6.0.0-git
2021-01-18

[#6883] group permission with LDAP does not work
Summary group permission with LDAP does not work
Queue Horde Framework Packages
Queue Version FRAMEWORK_3
Type Bug
State Resolved
Priority 3. High
Owners jan (at) horde (dot) org, mrubinsk (at) horde (dot) org
Requester Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de
Created 2008-06-10 (4605 days ago)
Due 08/27/2008 (4527 days ago)
Updated 2008-12-09 (4423 days ago)
Assigned 2008-06-11 (4604 days ago)
Resolved 2008-09-23 (4500 days ago)
Milestone 3.3
Patch No

History
2008-12-09 11:06:21 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #27 Reply to this comment
The LDAP group Permission semm not to work, at least not with Novell 
edirectory, which uses Full DN's.



In the sql table a group name like that will be stored:



cn=groupname,ou=Gruppen,o=physik



A calender with a group permission is not shown in a members calenders



In the User/Group Administration the members of a group wil be listed 
correctly.


2008-10-25 19:29:01 horde_list (at) blomberg (dot) tk Comment #26 Reply to this comment
It works for me with Horde 3.3 and sql.php v. 1.1.2.50 and 
sql_hierarchical.php v 1.17.2.26


2008-10-25 16:38:53 Michael Rubinsky Comment #24
Assigned to Michael Rubinsky
Reply to this comment
Can you try what I committed?



array_walk() cannot change the original value if the callback function 
doesn't take the value by reference. MDB2::quote() takes it by value, 
so the change doesn't stick.



Fixed slightly differently then you suggested, since using a reference 
in the foreach() loop will not work in PHP4.


2008-10-25 15:36:54 horde_list (at) blomberg (dot) tk Comment #22 Reply to this comment
The supplied quoting algorithm does not work for me. It is shown by this:



--- sql.php.1.1.2.49    Fri Oct 24 17:50:36 2008

+++ sql.php     Sat Oct 25 17:05:19 2008

@@ -671,10 +671,13 @@

              if (!is_a($groups, 'PEAR_Error') && $groups) {

                  // (name == perm_groups and key in ($groups) and val & $perm)

                  $group_ids = array_keys($groups);

+                Horde::logMessage($group_ids[0], __FILE__, __LINE__, 
PEAR_LOG_ERR);

                  array_walk($group_ids, array($this->_db, 'quote'));

+                Horde::logMessage($group_ids[0], __FILE__, __LINE__, 
PEAR_LOG_ERR);

                  $query .= ' LEFT JOIN ' . $this->_table . '_groups 
AS g ON g.share_id = s.share_id';

                  $where .= ' OR (g.group_uid IN (' . implode(',', 
$group_ids) . ')'

                      . ' AND (g.perm & ' . $perm .') != 0)';

+                Horde::logMessage($where, __FILE__, __LINE__, PEAR_LOG_ERR);

              } elseif (is_a($groups, 'PEAR_Error')) {

                  Horde::logMessage($groups, __FILE__, __LINE__, PEAR_LOG_ERR);

              }



Oct 25 17:05:50 HORDE [error] [nag] 
cn=filer,ou=Grupper,o=Blomberg,c=SE [pid 53781 on line 674 of 
"/usr/local/www/horde/lib/Horde/Share/sql.php"]

Oct 25 17:05:50 HORDE [error] [nag] 
cn=filer,ou=Grupper,o=Blomberg,c=SE [pid 53781 on line 676 of 
"/usr/local/www/horde/lib/Horde/Share/sql.php"]

Oct 25 17:05:50 HORDE [error] [nag] s.share_owner = 'jbl' OR 
(s.perm_creator & 2) != 0 OR (s.perm_default & 2) != 0 OR ( u.user_uid 
= 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN 
(cn=filer,ou=Grupper,o=Blomberg,c=SE,cn=jbl,ou=Personliga,ou=Grupper,o=Blomberg,c=SE,cn=webadmin,ou=Grupper,o=Blomberg,c=SE,cn=smbdomusers,ou=Grupper,o=Blomberg,c=SE,cn=Horde-anv,ou=grupper,o=blomberg,c=se) AND (g.perm & 2) != 0) [pid 53781 on line 680 of 
"/usr/local/www/horde/lib/Horde/Share/sql.php"]

Oct 25 17:05:50 HORDE [error] [nag] MDB2 Error: no such field: 
_doQuery: [Error message: Could not execute statement]

