Tickets :: [#6883] group permission with LDAP does not work

6.0.0-beta1

7/7/25

Summary	group permission with LDAP does not work
Queue	Horde Framework Packages
Queue Version	FRAMEWORK_3
Type	Bug
State	Resolved
Priority	3. High
Owners	jan (at) horde (dot) org, mrubinsk (at) horde (dot) org
Requester	Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de
Created	06/10/2008 (6236 days ago)
Due	08/27/2008 (6158 days ago)
Updated	12/09/2008 (6054 days ago)
Assigned	06/11/2008 (6235 days ago)
Resolved	09/23/2008 (6131 days ago)
Github Issue Link
Github Pull Request
Milestone	3.3
Patch	No

12/09/2008 11:06:21 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #27	Reply to this comment
The LDAP group Permission semm not to work, at least not with Novell edirectory, which uses Full DN's. In the sql table a group name like that will be stored: cn=groupname,ou=Gruppen,o=physik A calender with a group permission is not shown in a members calenders In the User/Group Administration the members of a group wil be listed correctly.

10/25/2008 07:29:01 PM	horde_list (at) blomberg (dot) tk	Comment #26	Reply to this comment
It works for me with Horde 3.3 and sql.php v. 1.1.2.50 and sql_hierarchical.php v 1.17.2.26

10/25/2008 04:41:59 PM	Michael Rubinsky	Comment #25	Reply to this comment
...and merged. http://lists.horde.org/archives/cvs/Week-of-Mon-20081020/084703.html

10/25/2008 04:38:53 PM	Michael Rubinsky	Comment #24 Assigned to Michael Rubinsky	Reply to this comment
Can you try what I committed? array_walk() cannot change the original value if the callback function doesn't take the value by reference. MDB2::quote() takes it by value, so the change doesn't stick. Fixed slightly differently then you suggested, since using a reference in the foreach() loop will not work in PHP4.

10/25/2008 04:36:06 PM	CVS Commit	Comment #23	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Share/Share/sql.php?r1=1.57&r2=1.58&ty=u http://cvs.horde.org/diff.php/framework/Share/Share/sql_hierarchical.php?r1=1.47&r2=1.48&ty=u

