=[mydomain],DC=com') { ldap_set_option($link, 
LDAP_OPT_REFERRALS, 0); } //Only disable referrals if searching 
against the full base DN
I don't know enough about the Horde config array to figure out a 
general patch for it though.

Hope that helps!

Saved Queries