[Tickets #11791] Re: Horde_Auth_Ldap::updateUser() calls Horde_Ldap::modify() with incorrect arguments
bugs at horde.org
bugs at horde.org
Tue Dec 4 18:21:38 UTC 2012
BITTE NICHT AUF DIESE NACHRICHT ANTWORTEN. NACHRICHTEN AN DIESE
E-MAIL-ADRESSE WERDEN NICHT GELESEN.
Ticket-URL: http://bugs.horde.org/ticket/11791
------------------------------------------------------------------------------
Ticket | 11791
Aktualisiert Von | bts.to.FrankEngler at spamgourmet.com
Zusammenfassung | Horde_Auth_Ldap::updateUser() calls Horde_Ldap::modify()
| with incorrect arguments
Warteschlange | Horde Framework Packages
Version | Git master
Typ | Bug
Status | Feedback
Priorität | 1. Low
Milestone | 2.0.2
Patch | 1
Zuständige | Jan Schneider
------------------------------------------------------------------------------
bts.to.FrankEngler at spamgourmet.com (2012-12-04 18:21) hat geschrieben:
I did some short tests and it works if $olddn is null.
I did not test the case $olddn != null, but reviewing the code it
behaves very different:
* It calls $this->_ldap->move($olddn, $newdn) if ($oldID != $newID), but
- does no check if $newdn is actually a DN
- does not ensure that $oldID refers to the same user as $olddn
- does not ensure that $newID refers to the same user as $newdn
* it uses complete $credentials for the new $entry but does not check
if only credentials are in it
* it does not hash the password
* it does not check shadowmin
* it does not set shadowlastchange
More information about the bugs
mailing list