10/25/2008 03:36:54 PM	horde_list (at) blomberg (dot) tk	Comment #22	Reply to this comment
The supplied quoting algorithm does not work for me. It is shown by this: --- sql.php.1.1.2.49 Fri Oct 24 17:50:36 2008 +++ sql.php Sat Oct 25 17:05:19 2008 @@ -671,10 +671,13 @@ if (!is_a($groups, 'PEAR_Error') && $groups) { // (name == perm_groups and key in ($groups) and val & $perm) $group_ids = array_keys($groups); + Horde::logMessage($group_ids[0], __FILE__, __LINE__, PEAR_LOG_ERR); array_walk($group_ids, array($this->_db, 'quote')); + Horde::logMessage($group_ids[0], __FILE__, __LINE__, PEAR_LOG_ERR); $query .= ' LEFT JOIN ' . $this->_table . '_groups AS g ON g.share_id = s.share_id'; $where .= ' OR (g.group_uid IN (' . implode(',', $group_ids) . ')' . ' AND (g.perm & ' . $perm .') != 0)'; + Horde::logMessage($where, __FILE__, __LINE__, PEAR_LOG_ERR); } elseif (is_a($groups, 'PEAR_Error')) { Horde::logMessage($groups, __FILE__, __LINE__, PEAR_LOG_ERR); } Oct 25 17:05:50 HORDE [error] [nag] cn=filer,ou=Grupper,o=Blomberg,c=SE [pid 53781 on line 674 of "/usr/local/www/horde/lib/Horde/Share/sql.php"] Oct 25 17:05:50 HORDE [error] [nag] cn=filer,ou=Grupper,o=Blomberg,c=SE [pid 53781 on line 676 of "/usr/local/www/horde/lib/Horde/Share/sql.php"] Oct 25 17:05:50 HORDE [error] [nag] s.share_owner = 'jbl' OR (s.perm_creator & 2) != 0 OR (s.perm_default & 2) != 0 OR ( u.user_uid = 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN (cn=filer,ou=Grupper,o=Blomberg,c=SE,cn=jbl,ou=Personliga,ou=Grupper,o=Blomberg,c=SE,cn=webadmin,ou=Grupper,o=Blomberg,c=SE,cn=smbdomusers,ou=Grupper,o=Blomberg,c=SE,cn=Horde-anv,ou=grupper,o=blomberg,c=se) AND (g.perm & 2) != 0) [pid 53781 on line 680 of "/usr/local/www/horde/lib/Horde/Share/sql.php"] Oct 25 17:05:50 HORDE [error] [nag] MDB2 Error: no such field: _doQuery: [Error message: Could not execute statement] [Last executed query: SELECT DISTINCT s.* FROM nag_shares s LEFT JOIN nag_shares_users AS u ON u.share_id = s.share_id LEFT JOIN nag_shares_groups AS g ON g.share_id = s.share_id WHERE s.share_owner = 'jbl' OR (s.perm_creator & 2) != 0 OR (s.perm_default & 2) != 0 OR ( u.user_uid = 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN (cn=filer,ou=Grupper,o=Blomberg,c=SE,cn=jbl,ou=Personliga,ou=Grupper,o=Blomberg,c=SE,cn=webadmin,ou=Grupper,o=Blomberg,c=SE,cn=smbdomusers,ou=Grupper,o=Blomberg,c=SE,cn=Horde-anv,ou=grupper,o=blomberg,c=se) AND (g.perm & 2) != 0) ORDER BY s.attribute_name ASC] [Native message: ERROR: column "cn" does not exist RAD 1: ... 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN (cn=filer,o... ^] [pid 53781 on line 457 of "/usr/local/www/horde/lib/Horde/Share/sql.php"] Then, I changed the algorithm: --- sql.php.1.1.2.49 Fri Oct 24 17:50:36 2008 +++ sql.php Sat Oct 25 17:09:25 2008 @@ -671,10 +671,17 @@ if (!is_a($groups, 'PEAR_Error') && $groups) { // (name == perm_groups and key in ($groups) and val & $perm) $group_ids = array_keys($groups); - array_walk($group_ids, array($this->_db, 'quote')); + Horde::logMessage($group_ids[0], __FILE__, __LINE__, PEAR_LOG_ERR); + //array_walk($group_ids, array($this->_db, 'quote')); + foreach ($group_ids as &$groupitem) { + $groupitem = $this->_db->quote($groupitem); + } + unset($groupitem); + Horde::logMessage($group_ids[0], __FILE__, __LINE__, PEAR_LOG_ERR); $query .= ' LEFT JOIN ' . $this->_table . '_groups AS g ON g.share_id = s.share_id'; $where .= ' OR (g.group_uid IN (' . implode(',', $group_ids) . ')' . ' AND (g.perm & ' . $perm .') != 0)'; + Horde::logMessage($where, __FILE__, __LINE__, PEAR_LOG_ERR); } elseif (is_a($groups, 'PEAR_Error')) { Horde::logMessage($groups, __FILE__, __LINE__, PEAR_LOG_ERR); } Now it quotes nicely: Oct 25 17:10:57 HORDE [error] [nag] cn=filer,ou=Grupper,o=Blomberg,c=SE [pid 41648 on line 674 of "/usr/local/www/horde/lib/Horde/Share/sql.php"] Oct 25 17:10:57 HORDE [error] [nag] 'cn=filer,ou=Grupper,o=Blomberg,c=SE' [pid 41648 on line 680 of "/usr/local/www/horde/lib/Horde/Share/sql.php"] Oct 25 17:10:57 HORDE [error] [nag] s.share_owner = 'jbl' OR (s.perm_creator & 2) != 0 OR (s.perm_default & 2) != 0 OR ( u.user_uid = 'jbl' AND (u.perm & 2) != 0) OR (g.group_uid IN ('cn=filer,ou=Grupper,o=Blomberg,c=SE','cn=jbl,ou=Personliga,ou=Grupper,o=Blomberg,c=SE','cn=webadmin,ou=Grupper,o=Blomberg,c=SE','cn=smbdomusers,ou=Grupper,o=Blomberg,c=SE','cn=Horde-anv,ou=grupper,o=blomberg,c=se') AND (g.perm & 2) != 0) [pid 41648 on line 684 of "/usr/local/www/horde/lib/Horde/Share/sql.php"]

10/24/2008 09:06:05 PM	Jan Schneider	Comment #21	Reply to this comment
This doesn't make any sense. The ids are already quoted, and adding another quote will break the query.

