6.0.0-git
2019-04-21

[#7694] LDAP objectclass lookups fail due to case sensitivity on objectclass match
Summary LDAP objectclass lookups fail due to case sensitivity on objectclass match
Queue Kolab
Type Bug
State Resolved
Priority 2. Medium
Owners thomas.jarosch (at) intra2net (dot) com, wrobel (at) horde (dot) org
Requester mark.cave-ayland (at) siriusit (dot) co (dot) uk
Created 2008-11-17 (3807 days ago)
Due
Updated 2009-01-08 (3755 days ago)
Assigned 2008-11-17 (3807 days ago)
Resolved 2008-12-29 (3765 days ago)
Milestone
Patch No

History
2009-01-08 21:36:16 Gunnar Wrobel Comment #6 Reply to this comment
The full webmail package will be hard to recreate from CVS. Jan always 
has to put a lot of effort into a release. I'd rely on a single patch 
then. Do you use the Kolab patch for Horde webmail? Adding another 
patch should not be too hard.
2009-01-05 10:00:14 mark (dot) cave-ayland (at) siriusit (dot) co (dot) uk Comment #5 Reply to this comment
Fixed in cvs.
Thank you so much for doing this - it was going to be one of my first 
jobs this year! One question: I've had a look at the nightly builds, 
and can't figure out how to download the nightly equivalent snapshot 
of horde webmail edition for testing :(  Any pointer as to how I can 
recreate the tarball based upon the code in CVS?





Many thanks,



Mark.


2008-12-29 07:01:58 Gunnar Wrobel Comment #4
State ⇒ Resolved
Reply to this comment
Fixed in cvs.
2008-11-26 14:55:39 mark (dot) cave-ayland (at) siriusit (dot) co (dot) uk Comment #2 Reply to this comment
ping?
2008-11-17 15:11:57 Jan Schneider Assigned to Gunnar Wrobel
Assigned to Thomas Jarosch
State ⇒ Assigned
 
2008-11-17 15:11:39 Jan Schneider Version ⇒
Queue ⇒ Kolab
 
2008-11-17 13:51:37 mark (dot) cave-ayland (at) siriusit (dot) co (dot) uk Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ LDAP objectclass lookups fail due to case sensitivity on objectclass match
Queue ⇒ Horde Groupware Webmail Edition
Milestone ⇒
Patch ⇒ No
Reply to this comment
Hi there,



I've just upgraded one of our customer installations from HGWE 1.1 to 
1.2, and have come across a bug releated to case-sensitivity which 
prevents users from even logging onto the new 1.2 edition.



What happens is that  _getObjectClasses() returns an associative array 
of the objectclasses related to a particular DN, and the LDAP server 
in question contains the specified objectclass but in lower-case 
rather than camel-case format. This means that the ldapsearch output 
looks something like this:





dn: uid=foo,dc=some,dc=domain

...

objectClass: kolabinetorgperson

...



# search result

search: 2

result: 0 Success



# numResponses: 2

# numEntries: 1





The problem is related to this piece of code in 
lib/Horde/Kolab/Server/ldap.php within the _determineType() method:



if (!in_array('kolabInetOrgPerson', $oc)) {

...

}



It should be reasonably obvious that the reason the login fails is 
because the associative array stores the value returned from LDAP in 
lower case, while the current code is looking for the camel-case 
version. Temporarily changing the code so that it matches on 
'kolabinetorgperson', all in lower-case, allows the login to proceed 
correctly.



AFAICT objectclasses are by RFC definition aaply case-insensitive 
matching, so it may be that the simplest fix is to force all 
objectclasses for a given DN to lower case before putting them in the 
associative array, and then performing all comparisons in the code 
with lower case names. However, I am not sure whether or not this will 
have any further unexpected side-effects.





ATB,



Mark.


Saved Queries