Details
-
Type:
Bug
-
Status:
Closed
-
Priority:
Critical
-
Resolution: Fixed
-
Affects Version/s: 1.6
-
Component/s: Authentication
-
Labels:None
-
Environment:All
-
Database:Any
-
Affected Branches:MOODLE_16_STABLE
-
Fixed Branches:MOODLE_18_STABLE, MOODLE_19_STABLE
Description
Please look at the discussion from http://moodle.org/mod/forum/discuss.php?d=35865
LDAP creator does not work with MSAD when there is a comma in the DN that is not a part of the path.
In /auth/ldap/lib.php:
Near line 1386 the php function ldap_get_dn is used to obtain the dn of a user account if in this user?s dn there is a comma (my example is ?cn=Bromley, James,ou=tech center,dc=mydomain,dc=com?) it is escaped with only one backslash. Then it is fed to ldap_read near line 1261. The problem is ldap_read needs the comma escaped with two backslashes. So: ?cn=Bromley, James,ou=tech center,dc=mydomain,dc=com? needs to become ?cn=Bromley\, James,ou=tech center,dc=mydomain,dc=com?).
I could not find mention to this in the PHP website or on Mosilla?s website, except for another user pointing out in the comments of ldap_rename that things had to be escaped with two backslashes.
A particularly helpful moodler Iñaki Arenaza found the actual cause for it not working and sujested this work aroung until a patch was available, replace the if block for if ($CFG->ldap_memberattribute_isdn) with the following:
if ($CFG->ldap_memberattribute_isdn) {
$username=auth_ldap_find_userdn($ldapconnection, $username);
if (! $username ) { return $result; }
$username = preg_replace ('/
,/', '\\\\,', $username);
}
James Bromley
Issue Links
| This issue will be resolved by: | ||||
| MDL-8590 | Auth cleanup - META |
|
|
|
There's a discrepancy between the preg_replace call displayed in the description here versus the discussion in the linked forum. The description as displayed from tracker in my firefox browser shows two backslashes replaced with four. The code fragment quoted in the linked discussion shows four blackslashes replaced with eight, and that is, indeed, what solved this problem for me in Moodle 1.7, lib.php,v 1.83.2.2.
By the way, in our case, our user account distinguished names come from the AD "display name", which we configured as last, pref, where pref is a nickname if present, or the given name if not.
So my DN is: CN=Rand\, Phil,CN=Users,DC=spu,DC=local