[Tickets #12128] Re: Bad search filter ldap Groups

noreply at bugs.horde.org noreply at bugs.horde.org
Fri May 2 14:42:10 UTC 2014 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/12128
------------------------------------------------------------------------------
  Ticket             | 12128
  Updated By         | gerard.breiner at ias.u-psud.fr
  Summary            | Bad search filter ldap Groups
  Queue              | Horde Framework Packages
  Version            | Git master
  Type               | Bug
  State              | Assigned
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             | Jan Schneider
------------------------------------------------------------------------------


gerard.breiner at ias.u-psud.fr (2014-05-02 14:42) wrote:

Hello,


there is a long time I'm working on this issue because  ?sharing by  
group? is a very important feature for us and we encountered the same  
issue of bad filter.

So, from what I checked :

Function findUserDN is defined  in Horde_Ldap  and required ?uid?,   
and ?filter? or ?objectclass?.

When findUserDN() is called  by listGroups() in Horde_Group_Ldap   
(line 387) there is no ?uid?  in the user array because  there is no  
line :$conf['group']['params']['uid'] = 'uid'; in horde/config/conf.php


[CODE]
$filter = Horde_Ldap_Filter::combine(
             'and',
              array(Horde_Ldap_Filter::build($this->_config['user']),
                    
Horde_Ldap_Filter::create($this->_config['user']['uid'], 'equals',  
$user)));
[/CODE]
So, no ?uid? is the first cause of this issue (IMHO)...

Anyway, so that to try, I added $conf['group']['params']['uid'] =  
'uid'; in horde/config/conf.php.
This time there is no longer the error ?Bad search filter Parameters:  
Base: dc=ias.u-psud,dc=fr Filter: (&(objectclass=)(=webadm)) Scope: sub?
But I get  the exception  ?DN for user webadm not found?  defined in  
the below code :

[CODE]
if (!$search->count()) {
              throw new Horde_Exception_NotFound('DN for user ' .  
$user . ' not found');
          }
[/CODE]

So an issue may hide another  that certainly has to do with.

In fact I suppose  that is memberuid  that should be evaluate against  
$user but given that  findUserDN() is required in other places like  
authentication, it may be needed to create another function.

I'm looking for at this but I need to know your what you think about this.

Best regards.

Gérard Breiner

More information about the bugs mailing list