Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-57558

ldap_get_entries_moodle() doesn't lowercase attribute names used as keys in the returned array.

    XMLWordPrintable

Details

    • MOODLE_31_STABLE, MOODLE_32_STABLE
    • MOODLE_32_STABLE, MOODLE_33_STABLE
    • MDL-57558-master
    • Easy
    • Hide
      1. Set up an LDAP server with some users
      2. Turn on LDAP auth
      3. Run LDAP sync
      4. Make sure all the synced users have the correct information from LDAP
      5. Update a user in moodle
      6. Sync
      7. Check the user is updated in your LDAP server

        Run the rest of this test twice, once with OpenLDAP, once with Active Directory

      8. Find a user with expired password, or:
        1. Set an password expiry time on your LDAP server
        2. Increase the server time on your LDAP server so the password expires
      9. Sync
      10. Try logging in as the user
      11. Make sure it says that your password is expired
      Show
      Set up an LDAP server with some users Turn on LDAP auth Run LDAP sync Make sure all the synced users have the correct information from LDAP Update a user in moodle Sync Check the user is updated in your LDAP server Run the rest of this test twice, once with OpenLDAP, once with Active Directory Find a user with expired password, or: Set an password expiry time on your LDAP server Increase the server time on your LDAP server so the password expires Sync Try logging in as the user Make sure it says that your password is expired

    Description

      While ldap_get_entries_moodle() PHPdocs state that it returns "array ldap-entries with lower-cased attributes as indexes.", this is not true. It uses ldap_get_attributes() internally, which returns both numerically indexed attribute names, and dictionary-like entries indexed by attribute names.

      Current code lowercases the dictionary-like entries, but then uses the numerically indexed entries for the attribute names used as keys in the returned array. The numerically indexed names might or might not be lowercased, depending on the LDAP server and PHP version) version. E.g., OpenLDAP 2.x, Novell eDirectory 8.x and MS Active Directory return mixed-cased attribute names, and PHP 5.x and PHP 7.x don't lowercase them inside ldap_get_entries().

      This is probably why all calls to ldap_get_entries_moodle() are followed by calls to array_change_key_case(), even if that shouldn't be necessary, according to the function's PHPdocs.

      The attached patches fix the function and add some unit tests to avoid regressions in the future.

      Saludos.
      Iñaki.

      Attachments

        Issue Links

          Activity

            People

              iarenaza Iñaki Arenaza
              iarenaza Iñaki Arenaza
              John Okely John Okely
              Dan Poltawski Dan Poltawski
              Jake Dallimore Jake Dallimore
              Adrian Greeve, Jake Dallimore, Mathew May, Mihail Geshoski, Sujith Haridasan
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                10/Jul/17