Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-57558

ldap_get_entries_moodle() doesn't lowercase attribute names used as keys in the returned array.

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide
      1. Set up an LDAP server with some users
      2. Turn on LDAP auth
      3. Run LDAP sync
      4. Make sure all the synced users have the correct information from LDAP
      5. Update a user in moodle
      6. Sync
      7. Check the user is updated in your LDAP server

        Run the rest of this test twice, once with OpenLDAP, once with Active Directory

      8. Find a user with expired password, or:
        1. Set an password expiry time on your LDAP server
        2. Increase the server time on your LDAP server so the password expires
      9. Sync
      10. Try logging in as the user
      11. Make sure it says that your password is expired
      Show
      Set up an LDAP server with some users Turn on LDAP auth Run LDAP sync Make sure all the synced users have the correct information from LDAP Update a user in moodle Sync Check the user is updated in your LDAP server Run the rest of this test twice, once with OpenLDAP, once with Active Directory Find a user with expired password, or: Set an password expiry time on your LDAP server Increase the server time on your LDAP server so the password expires Sync Try logging in as the user Make sure it says that your password is expired
    • Difficulty:
      Easy
    • Affected Branches:
      MOODLE_31_STABLE, MOODLE_32_STABLE
    • Fixed Branches:
      MOODLE_32_STABLE, MOODLE_33_STABLE
    • Pull from Repository:
    • Pull Master Branch:
      MDL-57558-master

      Description

      While ldap_get_entries_moodle() PHPdocs state that it returns "array ldap-entries with lower-cased attributes as indexes.", this is not true. It uses ldap_get_attributes() internally, which returns both numerically indexed attribute names, and dictionary-like entries indexed by attribute names.

      Current code lowercases the dictionary-like entries, but then uses the numerically indexed entries for the attribute names used as keys in the returned array. The numerically indexed names might or might not be lowercased, depending on the LDAP server and PHP version) version. E.g., OpenLDAP 2.x, Novell eDirectory 8.x and MS Active Directory return mixed-cased attribute names, and PHP 5.x and PHP 7.x don't lowercase them inside ldap_get_entries().

      This is probably why all calls to ldap_get_entries_moodle() are followed by calls to array_change_key_case(), even if that shouldn't be necessary, according to the function's PHPdocs.

      The attached patches fix the function and add some unit tests to avoid regressions in the future.

      Saludos.
      Iñaki.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              iarenaza Iñaki Arenaza
              Reporter:
              iarenaza Iñaki Arenaza
              Peer reviewer:
              John Okely
              Integrator:
              Dan Poltawski
              Tester:
              Jake Dallimore
              Participants:
              Component watchers:
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Peter Dias
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Fix Release Date:
                10/Jul/17