10/24/2008 06:02:16 PM	horde_list (at) blomberg (dot) tk	Comment #20	Reply to this comment
With Horde 3.3 and sql.php v. 1.1.2.49 and sql_hierarchical.php v. 1.17.2.25 it is still problem. PostgreSQL say: column "cn" does not exist This fix works for me: --- sql.php.1.1.2.49 Fri Oct 24 17:50:36 2008 +++ sql.php Fri Oct 24 19:23:31 2008 @@ -673,7 +673,7 @@ $group_ids = array_keys($groups); array_walk($group_ids, array($this->_db, 'quote')); $query .= ' LEFT JOIN ' . $this->_table . '_groups AS g ON g.share_id = s.share_id'; - $where .= ' OR (g.group_uid IN (' . implode(',', $group_ids) . ')' + $where .= ' OR (g.group_uid IN (\'' . implode(',', $group_ids) . '\')' . ' AND (g.perm & ' . $perm .') != 0)'; } elseif (is_a($groups, 'PEAR_Error')) { Horde::logMessage($groups, __FILE__, __LINE__, PEAR_LOG_ERR);

10/23/2008 09:28:24 PM	CVS Commit	Comment #19	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Share/Share/sql.php?r1=1.1.2.47&r2=1.1.2.48&ty=u http://cvs.horde.org/diff.php/framework/Share/Share/sql_hierarchical.php?r1=1.17.2.23&r2=1.17.2.24&ty=u http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.515.2.481&r2=1.515.2.482&ty=u

10/23/2008 09:17:01 PM	CVS Commit	Comment #18	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Share/Share/sql_hierarchical.php?r1=1.45&r2=1.46&ty=u

10/23/2008 09:16:01 PM	CVS Commit	Comment #17	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Share/Share/sql.php?r1=1.55&r2=1.56&ty=u

10/23/2008 09:11:30 PM	CVS Commit	Comment #16	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/framework/Share/Share/sql.php?r1=1.54&r2=1.55&ty=u

