6.0.0-git
2019-03-20

[#4668] unable to create groups with ldap
Summary unable to create groups with ldap
Queue Horde Framework Packages
Queue Version HEAD
Type Bug
State Resolved
Priority 2. Medium
Owners ben (at)
Requester pascal (at) vmfacility (dot) fr
Created 2006-11-16 (4507 days ago)
Due
Updated 2006-11-24 (4499 days ago)
Assigned 2006-11-16 (4507 days ago)
Resolved 2006-11-24 (4499 days ago)
Milestone
Patch No

History
2006-11-24 10:42:45 Jan Schneider State ⇒ Resolved
 
2006-11-24 07:49:17 ben Comment #9 Reply to this comment
Fixed in FRAMEWORK_3, also.



Can someone please close this ticket, or give me access to do so?  Thanks!
2006-11-24 07:44:10 ben Comment #8 Reply to this comment
* some dn where not initialized with basedn from config
Fixed in HEAD.
* newgroup_objectclass can be an array
Indeed, but it was already handled.
* set first gidnumber to 1 not zero as php empty() function takes
zero for empty value
Probably a good idea anyway, since defaulting to gid=0 could be a bad 
thing on some systems.  Fixed in HEAD.
2006-11-20 14:12:53 Jan Schneider Deleted Original Message
 
2006-11-20 14:06:53 pascal (at) vmfacility (dot) fr Comment #7
New Attachment: ldap_cvs_1.18.2.3.php.diff Download
Reply to this comment
Re-factering patch against  CVS ldap.php version 1.18.3.3



this patch file replaces all the preceeding patches in this report 
with fixes for webmail edition RC1  ./lib/Horde/Group/ldap.php :



* some dn where not initialized with basedn from config

* newgroup_objectclass can be an array

* set first gidnumber to 1 not zero as php empty() function takes zero 
for empty value
2006-11-20 12:21:28 pascal (at) vmfacility (dot) fr Comment #6 Reply to this comment
humm I found the gidnumber bug problem.

In _nextGid()   0 is returned if no groups are found.

but in _toAttributes()  the empty test on 0 makes gidnumber become ' ' 
because 0 is considered empty by php empty() function.



I patched _nextGid() to return 1 instead of zero and voila  I can now 
add the first group.

I think a new confguration parameter could be added like   
first_gidnumber maybe for posixgroups.

So here is the final patch I made.
2006-11-20 11:47:14 pascal (at) vmfacility (dot) fr Comment #5
New Attachment: ldap.php.20061120.diff
Reply to this comment
this patch file replaces the preceeding with more fixes for webmail 
edition RC1  ./lib/Horde/Group/ldap.php



* some dn where not initialized with basedn from config

* newgroup_objectclass can be an array
2006-11-16 12:55:49 Jan Schneider Assigned to ben
Priority ⇒ 2. Medium
 
2006-11-16 12:55:32 Jan Schneider Version ⇒ HEAD
Queue ⇒ Horde Framework Packages
State ⇒ Assigned
 
2006-11-16 11:35:36 pascal (at) vmfacility (dot) fr Comment #4 Reply to this comment
please replace in preceeding comment notice 1. :



"Examining the ldap trace I found this is because horde in the first 
group creation provides gidNumber."



with



"Examining the ldap trace I found this is because horde in the first 
group creation DOES NOT PROVIDE a gidNumber."



i'm typing too quickly sorry.
2006-11-16 09:54:08 pascal (at) vmfacility (dot) fr Comment #3 Reply to this comment
correction for the preceeding comment :

I really have

$conf['group']['params']['basedn'] = 'ou=groups,ou=horde,dc=example,dc=fr';



of course, for groups to be created in the right 'groups' ou.
2006-11-16 09:50:39 pascal (at) vmfacility (dot) fr Comment #2 Reply to this comment
I forgot to say I use  horde groupware webmail edition.



I also noticed that :



1. If the ldap base contains NO groups, then I am unable to create one 
until I manually create a group in my ldap base. Because ldap 
complains that there is a syntax problem during horde group creation. 
Examining the ldap trace I found this is because horde in the first 
group creation provides gidNumber. If I create a group in ldap 
manually with a gidNumber then horde can create groups.

BUT providing that ...



2. A group with hordeGroup objectclass must exist in the ldap database 
for horde creation to be successfull.

If the group manually created in 1 miss the hordeGroup objectclass 
then horde cannot see this group, nor can it add any group (first 
gidNumber problem).



I don't know how to deal with this problem other than creating a first 
group in ldap manually with a hordeGroup objectclass and a gidNumber.



Maybe a firstgidNumber could be added to the horde configuration ?



This is my config for groups :



$conf['group']['params']['hostspec'] = 'ldap://ldap.example.fr';

$conf['group']['params']['basedn'] = 'ou=horde,dc=example,dc=fr';

$conf['group']['params']['binddn'] = 'cn=admin,dc=example,dc=fr';

$conf['group']['params']['password'] = 'password';

$conf['group']['params']['version'] = '3';

$conf['group']['params']['gid'] = 'cn';

$conf['group']['params']['memberuid'] = 'memberUid';

$conf['group']['params']['newgroup_objectclass'] = array('posixGroup', 
'hordeGroup');

$conf['group']['params']['objectclass'] = array('posixGroup');

$conf['group']['params']['filter_type'] = 'objectclass';

$conf['group']['driver'] = 'ldap';


2006-11-16 01:07:49 pascal (at) vmfacility (dot) fr Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Summary ⇒ unable to create groups with ldap
Queue ⇒ Horde Groupware
Reply to this comment
I tried to add a group using ldap and experimented a ldap syntax error 
when I have more than one value in  field 
$conf['group']['params']['newgroup_objectclass'] (like   
array('posixGroup', 'hordeGroup') ).



Looking at the code lib/Horde/Group/ldap.php I found what I think is a bug.

With the following patch, I can create groups and modify them:



# diff -u lib/Horde/Group/ldap.php.org lib/Horde/Group/ldap.php

--- lib/Horde/Group/ldap.php.org        2006-11-16 01:30:46.000000000 +0100

+++ lib/Horde/Group/ldap.php    2006-11-16 01:31:18.000000000 +0100

@@ -43,7 +43,7 @@

          $this->_params['gid'] = strtolower($this->_params['gid']);

          $this->_params['memberuid'] = 
strtolower($this->_params['memberuid']);

          foreach ($this->_params['newgroup_objectclass'] as $key => $val) {

-            $this->_params['newgroup_objectclass'][$key] = strtolower($val);

+            $this->_params['objectclass'][$key] = strtolower($val);

          }



          /* Generate LDAP search filter. */




Saved Queries