[horde] Horde 4 and Active Directory Problems? (worked with H3)
Harald Hutter
hutter at ihs.ac.at
Sat Sep 11 14:39:49 UTC 2010
Ok, as horde.org was not available (DNS) here once again.
On Tuesday 24 August 2010, Harald Hutter wrote:
> On Monday 26 July 2010, Jan Schneider wrote:
> > Please create a ticket on http://bugs.horde.org/.
> >
> > Jan.
> >
> > --
> > Do you need professional PHP or Horde consulting?
> > http://horde.org/consulting/
>
> I was on vacation ... However, I pulled the latest code today and
> verified my workaround for Problem 1 (empty userlist) still works.
> I created a ticket for this, for your reference the number is: #9196
>
> I'm still working on the other problem (group listing). With the latest git
> code I'm getting a lot of error lines like
>
> implode(): Invalid arguments passed
> in /srv/www/htdocs/git/horde/framework/Group/lib/Horde/Group/Ldap.php on
> line 518, referer: http://someserver.ihs.ac.at/horde/admin/groups.php
>
> in my apache logs.
> Anyone else seeing them?
>
> However, as there are still the old (H3) config parameters used in the git
> code, at least this is a bug. So I decided to create a ticket for this part
> of the problem (#9197).
>
> best
> Harald
As no one seems to see the same error message, but at least one commented my
ticket and verified changing the old config parameters to the new ones (Ticket
9197) works, I'll share my workarounds and possibly another bug:
To get things work with our AD Server (as LDAP backend) I had to change
the function exists($group) in framework/Group/lib/Horde/Group/Ldap.php.
The reason is, that @ldap_compare seems to fail (or someting in advance
fails). If I write a simple script binding to the AD Server and doing an
@ldap_compare it works (verified with tcpdaump and wireshark).
Spoofing the communication when I try the list-groups (named Groups in
administration) function, I can not see a successful @ldap_compare result
with wireshark. Last thing I see is
LDAPMessage compareResponse(2) compareTrue
However Horde thinks the result is false. Therefore I added
a stristr call in case ldap_compare returns false as a workaround:
if ($res === false ) {
$ihs_search= $this->_params['gid'] . "=" . $group;
$res = stristr($groupDN, $ihs_search);
$entry = sprintf('DEBUG: ldap_compare returned false: groupDN to search: |%s|
using attribute |%s| with value |%s|', $groupDN, $this->_params['gid'],
$group);
Horde::logMessage($entry, 'NOTICE');
}
Maybe the right solution to this is to change $res===false to $res===-1
as descirbed in ticket 9235.
Still there is the problem of an error caused by calling implode in function
getGroupParent($dn):
Original code is:
public function getGroupParent($dn)
{
if (@ldap_explode_dn($dn, 0) === false) {
throw new Horde_Group_Exception('Invalid group ID passed (bad DN
syntax)');
}
unset($result['count'], $result[0]);
$parent_dn = implode(',', $result);
return (Horde_String::lower($parent_dn) ==
Horde_String::lower($GLOBALS['conf']['group']['params']['basedn']))
? DATATREE_ROOT
: $parent_dn;
}
So the "if" verifies ldap_explode does return something but not false.
However, the result is not saved. So it seems the implode 2 lines below has to
fail otherwise the result must be somehow global accessible.
Changing this if to the below code makes implode work:
if (@ldap_explode_dn($dn, 0) === false) {
throw new Horde_Group_Exception('Invalid group ID passed (bad DN
syntax)');
} else {
$result = @ldap_explode_dn($dn, 0);
}
I will wait for relevant commits to git before continuing looking at these
issues, because after my latest pull other things which already worked with
a git version of July stopped working (no 'manage calendars' in kronolith,
clicking on administration-permissions returns nothing, unable to save events
in kronolith). Maybe these are intended or known, as this is a developer
version I don't mind about these things.
Thanks to every developer for working on H4.
best
harald
More information about the horde
mailing list