09/23/2008 03:18:30 PM	CVS Commit	Comment #15	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.55.2.111&r2=1.55.2.112&ty=u http://cvs.horde.org/diff.php/ingo/docs/UPGRADING?r1=1.1.2.10&r2=1.1.2.11&ty=u http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.oci8.sql?r1=1.3.2.6&r2=1.3.2.7&ty=u http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.sql?r1=1.6.2.6&r2=1.6.2.7&ty=u http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.xml?r1=1.1.2.2&r2=1.1.2.3&ty=u http://cvs.horde.org/co.php/ingo/scripts/upgrades/1.2.1_to_1.2.2.sql?r=1.1.2.1 http://cvs.horde.org/co.php/ingo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1 http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.165.2.234&r2=1.165.2.235&ty=u http://cvs.horde.org/diff.php/kronolith/docs/UPGRADING?r1=1.1.8.12&r2=1.1.8.13&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mssql.sql?r1=1.1.2.8&r2=1.1.2.9&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mysql.sql?r1=1.3.2.7&r2=1.3.2.8&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.oci8.sql?r1=1.4.2.10&r2=1.4.2.11&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.pgsql.sql?r1=1.3.2.7&r2=1.3.2.8&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.sql?r1=1.3.2.7&r2=1.3.2.8&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.xml?r1=1.1.2.7&r2=1.1.2.8&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.oci8.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u http://cvs.horde.org/co.php/kronolith/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1 http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.63.2.70&r2=1.63.2.71&ty=u http://cvs.horde.org/diff.php/mnemo/docs/UPGRADING?r1=1.1.8.12&r2=1.1.8.13&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.mssql.sql?r1=1.1.2.5&r2=1.1.2.6&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.oci8.sql?r1=1.1.2.7&r2=1.1.2.8&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.sql?r1=1.5.2.5&r2=1.5.2.6&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.xml?r1=1.1.2.4&r2=1.1.2.5&ty=u http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2.2.1_to_2.2.2.sql?r=1.1.2.1 http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1 http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.115.2.98&r2=1.115.2.99&ty=u http://cvs.horde.org/diff.php/nag/docs/UPGRADING?r1=1.1.8.12&r2=1.1.8.13&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.mssql.sql?r1=1.1.2.5&r2=1.1.2.6&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.oci8.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.sql?r1=1.4.8.6&r2=1.4.8.7&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.xml?r1=1.1.2.5&r2=1.1.2.6&ty=u http://cvs.horde.org/diff.php/nag/scripts/upgrades/2.2_to_2.3.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u http://cvs.horde.org/co.php/nag/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1 http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.181.2.206&r2=1.181.2.207&ty=u http://cvs.horde.org/diff.php/turba/docs/UPGRADING?r1=1.3.6.25&r2=1.3.6.26&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.mssql.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.oci8.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.pgsql.sql?r1=1.1.2.7&r2=1.1.2.8&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.sql?r1=1.1.2.6&r2=1.1.2.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.xml?r1=1.1.2.5&r2=1.1.2.6&ty=u http://cvs.horde.org/diff.php/turba/scripts/upgrades/2.2.1_to_2.3.sql?r1=1.1.2.1&r2=1.1.2.2&ty=u http://cvs.horde.org/co.php/turba/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1.2.1

09/23/2008 03:16:29 PM	Jan Schneider	Comment #14 State ⇒ Resolved	Reply to this comment
Changed to VARCHAR.

