Moodle

LDAP eDirectory password expiration checks fail

Details

  • Type: Bug Bug
  • Status: Development in progress Development in progress
  • Priority: Minor Minor
  • Resolution: Unresolved
  • Affects Version/s: 1.6
  • Fix Version/s: None
  • Component/s: Authentication
  • Labels:
    None
  • Environment:
    Linux
  • Database:
    MySQL
  • Affected Branches:
    MOODLE_16_STABLE

Description

Running RHEL4 using LDAP to authenticate against Novell Open Enterprise Server (Netware) the password expiration checks fail because of the case sensitive LDAP attribute names are lowercased. See diff below.

— auth/ldap/lib.old.php 2006-05-08 10:58:22.000000000 -0500

+++ auth/ldap/lib.php 2006-05-08 10:58:45.000000000 -0500

@@ -347,13 +347,13 @@

$sr = ldap_read($ldapconnection, $user_dn, 'objectclass=*', $search_attribs);

if ($sr) {

$info=auth_ldap_get_entries($ldapconnection, $sr);

  • if ( empty($info[0][strtolower($CFG->ldap_expireattr)][0])) {

+ if ( empty($info[0][$CFG->ldap_expireattr][0])) { //error_log(ldap: no expiration value.$info[0][$CFG->ldap_expireattr]); // no expiration attribute, password does not expire $result = 0; } else {

$now = time();

  • $expiretime = auth_ldap_expirationtime2unix($info[0][strtolower($CFG->ldap_expireattr)][0]);

+ $expiretime = auth_ldap_expirationtime2unix($info[0][$CFG->ldap_expireattr][0]);

if ($expiretime > $now) { $result = ceil(($expiretime - $now) / DAYSECS); } else {

Issue Links

This issue will be resolved by:
MDL-28402 LDAP configuration values being stored in lower case, causing misconfiguration Major Closed
MDL-28585 LDAP Auth does'nt handle password expiration [W/Fix] Critical Open
MDL-23371 auth/ldap and auth/cas refactor Minor Closed
This issue has been marked as being related by:
MDL-4261 strtolower() Trivial Closed

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Martin Dougiamas added a comment -

From Aaron Spike (spikeac at mlc-wels.edu) Friday, 14 July 2006, 05:31 AM:

Now, I've done some LDAP code in an application of my own and I see that the keys come back lowercase. Some error in moodle makes them camelcase in this instance, but I haven't looked more closely yet. Ideas?

From Aaron Spike (spikeac at mlc-wels.edu) Saturday, 15 July 2006, 02:47 AM:

upon further inspection, auth_ldap_get_entries() in auth/ldap/lib.php claims to return arrays like those returned by ldap_get_entries() but it does not because ldap_get_attributes() returns camelCase attribute names rather than lowercase attribute names as ldap_get_entries() does. If they are meant to be equivalent strtolower needs to be added to this function. A diff follows. Could someone please comment on this issue?

diff --git a/auth/ldap/lib.php b/auth/ldap/lib.php

index b0eb9e4..8ce5fac 100644

— a/auth/ldap/lib.php

+++ b/auth/ldap/lib.php

@@ -1495,9 +1495,9 @@ function auth_ldap_get_entries($conn, $s

for($j=0; $j<$attributes['count']; $j++) {

$values = ldap_get_values_len($conn, $entry,$attributes[$j]);

if (is_array($values)) { - $fresult[$i][$attributes[$j]] = $values; + $fresult[$i][strtolower($attributes[$j])] = $values; } else { - $fresult[$i][$attributes[$j]] = array($values); + $fresult[$i][strtolower($attributes[$j])] = array($values); }

}

$i++;

Show
Martin Dougiamas added a comment - From Aaron Spike (spikeac at mlc-wels.edu) Friday, 14 July 2006, 05:31 AM: Now, I've done some LDAP code in an application of my own and I see that the keys come back lowercase. Some error in moodle makes them camelcase in this instance, but I haven't looked more closely yet. Ideas? From Aaron Spike (spikeac at mlc-wels.edu) Saturday, 15 July 2006, 02:47 AM: upon further inspection, auth_ldap_get_entries() in auth/ldap/lib.php claims to return arrays like those returned by ldap_get_entries() but it does not because ldap_get_attributes() returns camelCase attribute names rather than lowercase attribute names as ldap_get_entries() does. If they are meant to be equivalent strtolower needs to be added to this function. A diff follows. Could someone please comment on this issue? diff --git a/auth/ldap/lib.php b/auth/ldap/lib.php index b0eb9e4..8ce5fac 100644 — a/auth/ldap/lib.php +++ b/auth/ldap/lib.php @@ -1495,9 +1495,9 @@ function auth_ldap_get_entries($conn, $s for($j=0; $j<$attributes['count']; $j++) { $values = ldap_get_values_len($conn, $entry,$attributes[$j]); if (is_array($values)) { - $fresult[$i][$attributes[$j]] = $values; + $fresult[$i][strtolower($attributes[$j])] = $values; } else { - $fresult[$i][$attributes[$j]] = array($values); + $fresult[$i][strtolower($attributes[$j])] = array($values); } } $i++;
Hide
Permalink
Samuli Karevaara added a comment -

Is there a "related issues" -field in Jira? (lazy me, didn't read any manuals..) Anyway, just wanted to report that MDL-4261 is related to this.

Show
Samuli Karevaara added a comment - Is there a "related issues" -field in Jira? (lazy me, didn't read any manuals..) Anyway, just wanted to report that MDL-4261 is related to this.

People

Vote (0)
Watch (1)

Dates

  • Created:
    Updated:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for Moodle. Try JIRA - bug tracking software for your team.