[Last executed query: SELECT DISTINCT s.*  FROM nag_shares s  LEFT 
JOIN nag_shares_users AS u ON u.share_id = s.share_id LEFT JOIN 
nag_shares_groups AS g ON g.share_id = s.share_id WHERE s.share_owner 
= 'jbl' OR (s.perm_creator & 2) != 0 OR (s.perm_default & 2) != 0 OR ( 
u.user_uid = 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN 
(cn=filer,ou=Grupper,o=Blomberg,c=SE,cn=jbl,ou=Personliga,ou=Grupper,o=Blomberg,c=SE,cn=webadmin,ou=Grupper,o=Blomberg,c=SE,cn=smbdomusers,ou=Grupper,o=Blomberg,c=SE,cn=Horde-anv,ou=grupper,o=blomberg,c=se) AND (g.perm & 2) != 0) ORDER BY s.attribute_name 
ASC]

[Native message: ERROR:  column "cn" does not exist

RAD 1: ... 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN (cn=filer,o...

                                                             ^]

  [pid 53781 on line 457 of "/usr/local/www/horde/lib/Horde/Share/sql.php"]







Then, I changed the algorithm:



--- sql.php.1.1.2.49    Fri Oct 24 17:50:36 2008

+++ sql.php     Sat Oct 25 17:09:25 2008

@@ -671,10 +671,17 @@

              if (!is_a($groups, 'PEAR_Error') && $groups) {

                  // (name == perm_groups and key in ($groups) and val & $perm)

                  $group_ids = array_keys($groups);

-                array_walk($group_ids, array($this->_db, 'quote'));

+                Horde::logMessage($group_ids[0], __FILE__, __LINE__, 
PEAR_LOG_ERR);

+                //array_walk($group_ids, array($this->_db, 'quote'));

+                foreach ($group_ids as &$groupitem) {

+                    $groupitem = $this->_db->quote($groupitem);

+                }

+                unset($groupitem);

+                Horde::logMessage($group_ids[0], __FILE__, __LINE__, 
PEAR_LOG_ERR);

                  $query .= ' LEFT JOIN ' . $this->_table . '_groups 
AS g ON g.share_id = s.share_id';

                  $where .= ' OR (g.group_uid IN (' . implode(',', 
$group_ids) . ')'

                      . ' AND (g.perm & ' . $perm .') != 0)';

+                Horde::logMessage($where, __FILE__, __LINE__, PEAR_LOG_ERR);

              } elseif (is_a($groups, 'PEAR_Error')) {

                  Horde::logMessage($groups, __FILE__, __LINE__, PEAR_LOG_ERR);

              }





Now it quotes nicely:



Oct 25 17:10:57 HORDE [error] [nag] 
cn=filer,ou=Grupper,o=Blomberg,c=SE [pid 41648 on line 674 of 
"/usr/local/www/horde/lib/Horde/Share/sql.php"]

Oct 25 17:10:57 HORDE [error] [nag] 
'cn=filer,ou=Grupper,o=Blomberg,c=SE' [pid 41648 on line 680 of 
"/usr/local/www/horde/lib/Horde/Share/sql.php"]

Oct 25 17:10:57 HORDE [error] [nag] s.share_owner = 'jbl' OR 
(s.perm_creator & 2) != 0 OR (s.perm_default & 2) != 0 OR ( u.user_uid 
= 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN 
('cn=filer,ou=Grupper,o=Blomberg,c=SE','cn=jbl,ou=Personliga,ou=Grupper,o=Blomberg,c=SE','cn=webadmin,ou=Grupper,o=Blomberg,c=SE','cn=smbdomusers,ou=Grupper,o=Blomberg,c=SE','cn=Horde-anv,ou=grupper,o=blomberg,c=se') AND (g.perm & 2) != 0) [pid 41648 on line 684 of 
"/usr/local/www/horde/lib/Horde/Share/sql.php"]




2008-10-24 21:06:05 Jan Schneider Comment #21 Reply to this comment
This doesn't make any sense. The ids are already quoted, and adding 
another quote will break the query.
2008-10-24 18:02:16 horde_list (at) blomberg (dot) tk Comment #20 Reply to this comment
With Horde 3.3 and sql.php v. 1.1.2.49 and sql_hierarchical.php v. 
1.17.2.25 it is still problem. PostgreSQL say: column "cn" does not 
exist



This fix works for me:



--- sql.php.1.1.2.49    Fri Oct 24 17:50:36 2008

+++ sql.php     Fri Oct 24 19:23:31 2008

@@ -673,7 +673,7 @@

                  $group_ids = array_keys($groups);

                  array_walk($group_ids, array($this->_db, 'quote'));

                  $query .= ' LEFT JOIN ' . $this->_table . '_groups 
AS g ON g.share_id = s.share_id';