09/23/2008 03:12:02 PM	CVS Commit	Comment #13	Reply to this comment
Changes have been made in CVS for this ticket: http://cvs.horde.org/diff.php/ansel/docs/CHANGES?r1=1.60&r2=1.61&ty=u http://cvs.horde.org/diff.php/ansel/scripts/sql/ansel.pgsql.sql?r1=1.4&r2=1.5&ty=u http://cvs.horde.org/diff.php/ansel/scripts/sql/ansel.sql?r1=1.28&r2=1.29&ty=u http://cvs.horde.org/co.php/ansel/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/genie/docs/CHANGES?r1=1.25&r2=1.26&ty=u http://cvs.horde.org/diff.php/genie/scripts/sql/genie.mssql.sql?r1=1.8&r2=1.9&ty=u http://cvs.horde.org/diff.php/genie/scripts/sql/genie.sql?r1=1.9&r2=1.10&ty=u http://cvs.horde.org/co.php/genie/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/ingo/docs/CHANGES?r1=1.205&r2=1.206&ty=u http://cvs.horde.org/diff.php/ingo/docs/UPGRADING?r1=1.12&r2=1.13&ty=u http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.oci8.sql?r1=1.7&r2=1.8&ty=u http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.sql?r1=1.11&r2=1.12&ty=u http://cvs.horde.org/diff.php/ingo/scripts/sql/ingo.xml?r1=1.2&r2=1.3&ty=u http://cvs.horde.org/co.php/ingo/scripts/upgrades/1.2.1_to_1.2.2.sql?r=1.1 http://cvs.horde.org/co.php/ingo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.474&r2=1.475&ty=u http://cvs.horde.org/diff.php/kronolith/docs/UPGRADING?r1=1.16&r2=1.17&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mssql.sql?r1=1.11&r2=1.12&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.mysql.sql?r1=1.15&r2=1.16&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.oci8.sql?r1=1.15&r2=1.16&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.pgsql.sql?r1=1.13&r2=1.14&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.sql?r1=1.13&r2=1.14&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/sql/kronolith.xml?r1=1.8&r2=1.9&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.oci8.sql?r1=1.2&r2=1.3&ty=u http://cvs.horde.org/diff.php/kronolith/scripts/upgrades/2.2_to_2.3.sql?r1=1.2&r2=1.3&ty=u http://cvs.horde.org/co.php/kronolith/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/mnemo/docs/CHANGES?r1=1.146&r2=1.147&ty=u http://cvs.horde.org/diff.php/mnemo/docs/UPGRADING?r1=1.14&r2=1.15&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.mssql.sql?r1=1.7&r2=1.8&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.oci8.sql?r1=1.6&r2=1.7&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.sql?r1=1.11&r2=1.12&ty=u http://cvs.horde.org/diff.php/mnemo/scripts/sql/mnemo.xml?r1=1.5&r2=1.6&ty=u http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2.2.1_to_2.2.2.sql?r=1.1 http://cvs.horde.org/co.php/mnemo/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/nag/docs/CHANGES?r1=1.242&r2=1.243&ty=u http://cvs.horde.org/diff.php/nag/docs/UPGRADING?r1=1.14&r2=1.15&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.mssql.sql?r1=1.13&r2=1.14&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.oci8.sql?r1=1.13&r2=1.14&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.sql?r1=1.17&r2=1.18&ty=u http://cvs.horde.org/diff.php/nag/scripts/sql/nag.xml?r1=1.9&r2=1.10&ty=u http://cvs.horde.org/diff.php/nag/scripts/upgrades/2.2_to_2.3.sql?r1=1.2&r2=1.3&ty=u http://cvs.horde.org/co.php/nag/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/turba/docs/CHANGES?r1=1.460&r2=1.461&ty=u http://cvs.horde.org/diff.php/turba/docs/UPGRADING?r1=1.43&r2=1.44&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.mssql.sql?r1=1.6&r2=1.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.oci8.sql?r1=1.6&r2=1.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.pgsql.sql?r1=1.7&r2=1.8&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.sql?r1=1.6&r2=1.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/sql/turba.xml?r1=1.6&r2=1.7&ty=u http://cvs.horde.org/diff.php/turba/scripts/upgrades/2.2.1_to_2.3.sql?r1=1.2&r2=1.3&ty=u http://cvs.horde.org/co.php/turba/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1 http://cvs.horde.org/diff.php/whups/docs/CHANGES?r1=1.217&r2=1.218&ty=u http://cvs.horde.org/diff.php/whups/scripts/sql/whups.mssql.sql?r1=1.24&r2=1.25&ty=u http://cvs.horde.org/diff.php/whups/scripts/sql/whups.oci8.sql?r1=1.24&r2=1.25&ty=u http://cvs.horde.org/diff.php/whups/scripts/sql/whups.sql?r1=1.29&r2=1.30&ty=u http://cvs.horde.org/diff.php/whups/scripts/sql/whups.xml?r1=1.2&r2=1.3&ty=u http://cvs.horde.org/co.php/whups/scripts/upgrades/2008-09-23_fix_group_uid.sql?r=1.1

09/23/2008 03:04:36 PM	Jan Schneider	Assigned to Jan Schneider Taken from Horde Developers

09/22/2008 02:59:45 PM	Jan Schneider	Milestone ⇒ 3.3

08/25/2008 02:23:57 PM	Chuck Hagenbuch	Comment #12	Reply to this comment
Agreed

08/25/2008 12:05:09 PM	Jan Schneider	Comment #11 Priority ⇒ 3. High Due ⇒ 08/27/2008	Reply to this comment
If no one is coming up with such a mapping table solution in the next one or two days, let's change the column type then and postpone it to Horde 4. We really need to fix this before the 3.2.2 release.

08/23/2008 01:15:55 AM	Chuck Hagenbuch	Comment #10	Reply to this comment
So, do you want to add a mapping table for user shares too? Because we use a text field there too, and this table is much more used than the group shares table. And isn't an additional join eating up all the performance gain we get from using integer indexes? I would prefer to have integer userids for Horde whether native or not, yes, to make it simpler to write apps that integrate with global Horde user information, and to have things like OpenID and OAuth server/provider support. As for adding extra joins, things like the current user's id would be cached in the session, and we can relatively easily cache other flat lists of id => username when needed. And joins on simple mapping tables are pretty quick even with millions of rows. I can be convinced not to do this for now I guess, but I think we really need a global horde userid, that is an integer, for simplicity in Horde 4.

