Issue Details (XML | Word | Printable)

Key: MDL-16643
Type: Bug Bug
Status: Open Open
Priority: Major Major
Assignee: Petr Skoda
Reporter: Scott Karren
Votes: 0
Watchers: 2
Operations

Add/Edit UI Mockup to this issue
If you were logged in you would be able to see more operations.
Moodle

CAS/LDAP user mappings do not work.

Created: 24/Sep/08 05:00 AM   Updated: 11/Oct/08 03:39 AM
Return to search
Component/s: Authentication
Affects Version/s: 1.9.2
Fix Version/s: None

Environment: Windows 2003, Apache 2.2.8, MySQL 5.0.51b, PHP 5.2.5, Moodle 1.9.2+

Database: MySQL
Participants: Petr Skoda and Scott Karren
Security Level: None
Affected Branches: MOODLE_19_STABLE


 Description  « Hide
It appears that the CAS authentication plugin has a bug in it similar to MDL-15799 where the function that sets (objectClass=*) is not written properly and as such no user mappings are propogated. The existing code in CAS/auth.php looks like this:

 //hack prefix to objectclass
        if (empty($this->config->objectclass)) { // Can't send empty filter
            $this->config->objectclass='objectClass=*';
        } else if (strpos($this->config->objectclass, 'objectClass=') !== 0) {
            $this->config->objectclass = 'objectClass='.$this->config->objectclass;
        }

Updated code from LDAP/auth.php is this:

// Hack prefix to objectclass
        if (empty($this->config->objectclass)) {
            // Can't send empty filter
            $this->config->objectclass='(objectClass=*)';
        } else if (stripos($this->config->objectclass, 'objectClass=') === 0) {
            // Value is 'objectClass=some-string-here', so just add ()
            // around the value (filter _must_ have them).
            $this->config->objectclass = '('.$this->config->objectclass.')';
        } else if (stripos($this->config->objectclass, '(') !== 0) {
            // Value is 'some-string-not-starting-with-left-parentheses',
            // which is assumed to be the objectClass matching value.
            // So build a valid filter with it.
            $this->config->objectclass = '(objectClass='.$this->config->objectclass.')';
        } else {
            // There is an additional possible value
            // '(some-string-here)', that can be used to specify any
            // valid filter string, to select subsets of users based
            // on any criteria. For example, we could select the users
            // whose objectClass is 'user' and have the
            // 'enabledMoodleUser' attribute, with something like:
            //
            // (&(objectClass=user)(enabledMoodleUser=1))
            //
            // This is only used in the functions that deal with the
            // whole potential set of users (currently sync_users()
            // and get_user_list() only).
            //
            // In this particular case we don't need to do anything,
            // so leave $this->config->objectclass as is.
        }


Taking the updated code from LDAP/auth.php and plugging it into CAS/auth.php resolved this issue and user mappings are working properly now.

 All   Comments   Change History   Version Control      Sort Order: Ascending order - Click to sort in descending order
[ Permalink | « Hide ]
Scott Karren added a comment - 11/Oct/08 03:39 AM
bump.


Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.
Atlassian JIRA the Professional Issue Tracker. (Enterprise Edition, Version: 3.13.5-#360) - Bug/feature request - Atlassian news - Contact Administrators