[sork] Re: Incorrect LDAP search in accounts module
John Dalbec
jpdalbec at ysu.edu
Thu Feb 20 17:11:09 PST 2003
Eric Rostetter wrote:
> Quoting John Dalbec <jpdalbec at ysu.edu>:
>
>
>>The LDAP backend for the accounts module tries to match the IMP login to
>>the "sn" (surname) attribute. This is wrong - what if two people have
>>the same last name?
>
>
> Unlikely in my (special) case. So it worked for me. :)
>
>
>>Depending on how the directory is built, you should
>>search on "uid" (using the PADL migration scripts, for instance) or
>>"cn". This should probably be configurable somewhere.
>
>
> Patch? May I quote from the driver:
>
> * NOTE: This code is probably terrible. I don't run ldap. I wrote
> * this simply as a template for others to start with. If you don't
> * like the code, please fix it! (however, it does work!)
>
> I think that says it all...
>
>
>>John Dalbec
>
>
If I have to write the patch, I'm making the default attribute 'uid',
which is what works on my system.
John Dalbec
#include<stddisclaimer.h>
DISCLAIM("whitespace");
DISCLAIM("line breaks");
--- ldap.php.orig Thu Feb 20 17:02:32 2003
+++ ldap.php Thu Feb 20 17:01:20 2003
@@ -38,6 +38,7 @@
$this->_params['host'] = array_key_exists('host',
$params) ? $params['host'] : 'localhost';
$this->_params['port'] = array_key_exists('port',
$params) ? $params['port'] : 389;
$this->_params['basedn'] = array_key_exists('basedn',
$params) ? $params['basedn'] : '';
+ $this->_params['attr'] = array_key_exists('attr',
$params) ? $params['attr'] : 'uid';
}
@@ -66,7 +67,7 @@
// Get the fullname
$searchResult = ldap_search($this->_ds, $this->_params['basedn'],
- 'sn=' . $username);
+ $this->_params['attr'] . '=' . $username);
$information = ldap_get_entries($this->_ds, $searchResult);
// FIXME: Need to check for errors here if nothing is returned
above
if ($information[0]['cn;lang-es'][0] != '') {
More information about the sork
mailing list