08/21/2008 03:56:22 PM	Jan Schneider	Comment #9	Reply to this comment
So, do you want to add a mapping table for user shares too? Because we use a text field there too, and this table is much more used than the group shares table. And isn't an additional join eating up all the performance gain we get from using integer indexes?

08/13/2008 10:15:08 PM	Chuck Hagenbuch	Comment #8	Reply to this comment
I feel pretty strongly on the data type issue - I want to start making more choices for Horde that lend themselves to better scaling/performance, and storing integer ids as strings is not one of those. Mapping tables aren't a bit deal especially if we cache anything expensive.

08/13/2008 09:51:54 PM	Jan Schneider	Comment #7	Reply to this comment
I'm still not convinced that introducing yet another mapping table, for anything but SQL groups (LDAP, DataTree, custom driver), is a better solution that having the group id column a string column. But anyway, we have to fix this, because currently the SQL share driver simply is broken if not using SQL groups.

07/06/2008 05:23:58 PM	Jan Schneider	Milestone ⇒ 3.2.2

06/13/2008 09:22:39 PM	Jan Schneider	Version ⇒ FRAMEWORK_3 Queue ⇒ Horde Framework Packages

06/12/2008 02:01:03 PM	Chuck Hagenbuch	Comment #6	Reply to this comment
A mapping table is pretty much against the purpose of using LDAP to avoid SQL databases. Except that if shares are already in SQL, you're not avoiding SQL. Why is the group id in the share tables not a string column? Because it's much more efficient to store it as an int, and to query it as an int.

06/12/2008 10:40:20 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #5	Reply to this comment
A mapping table is pretty much against the purpose of using LDAP to avoid SQL databases. Right. Why is the group id in the share tables not a string column? Hmm, probably because this is the referential field to the horde_groups table. If it will be changed to strings the reference to horde_groups will not work anymore, so a different solution is necessary, but of course it should not suffer from sync problems. Sincerly, Klaus

06/12/2008 08:30:28 AM	Jan Schneider	Comment #4	Reply to this comment
A mapping table is pretty much against the purpose of using LDAP to avoid SQL databases. Why is the group id in the share tables not a string column?

06/12/2008 05:40:09 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #3	Reply to this comment
Yup, that'd be a problem. I wonder if we can do a mapping table somewhere, to avoid making the group_id field a string? Yep, some ideas: a) Maybe we could use the horde_groups table normally used by the sql driver for the mapping. There have to be some mechanism for synchronisation ith the directory. b) The second idea is no general solution. Will only work with LDAP entries with objectclass posixGroup: The gidNumber attribute could be used as "group_id", but this will definitly fail with non Posix Groups (e.g. it will fail with Active Directory). So I thing a mapping table would be the more general solution, but synchronisation with the Directory Service is probably the largest challenge in this approach. Sincerly, Klaus

06/11/2008 03:51:55 PM	Chuck Hagenbuch	Comment #2 Assigned to Horde Developers Summary ⇒ group permission with LDAP does not work State ⇒ Assigned	Reply to this comment
Yup, that'd be a problem. I wonder if we can do a mapping table somewhere, to avoid making the group_id field a string?

06/10/2008 10:43:49 AM	Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de	Comment #1 Priority ⇒ 2. Medium State ⇒ Unconfirmed Patch ⇒ No Milestone ⇒ Queue ⇒ Horde Groupware Type ⇒ Bug Summary ⇒ group permnission with LDAP do not work	Reply to this comment
The problem is the following: If for example giving permission to a group for a calender, in the first step the group ist correctly shown, but after closing and reopening the permissions windows a group entry with no name is shown. The problem seems to be that LDAP identifies the group by their DN, but in kronolith_shares_group (as well as the other xxx_shares_group tables) a integer field is used for the group_uid field. After setting permission there is entry in kronolith_shares_group with group_uid = 0 which of course could not be resolved back.