6.0.0-git
2019-05-23

[#9762] attrisdn in the Groups LDAP Setup does not work?
Summary attrisdn in the Groups LDAP Setup does not work?
Queue Horde Base
Queue Version Git master
Type Bug
State Duplicate
Priority 2. Medium
Owners
Requester Klaus.Steinberger (at) physik (dot) uni-muenchen (dot) de
Created 2011-03-31 (2975 days ago)
Due
Updated 2011-07-01 (2883 days ago)
Assigned 2011-06-30 (2884 days ago)
Resolved 2011-07-01 (2883 days ago)
Milestone 4.1
Patch No

History
2011-07-01 10:09:29 Jan Schneider Comment #11
Taken from Jan Schneider
State ⇒ Duplicate
Reply to this comment
Let's use a single ticket to track this.
2011-06-30 13:18:16 Jan Schneider Comment #10
State ⇒ Feedback
Version ⇒ Git master
Reply to this comment
Try this. I simplified your patch and added support for other methods 
than listGroups(). I cannot test locally though at the moment.
2011-06-30 13:17:02 Git Commit Comment #9 Reply to this comment
Changes have been made in Git for this ticket:

[jan] Add support for the attrisdn configuration setting (Bug #9762).

  2 files changed, 35 insertions(+), 7 deletions(-)
http://git.horde.org/horde-git/-/commit/053896a29a21e3ce9d63e198f25521b24fd9367a
2011-05-19 07:18:03 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #8
New Attachment: Ldap.php.diff Download
Reply to this comment
Hi,

I have a patch for this problem, it seems to work very well.

Apply the appended diff file to /usr/share/pear/Horde/Group/Ldap.php

Sincerly,
Klaus




2011-05-19 06:29:00 christoph (dot) ohliger (at) fh-rosenheim (dot) de Comment #7 Reply to this comment

[Show Quoted Text - 49 lines]
Hi,

it seems that I am also stopping at the same point when evaluating the 
new horde. I also expanded the code wihtin 3 to support LDAP group 
membership in Kronolith module and also have a "non flat" directory. 
Any news on this issue ?
2011-04-01 09:53:13 Jan Schneider Comment #6
State ⇒ Duplicate
Reply to this comment
I would have been helpful if you mentioned this.
See ticket #8847.
2011-04-01 09:24:52 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #5 Reply to this comment
Such a setup didn't work with Horde 3 either, unless I'm missing 
something. As far as I can see, Horde 3 only supported a single, 
fixed parent DN for expanding simple user names to full DNs in the 
LDAP group driver.
Yes, but I wrote a patch for this and and a bug report against horde 
3, but it is was probably not accepted.
To support your setup, we need to do another DN lookup to find the user's DN.
Alternatively, you could of course full DNs as user names in Horde.
Hmm, but this would have consequences, at least some complicated 
scripting to convert our existing production database.

2011-04-01 09:15:01 Jan Schneider Comment #4
Assigned to Jan Schneider
State ⇒ Assigned
Milestone ⇒ 4.1
Reply to this comment
Such a setup didn't work with Horde 3 either, unless I'm missing 
something. As far as I can see, Horde 3 only supported a single, fixed 
parent DN for expanding simple user names to full DNs in the LDAP 
group driver.
To support your setup, we need to do another DN lookup to find the user's DN.
Alternatively, you could of course full DNs as user names in Horde.
2011-04-01 07:00:27 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #3
New Attachment: group.ldif Download
Reply to this comment
This feature was completely broken in Horde 3, at least it created 
an invalid filter string at one point. That's why I dropped it 
during the refactoring, since obviously nobody used it. Seems like I 
was wrong.

Can you provide some LDIF examples of real-world groups that use 
full DNs for group members?
yes of course. I anonymized the example of course, and removed some 
atributes only relevant to Edirectory.

Please note, that both the people and the group container in our 
directory have a non-flat structure.

The structure here is:

ou=Campus,ou=Personen,o=physik   (most of the accounts coming from the 
university metadirectory)
ou=Local,ou=Personen,o=physik  (accounts local to our directory)
ou=Email-Only,o=physik (account with not unix attributes)

ou=Gruppen,o=physik  (groups with general relevance)
ou=somechair,ou=Gruppen,o=physik  (groups with relevance to one of our chairs)


2011-03-31 15:35:41 Jan Schneider Comment #2
State ⇒ Feedback
Reply to this comment
This feature was completely broken in Horde 3, at least it created an 
invalid filter string at one point. That's why I dropped it during the 
refactoring, since obviously nobody used it. Seems like I was wrong.

Can you provide some LDIF examples of real-world groups that use full 
DNs for group members?
2011-03-31 15:16:49 Klaus (dot) Steinberger (at) physik (dot) uni-muenchen (dot) de Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ attrisdn in the Groups LDAP Setup does not work?
Queue ⇒ Horde Base
Milestone ⇒
Patch ⇒ No
Reply to this comment
Hi,

it looks like the "attrisdn" parameter in the Groups LDAP driver does 
not work as expected.
I do have a Novell edirectory and have set 
$conf[group][params][attrisdn]  but got the following error messages:

Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN 
syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: 
(member=campus-admin)#012Scope: sub [pid 9313 on line 359 of 
"/usr/share/pear/Horde/Group/Ldap.php"]
Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN 
syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: 
(member=campus-admin)#012Scope: sub [pid 9313 on line 359 of 
"/usr/share/pear/Horde/Group/Ldap.php"]
Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN 
syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: 
(member=campus-admin)#012Scope: sub [pid 9313 on line 359 of 
"/usr/share/pear/Horde/Group/Ldap.php"]
Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN 
syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: 
(member=campus-admin)#012Scope: sub [pid 9313 on line 359 of 
"/usr/share/pear/Horde/Group/Ldap.php"]
Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN 
syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: 
(member=campus-admin)#012Scope: sub [pid 9313 on line 359 of 
"/usr/share/pear/Horde/Group/Ldap.php"]
Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN 
syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: 
(member=campus-admin)#012Scope: sub [pid 9313 on line 359 of 
"/usr/share/pear/Horde/Group/Ldap.php"]


Indeed a search over /var/www/html/horde and /usr/share/pear only 
finds references to attrisdn here:

[root@dmz-sv-webmail pear]# grep -Ri attrisdn /var/www/html/horde 
/usr/share/pear/
/var/www/html/horde/config/conf.xml:       <configboolean 
name="attrisdn" required="false"
/var/www/html/horde/config/conf.bak.php:$conf['group']['params']['attrisdn'] = 
true;
/var/www/html/horde/config/conf.php:$conf['group']['params']['attrisdn'] = 
true;
/usr/share/pear/Horde/Group/Kolab.php:            'attrisdn' => true,
[root@dmz-sv-webmail pear]#

So this looks like its not referenced in the code?

Saved Queries