-                $where .= ' OR (g.group_uid IN (' . implode(',', 
$group_ids) . ')'

+                $where .= ' OR (g.group_uid IN (\'' . implode(',', 
$group_ids) . '\')'

                      . ' AND (g.perm & ' . $perm .') != 0)';

              } elseif (is_a($groups, 'PEAR_Error')) {

                  Horde::logMessage($groups, __FILE__, __LINE__, PEAR_LOG_ERR);


2008-10-23 21:16:01 CVS Commit Comment #17 Reply to this comment
2008-10-23 21:11:30 CVS Commit Comment #16 Reply to this comment
2008-09-23 15:18:30 CVS Commit Comment #15 Reply to this comment
Changes have been made in CVS for this ticket:

http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.55.2.111&r2=1.55.2.112&ty=u
http://cvs.horde.org/diff.php/ingo/docs/UPGRADING?r1=1.1.2.10&r2=1.1.2.11&ty=u
http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.oci8.sql?r1=1.3.2.6&r2=1.3.2.7&ty=u
http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.sql?r1=1.6.2.6&r2=1.6.2.7&ty=u
http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.xml?r1=1.1.2.2&r2=1.1.2.3&ty=u
http://cvs.horde.org/co.php/ingo/scripts/upgrades/1.2.1_to_1.2.2.sql?r=1.1.2.1
http://cvs.horde.org/co.php/ingo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1
http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.165.2.234&r2=1.165.2.235&ty=u
http://cvs.horde.org/diff.php/kronolith/docs/UPGRADING?r1=1.1.8.12&r2=1.1.8.13&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mssql.sql?r1=1.1.2.8&r2=1.1.2.9&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mysql.sql?r1=1.3.2.7&r2=1.3.2.8&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.oci8.sql?r1=1.4.2.10&r2=1.4.2.11&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.pgsql.sql?r1=1.3.2.7&r2=1.3.2.8&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.sql?r1=1.3.2.7&r2=1.3.2.8&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.xml?r1=1.1.2.7&r2=1.1.2.8&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.oci8.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u
http://cvs.horde.org/co.php/kronolith/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1
http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.63.2.70&r2=1.63.2.71&ty=u
http://cvs.horde.org/diff.php/mnemo/docs/UPGRADING?r1=1.1.8.12&r2=1.1.8.13&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.mssql.sql?r1=1.1.2.5&r2=1.1.2.6&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.oci8.sql?r1=1.1.2.7&r2=1.1.2.8&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.sql?r1=1.5.2.5&r2=1.5.2.6&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.xml?r1=1.1.2.4&r2=1.1.2.5&ty=u
http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2.2.1_to_2.2.2.sql?r=1.1.2.1
http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1
http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.115.2.98&r2=1.115.2.99&ty=u
http://cvs.horde.org/diff.php/nag/docs/UPGRADING?r1=1.1.8.12&r2=1.1.8.13&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.mssql.sql?r1=1.1.2.5&r2=1.1.2.6&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.oci8.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.sql?r1=1.4.8.6&r2=1.4.8.7&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.xml?r1=1.1.2.5&r2=1.1.2.6&ty=u
http://cvs.horde.org/diff.php/nag/scripts/upgrades/2.2_to_2.3.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u
http://cvs.horde.org/co.php/nag/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.206&r2=1.181.2.207&ty=u
http://cvs.horde.org/diff.php/turba/docs/UPGRADING?r1=1.3.6.25&r2=1.3.6.26&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.mssql.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.oci8.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.pgsql.sql?r1=1.1.2.7&r2=1.1.2.8&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.xml?r1=1.1.2.5&r2=1.1.2.6&ty=u
http://cvs.horde.org/diff.php/turba/scripts/upgrades/2.2.1_to_2.3.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u
http://cvs.horde.org/co.php/turba/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1
2008-09-23 15:16:29 Jan Schneider Comment #14
State ⇒ Resolved
Reply to this comment
Changed to VARCHAR.
2008-09-23 15:12:02 CVS Commit Comment #13 Reply to this comment
Changes have been made in CVS for this ticket:

