[horde] Ldap v3.0.0alpha7, kronolith and no more existent Ldap group

Torben Dannhauer torben at dannhauer.info
Mon May 19 06:57:08 UTC 2025 

Von unterwegs gesendet
Sent from mobile


> Am 18.05.2025 um 10:53 schrieb Ralf Lang <ralf.lang at ralf-lang.de>:
> 
> Hello Jean,
> 
>> Am 16.05.2025 um 19:49 schrieb Jean Charles Delépine:
>> 
>> Quoting Jean Charles Delépine <delepine at u-picardie.fr>:
>> 
>>> Quoting Jean Charles Delépine <delepine at u-picardie.fr>:
>>> 
>>>> Context : one calendar shared to peoples in no more existent ldap group.
>>>> 
>>>> HORDE: Next TypeError: ldap_free_result(): Argument #1 ($result) must be of type LDAP\Result, bool given in /var/www/horde/vendor/horde/ldap/lib/Horde/Ldap/Search.php:123
>>> 
>>> For now, I just wrapped the ldap_free_result call in an if to check the type of $this->_search.
>>> 
>>> That said, the underlying issue is that $this->_search ends up being a boolean when searching for members of a non-existent LDAP group. So this fix avoids the error, but the real solution will be to handle that case earlier.
>> 
>> Here it is. In vendor/horde/kronolith/lib/Kronolith.php and vendor/horde/nag/lib/Form/Task.php.
>> 
>> -                    $users = array_merge(
>> -                        $users,
>> -                        $horde_group->listUsers($group)
>> -                    );
>> +                    if ($horde_group->exists($group)) {
>> +                        $users = array_merge(
>> +                          $users,
>> +                          $horde_group->listUsers($group)
>> +                );
>> +                    }
>> 
>> Patch is attach. I will try to set a dev env in order to be able to make a PR next time.
>> 
>>            Jean Charles Delépine
>> 
> Thank you for providing the patch. I will include it in the next alpha release.
> 
> However, this points to a larger issue with external backends like LDAP: Content may change independent of Horde's awareness. This includes user accounts, group membership and even group existence. In the admin interface, group members no longer available in the user backend show up as entries without text. The problem also exists when using the vhost feature to include different features and content depending on what URL is called.
> 
> This goes beyond fixing a specific bug. I need to think about the right strategy to tackle this as it also affects the permissions system and some other parts. The initial impetus is to restore consistency by removing relations to groups or users which cannot be found. But this is dangerous - a temporarily disabled backend might result in permanently unsharing resources. So we better keep those relations but make the code handle them properly.

I vote for keeping/extending the current approach:
Keep users prefs and metadata. The user/group might reappear and it’s easy to implement a late cleanup via vendor/bin/horde-remove-user-data and vendor/bin/horde-pref-remove.
- But we need to check the code is handling it properly.

BR,
Torben

> 
> 
> --
> Horde mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org

More information about the horde mailing list