[Tickets #14773] A couple changes to /Block/Account/Ldap.php and /Horde/Ldap.php
noreply at bugs.horde.org
noreply at bugs.horde.org
Tue Jan 30 16:24:19 UTC 2018
DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.
Ticket URL: https://bugs.horde.org/ticket/14773
------------------------------------------------------------------------------
Ticket | 14773
Created By | dan at reportallusa.com
Summary | A couple changes to /Block/Account/Ldap.php and
| /Horde/Ldap.php
Queue | Horde Framework Packages
Type | Bug
State | Unconfirmed
Priority | 2. Medium
Milestone |
Patch |
Owners |
------------------------------------------------------------------------------
dan at reportallusa.com (2018-01-30 16:24) wrote:
First, sorry for the bad summary name, wasn't sure the best way to
summarize this.
When configuring Portal Blocks->Account Info Configuration with the
LDAP backend, using Samba4 (Schema version Windows Server 2008 R2) as
the DC, that block will cause a Fatal Error for two reasons:
Easiest fix was in /lib//Block/Account/Ldap.php in the _getMaxPasswd()
function, $this->_ldap->search() call, currently $domaindn is being
passed. This is incorrect, $domaindn gets converted back to a string
by Horde_Ldap_Util::canonicalDN() a couple lines up. That result, $dn,
should be passed instead.
The second issue is more tricky to solve in a general case. In this
schema version (maybe it's a PHP7 thing in reality? I'm not sure),
executing an ldap_search() against a base DN will cause an Operations
Error unless ldap_set_option($link, LDAP_OPT_REFERRALS, 0) is called
before the search is executed. I was able to solve this in my
installation by putting in a check like:
if($base === 'DC=[mydomain],DC=com') { ldap_set_option($link,
LDAP_OPT_REFERRALS, 0); } //Only disable referrals if searching
against the full base DN
I don't know enough about the Horde config array to figure out a
general patch for it though.
Hope that helps!
More information about the bugs
mailing list