http://cvs.horde.org/diff.php/ansel/docs/CHANGES?r1=1.60&r2=1.61&ty=u
http://cvs.horde.org/diff.php/ansel/scripts/sql/ansel.pgsql.sql?r1=1.4&r2=1.5&ty=u
http://cvs.horde.org/diff.php/ansel/scripts/sql/ansel.sql?r1=1.28&r2=1.29&ty=u
http://cvs.horde.org/co.php/ansel/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/genie/docs/CHANGES?r1=1.25&r2=1.26&ty=u
http://cvs.horde.org/diff.php/genie/scripts/sql/genie.mssql.sql?r1=1.8&r2=1.9&ty=u
http://cvs.horde.org/diff.php/genie/scripts/sql/genie.sql?r1=1.9&r2=1.10&ty=u
http://cvs.horde.org/co.php/genie/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.205&r2=1.206&ty=u
http://cvs.horde.org/diff.php/ingo/docs/UPGRADING?r1=1.12&r2=1.13&ty=u
http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.oci8.sql?r1=1.7&r2=1.8&ty=u
http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.sql?r1=1.11&r2=1.12&ty=u
http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.xml?r1=1.2&r2=1.3&ty=u
http://cvs.horde.org/co.php/ingo/scripts/upgrades/1.2.1_to_1.2.2.sql?r=1.1
http://cvs.horde.org/co.php/ingo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.474&r2=1.475&ty=u
http://cvs.horde.org/diff.php/kronolith/docs/UPGRADING?r1=1.16&r2=1.17&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mssql.sql?r1=1.11&r2=1.12&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mysql.sql?r1=1.15&r2=1.16&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.oci8.sql?r1=1.15&r2=1.16&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.pgsql.sql?r1=1.13&r2=1.14&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.sql?r1=1.13&r2=1.14&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.xml?r1=1.8&r2=1.9&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.oci8.sql?r1=1.2&r2=1.3&ty=u
http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.sql?r1=1.2&r2=1.3&ty=u
http://cvs.horde.org/co.php/kronolith/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.146&r2=1.147&ty=u
http://cvs.horde.org/diff.php/mnemo/docs/UPGRADING?r1=1.14&r2=1.15&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.mssql.sql?r1=1.7&r2=1.8&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.oci8.sql?r1=1.6&r2=1.7&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.sql?r1=1.11&r2=1.12&ty=u
http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.xml?r1=1.5&r2=1.6&ty=u
http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2.2.1_to_2.2.2.sql?r=1.1
http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.242&r2=1.243&ty=u
http://cvs.horde.org/diff.php/nag/docs/UPGRADING?r1=1.14&r2=1.15&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.mssql.sql?r1=1.13&r2=1.14&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.oci8.sql?r1=1.13&r2=1.14&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.sql?r1=1.17&r2=1.18&ty=u
http://cvs.horde.org/diff.php/nag/scripts/sql/nag.xml?r1=1.9&r2=1.10&ty=u
http://cvs.horde.org/diff.php/nag/scripts/upgrades/2.2_to_2.3.sql?r1=1.2&r2=1.3&ty=u
http://cvs.horde.org/co.php/nag/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.460&r2=1.461&ty=u
http://cvs.horde.org/diff.php/turba/docs/UPGRADING?r1=1.43&r2=1.44&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.mssql.sql?r1=1.6&r2=1.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.oci8.sql?r1=1.6&r2=1.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.pgsql.sql?r1=1.7&r2=1.8&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.sql?r1=1.6&r2=1.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/sql/turba.xml?r1=1.6&r2=1.7&ty=u
http://cvs.horde.org/diff.php/turba/scripts/upgrades/2.2.1_to_2.3.sql?r1=1.2&r2=1.3&ty=u
http://cvs.horde.org/co.php/turba/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
http://cvs.horde.org/diff.php/whups/docs/CHANGES?r1=1.217&r2=1.218&ty=u
http://cvs.horde.org/diff.php/whups/scripts/sql/whups.mssql.sql?r1=1.24&r2=1.25&ty=u
http://cvs.horde.org/diff.php/whups/scripts/sql/whups.oci8.sql?r1=1.24&r2=1.25&ty=u
http://cvs.horde.org/diff.php/whups/scripts/sql/whups.sql?r1=1.29&r2=1.30&ty=u
http://cvs.horde.org/diff.php/whups/scripts/sql/whups.xml?r1=1.2&r2=1.3&ty=u
http://cvs.horde.org/co.php/whups/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1
2008-09-23 15:04:36 Jan Schneider Assigned to Jan Schneider
Taken from Horde DevelopersHorde Developers
 
2008-09-22 14:59:45 Jan Schneider Milestone ⇒ 3.3
 
2008-08-25 14:23:57 Chuck Hagenbuch Comment #12 Reply to this comment
Agreed
2008-08-25 12:05:09 Jan Schneider Comment #11
Priority ⇒ 3. High
Due ⇒ 2008-08-27
Reply to this comment
If no one is coming up with such a mapping table solution in the next 
one or two days, let's change the column type then and postpone it to 
Horde 4. We really need to fix this before the 3.2.2 release.
2008-08-23 01:15:55 Chuck Hagenbuch Comment #10 Reply to this comment
So, do you want to add a mapping table for user shares too? Because
we use a text field there too, and this table is much more used than
the group shares table. And isn't an additional join eating up all
the performance gain we get from using integer indexes?
I would prefer to have integer userids for Horde whether native or 
not, yes, to make it simpler to write apps that integrate with global 
Horde user information, and to have things like OpenID and OAuth 
server/provider support. As for adding extra joins, things like the 
current user's id would be cached in the session, and we can 
relatively easily cache other flat lists of id => username when 
needed. And joins on simple mapping tables are pretty quick even with 
millions of rows.



