Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Major
-
Resolution: Won't Fix
-
Affects Version/s: 1.9.2
-
Fix Version/s: None
-
Component/s: Authentication
-
Labels:None
-
Environment:Windows 2003, Apache 2.2.8, MySQL 5.0.51b, PHP 5.2.5, Moodle 1.9.2+
-
Database:MySQL
-
Affected Branches:MOODLE_19_STABLE
Description
It appears that the CAS authentication plugin has a bug in it similar to MDL-15799 where the function that sets (objectClass=*) is not written properly and as such no user mappings are propogated. The existing code in CAS/auth.php looks like this:
//hack prefix to objectclass
if (empty($this->config->objectclass)) { // Can't send empty filter
$this->config->objectclass='objectClass=*';
} else if (strpos($this->config->objectclass, 'objectClass=') !== 0) {
$this->config->objectclass = 'objectClass='.$this->config->objectclass;
}
Updated code from LDAP/auth.php is this:
// Hack prefix to objectclass
if (empty($this->config->objectclass)) {
// Can't send empty filter
$this->config->objectclass='(objectClass=*)';
} else if (stripos($this->config->objectclass, 'objectClass=') === 0) {
// Value is 'objectClass=some-string-here', so just add ()
// around the value (filter _must_ have them).
$this->config->objectclass = '('.$this->config->objectclass.')';
} else if (stripos($this->config->objectclass, '(') !== 0) {
// Value is 'some-string-not-starting-with-left-parentheses',
// which is assumed to be the objectClass matching value.
// So build a valid filter with it.
$this->config->objectclass = '(objectClass='.$this->config->objectclass.')';
} else {
// There is an additional possible value
// '(some-string-here)', that can be used to specify any
// valid filter string, to select subsets of users based
// on any criteria. For example, we could select the users
// whose objectClass is 'user' and have the
// 'enabledMoodleUser' attribute, with something like:
//
// (&(objectClass=user)(enabledMoodleUser=1))
//
// This is only used in the functions that deal with the
// whole potential set of users (currently sync_users()
// and get_user_list() only).
//
// In this particular case we don't need to do anything,
// so leave $this->config->objectclass as is.
}
Taking the updated code from LDAP/auth.php and plugging it into CAS/auth.php resolved this issue and user mappings are working properly now.
bump.