attrisdn in the Groups LDAP Setup does not work?

Hi, it looks like the "attrisdn" parameter in the Groups

Thu, 31 Mar 2011 15:16:49 +0000

Hi, it looks like the "attrisdn" parameter in the Groups LDAP driver does not work as expected. I do have a Novell edirectory and have set $conf[group][params][attrisdn] but got the following error messages: Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of "/usr/share/pear/Horde/Group/Ldap.php"] Indeed a search over /var/www/html/horde and /usr/share/pear only finds references to attrisdn here: [root@dmz-sv-webmail pear]# grep -Ri attrisdn /var/www/html/horde /usr/share/pear/ /var/www/html/horde/config/conf.xml: true, [root@dmz-sv-webmail pear]# So this looks like its not referenced in the code?

This feature was completely broken in Horde 3, at least it c

Thu, 31 Mar 2011 15:35:41 +0000

This feature was completely broken in Horde 3, at least it created an invalid filter string at one point. That's why I dropped it during the refactoring, since obviously nobody used it. Seems like I was wrong. Can you provide some LDIF examples of real-world groups that use full DNs for group members?

> This feature was completely broken in Horde 3, at least it

Fri, 01 Apr 2011 07:00:27 +0000

> This feature was completely broken in Horde 3, at least it created an > invalid filter string at one point. That's why I dropped it during > the refactoring, since obviously nobody used it. Seems like I was > wrong. > > Can you provide some LDIF examples of real-world groups that use full > DNs for group members? yes of course. I anonymized the example of course, and removed some atributes only relevant to Edirectory. Please note, that both the people and the group container in our directory have a non-flat structure. The structure here is: ou=Campus,ou=Personen,o=physik (most of the accounts coming from the university metadirectory) ou=Local,ou=Personen,o=physik (accounts local to our directory) ou=Email-Only,o=physik (account with not unix attributes) ou=Gruppen,o=physik (groups with general relevance) ou=somechair,ou=Gruppen,o=physik (groups with relevance to one of our chairs)

Such a setup didn't work with Horde 3 either, unless I'm mis

Fri, 01 Apr 2011 09:15:01 +0000

Such a setup didn't work with Horde 3 either, unless I'm missing something. As far as I can see, Horde 3 only supported a single, fixed parent DN for expanding simple user names to full DNs in the LDAP group driver. To support your setup, we need to do another DN lookup to find the user's DN. Alternatively, you could of course full DNs as user names in Horde.

> Such a setup didn't work with Horde 3 either, unless I'm m

Fri, 01 Apr 2011 09:24:52 +0000

> Such a setup didn't work with Horde 3 either, unless I'm missing > something. As far as I can see, Horde 3 only supported a single, > fixed parent DN for expanding simple user names to full DNs in the > LDAP group driver. Yes, but I wrote a patch for this and and a bug report against horde 3, but it is was probably not accepted. > To support your setup, we need to do another DN lookup to find the user's DN. > Alternatively, you could of course full DNs as user names in Horde. Hmm, but this would have consequences, at least some complicated scripting to convert our existing production database.

I would have been helpful if you mentioned this. See ticket

Fri, 01 Apr 2011 09:53:13 +0000

I would have been helpful if you mentioned this. See ticket #8847.

> Hi, > > it looks like the "attrisdn" parameter in the Gr

Thu, 19 May 2011 06:29:00 +0000

> Hi, > > it looks like the "attrisdn" parameter in the Groups LDAP driver does > not work as expected. > I do have a Novell edirectory and have set > $conf[group][params][attrisdn] but got the following error messages: > > Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN > syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: > (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of > "/usr/share/pear/Horde/Group/Ldap.php"] > Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN > syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: > (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of > "/usr/share/pear/Horde/Group/Ldap.php"] > Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [nag] Invalid DN > syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: > (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of > "/usr/share/pear/Horde/Group/Ldap.php"] > Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [kronolith] Invalid DN > syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: > (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of > "/usr/share/pear/Horde/Group/Ldap.php"] > Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN > syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: > (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of > "/usr/share/pear/Horde/Group/Ldap.php"] > Mar 31 17:13:17 dmz-sv-webmail HORDE: HORDE [mnemo] Invalid DN > syntax#012Parameters:#012Base: ou=Gruppen,o=physik#012Filter: > (member=campus-admin)#012Scope: sub [pid 9313 on line 359 of > "/usr/share/pear/Horde/Group/Ldap.php"] > > > Indeed a search over /var/www/html/horde and /usr/share/pear only > finds references to attrisdn here: > > [root@dmz-sv-webmail pear]# grep -Ri attrisdn /var/www/html/horde > /usr/share/pear/ > /var/www/html/horde/config/conf.xml: name="attrisdn" required="false" > /var/www/html/horde/config/conf.bak.php:$conf['group']['params']['attrisdn'] > = true; > /var/www/html/horde/config/conf.php:$conf['group']['params']['attrisdn'] = > true; > /usr/share/pear/Horde/Group/Kolab.php: 'attrisdn' => true, > [root@dmz-sv-webmail pear]# > > So this looks like its not referenced in the code? > Hi, it seems that I am also stopping at the same point when evaluating the new horde. I also expanded the code wihtin 3 to support LDAP group membership in Kronolith module and also have a "non flat" directory. Any news on this issue ?

Hi, I have a patch for this problem, it seems to work ver

Thu, 19 May 2011 07:18:03 +0000

Hi, I have a patch for this problem, it seems to work very well. Apply the appended diff file to /usr/share/pear/Horde/Group/Ldap.php Sincerly, Klaus

Changes have been made in Git for this ticket: [jan] Add su

Thu, 30 Jun 2011 13:17:02 +0000

Changes have been made in Git for this ticket: [jan] Add support for the attrisdn configuration setting (Bug #9762). 2 files changed, 35 insertions(+), 7 deletions(-) http://git.horde.org/horde-git/-/commit/053896a29a21e3ce9d63e198f25521b24fd9367a

Try this. I simplified your patch and added support for othe

Thu, 30 Jun 2011 13:18:16 +0000

Try this. I simplified your patch and added support for other methods than listGroups(). I cannot test locally though at the moment.

Let's use a single ticket to track this.

Fri, 01 Jul 2011 10:09:29 +0000

Let's use a single ticket to track this.