I can be convinced not to do this for now I guess, but I think we 
really need a global horde userid, that is an integer, for simplicity 
in Horde 4.
2008-08-21 15:56:22 Jan Schneider Comment #9 Reply to this comment
So, do you want to add a mapping table for user shares too? Because we 
use a text field there too, and this table is much more used than the 
group shares table. And isn't an additional join eating up all the 
performance gain we get from using integer indexes?
2008-08-13 22:15:08 Chuck Hagenbuch Comment #8 Reply to this comment
I feel pretty strongly on the data type issue - I want to start making 
more choices for Horde that lend themselves to better 
scaling/performance, and storing integer ids as strings is not one of 
those. Mapping tables aren't a bit deal especially if we cache 
anything expensive.
2008-08-13 21:51:54 Jan Schneider Comment #7 Reply to this comment
I'm still not convinced that introducing yet another mapping table, 
for anything but SQL groups (LDAP, DataTree, custom driver), is a 
better solution that having the group id column a string column. But 
anyway, we have to fix this, because currently the SQL share driver 
simply is broken if not using SQL groups.
2008-07-06 17:23:58 Jan Schneider Milestone ⇒ 3.2.2
 
2008-06-13 21:22:39 Jan Schneider Version ⇒ FRAMEWORK_3
Queue ⇒ Horde Framework Packages
 
2008-06-12 14:01:03 Chuck Hagenbuch Comment #6 Reply to this comment
A mapping table is pretty much against the purpose of using LDAP to 
avoid SQL databases.
Except that if shares are already in SQL, you're not avoiding SQL.
Why is the group id in the share tables not a string column?
Because it's much more efficient to store it as an int, and to query 
it as an int.
2008-06-12 10:40:20 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #5 Reply to this comment
A mapping table is pretty much against the purpose of using LDAP to
avoid SQL databases.
Right.
Why is the group id in the share tables not a string column?
Hmm, probably because this is the referential field to the horde_groups table.



If it will be changed to strings the reference to horde_groups will 
not work anymore, so a different solution is necessary, but of course 
it should not suffer from sync problems.



Sincerly,

Klaus


2008-06-12 08:30:28 Jan Schneider Comment #4 Reply to this comment
A mapping table is pretty much against the purpose of using LDAP to 
avoid SQL databases.

Why is the group id in the share tables not a string column?
2008-06-12 05:40:09 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #3 Reply to this comment
Yup, that'd be a problem. I wonder if we can do a mapping table
somewhere, to avoid making the group_id field a string?
Yep, some ideas:



a) Maybe we could use the horde_groups table normally used by the sql 
driver for the mapping. There have to be some mechanism for 
synchronisation ith the directory.



b) The second idea is no general solution. Will only work with LDAP 
entries with objectclass posixGroup:



The gidNumber attribute  could be used as "group_id", but this will 
definitly fail with non Posix Groups (e.g. it will fail with Active 
Directory).



So I thing a mapping table would be the more general solution, but 
synchronisation with the Directory Service is probably the largest 
challenge in this approach.



Sincerly,

Klaus
2008-06-11 15:51:55 Chuck Hagenbuch Comment #2
Assigned to Horde DevelopersHorde Developers
Summary ⇒ group permission with LDAP does not work
State ⇒ Assigned
Reply to this comment
Yup, that'd be a problem. I wonder if we can do a mapping table 
somewhere, to avoid making the group_id field a string?
2008-06-10 10:43:49 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ group permnission with LDAP do not work
Queue ⇒ Horde Groupware
Milestone ⇒
Patch ⇒ No
Reply to this comment
The problem is the following:



If for example giving permission to a group for a calender, in the 
first step the group ist correctly shown, but after closing and 
reopening the permissions windows a group entry with no name is shown.



The problem seems to be that LDAP identifies the group by their DN, 
but in kronolith_shares_group (as well as the other xxx_shares_group 
tables) a integer field is used for the group_uid field.



After setting permission there is entry in kronolith_shares_group with 
group_uid = 0 which of course could not be resolved back.




Saved Queries