[horde] Ldap v3.0.0alpha7, kronolith and no more existent Ldap group
Ralf Lang
ralf.lang at ralf-lang.de
Sun May 18 08:52:51 UTC 2025
Hello Jean,
Am 16.05.2025 um 19:49 schrieb Jean Charles Delépine:
>
> Quoting Jean Charles Delépine <delepine at u-picardie.fr>:
>
>> Quoting Jean Charles Delépine <delepine at u-picardie.fr>:
>>
>>> Context : one calendar shared to peoples in no more existent ldap
>>> group.
>>>
>>> HORDE: Next TypeError: ldap_free_result(): Argument #1 ($result)
>>> must be of type LDAP\Result, bool given in
>>> /var/www/horde/vendor/horde/ldap/lib/Horde/Ldap/Search.php:123
>>
>> For now, I just wrapped the ldap_free_result call in an if to check
>> the type of $this->_search.
>>
>> That said, the underlying issue is that $this->_search ends up being
>> a boolean when searching for members of a non-existent LDAP group. So
>> this fix avoids the error, but the real solution will be to handle
>> that case earlier.
>
> Here it is. In vendor/horde/kronolith/lib/Kronolith.php and
> vendor/horde/nag/lib/Form/Task.php.
>
> - $users = array_merge(
> - $users,
> - $horde_group->listUsers($group)
> - );
> + if ($horde_group->exists($group)) {
> + $users = array_merge(
> + $users,
> + $horde_group->listUsers($group)
> + );
> + }
>
> Patch is attach. I will try to set a dev env in order to be able to
> make a PR next time.
>
> Jean Charles Delépine
>
Thank you for providing the patch. I will include it in the next alpha
release.
However, this points to a larger issue with external backends like LDAP:
Content may change independent of Horde's awareness. This includes user
accounts, group membership and even group existence. In the admin
interface, group members no longer available in the user backend show up
as entries without text. The problem also exists when using the vhost
feature to include different features and content depending on what URL
is called.
This goes beyond fixing a specific bug. I need to think about the right
strategy to tackle this as it also affects the permissions system and
some other parts. The initial impetus is to restore consistency by
removing relations to groups or users which cannot be found. But this is
dangerous - a temporarily disabled backend might result in permanently
unsharing resources. So we better keep those relations but make the code
handle them properly.
More information about the horde
mailing list