Sun, 05 Apr 2026 18:27:44 +0000 https://bugs.horde.org/ticket/8847 Groups and attrisdn in non-flat LDAP directory do not work In a LDAP Directory with a hierarchical structure and full DN names as group member entries (like Novell Edirectory) getGroupMemberShip will not work. The culprit is the following code: if ($GLOBALS['conf']['group']['params']['attrisdn']) { $filter .= $GLOBALS['conf']['auth']['params']['uid'] . '='; } $filter .= $user; if ($GLOBALS['conf']['group']['params']['attrisdn']) { $filter .= ',' . $GLOBALS['conf']['auth']['params']['basedn']; } The code assumes that a user DN is always flat under the basedn. In a hierarchical directory structure with sub OU's this not the case, so the real user DN must be used here! Tue, 02 Feb 2010 12:24:26 +0000 https://bugs.horde.org/ticket/8847#t57824 I wrote now a patch for this, the code for retrieving the userDN is adopted from passwd/config/hooks.php.dist. But the code opens up a new can of worms. It works, but with a large user base (we have over 3000 users) for example the startup of the permission widget for kronolith calenders takes a long time, as the userdn is retrieved for every known user. Tue, 02 Feb 2010 13:14:53 +0000 https://bugs.horde.org/ticket/8847#t57825 This patch is useful also for me. I hope it can be added to next horde release. I only notice this: groups over LDAP can work with separate backend. These parameter: $conf['auth']['params']['uid'] $conf['auth']['params']['basedn'] could be undefined. I manually added them to conf.php, but it's better adding them to group backend, like: $conf['group']['params']['uid] A minor issue: if I login as adminitrator, I can only manage groups defined into basedn, I can't see groups in subtree. But all groups work as expected, regardless of subtree where they stay. Thu, 18 Mar 2010 08:53:52 +0000 https://bugs.horde.org/ticket/8847#t58230 Yes, I notice also the problem with the group administation (though i don't use it, as i manage them from Novell Imanager). I opened ticket 8851 regarding this. Thu, 18 Mar 2010 11:52:19 +0000 https://bugs.horde.org/ticket/8847#t58234 See also ticket #9762. Fri, 01 Apr 2011 09:54:02 +0000 https://bugs.horde.org/ticket/8847#t62956 I have added a patch which should solve attrisdn. There is one caveat with this patch, as findUserDN runs in the group context it uses the search base for groups. If this is different for groups and users it will not find the dn. So maybe there should be the DN stored in the cookie? Fri, 15 Apr 2011 12:04:35 +0000 https://bugs.horde.org/ticket/8847#t63795 > I have added a patch which should solve attrisdn. > > There is one caveat with this patch, as findUserDN runs in the group > context it uses the search base for groups. If this is different for > groups and users it will not find the dn. > > So maybe there should be the DN stored in the cookie? Soorry missed the attachement, Fri, 15 Apr 2011 12:05:31 +0000 https://bugs.horde.org/ticket/8847#t63796 Try this: http://git.horde.org/horde-git/-/commit/053896a29a21e3ce9d63e198f25521b24fd9367a Fri, 01 Jul 2011 10:09:47 +0000 https://bugs.horde.org/ticket/8847#t66052