Item14675: LdapContrib - Case Sensitive option not working for logins.
Priority: Normal
Current State: New
Released In: n/a
Target Release: n/a
I use
LdapContrib for authentication and authorization. It works well, but I ran into a bug with the
CaseSensitiveLogin config option.
Turning off this feature, the group membership management won't work as expected because while the plugin lowercases all login/group fields and stores them that way, it does not do the same when doing a membership check. There it uses the original login.
$ grep -A 9 'sub getLoginName' lib/Foswiki/Users/LdapUserMapping.pm
sub getLoginName {
my ($this, $cUID) = @_;
my $login = $cUID;
# Remove the mapping id in case this is a subclass
$login =~ s/$this->{mapping_id}// if $this->{mapping_id};
$login = $this->mapcUID2Login($login);
$login = lc($login) unless $this->{ldap}{caseSensitiveLogin};
$
$ grep -A 23 'sub isInGroup' lib/Foswiki/UserMapping.pm
sub isInGroup {
my ( $this, $cUID, $group, $options ) = @_;
ASSERT($cUID) if DEBUG;
my $expand = $options->{expand};
$expand = 1 unless ( defined $expand );
# If not recursively, clear the scanning hash
if ( ( caller(1) )[3] ne ( caller(0) )[3] ) {
%scanning = ();
}
#use Carp;
#Carp::cluck "Scanning for JoeUser\n" if $cUID eq 'JoeUser';
#die "Scanning for JoeUser\n" if $cUID eq 'JoeUser';
my @users;
my $it = $this->eachGroupMember( $group, { expand => $expand } );
while ( $it->hasNext() ) {
my $u = $it->next();
next if $scanning{$u};
$scanning{$u} = 1;
return 1 if $u eq $cUID;
$
I created a quick&dirty fix to address this issue, but did not investigate further how it affects other modules or features.
--- old/lib/Foswiki/Users/LdapUserMapping.pm 2017-11-24 09:51:18.000000000 +0100
+++ new/lib/Foswiki/Users/LdapUserMapping.pm 2018-03-06 17:03:13.573000000 +0100
@@ -466,6 +466,23 @@
=pod
+---++ isInGroup( $user, $group ) -> $boolean
+
+The original UserMapping manager does not know about the LdapContrib's
+case sensitivity setting. Because of this, in some cases it does not find
+the authorization information. By checking this option and honoring it,
+authorization can work as expected.
+
+=cut
+
+sub isInGroup {
+ my ( $this, $cUID, $group, $options ) = @_;
+
+ $this->SUPER::isInGroup( ($this->{ldap}{caseSensitiveLogin} ? $cUID : lc($cUID)), $group, $options );
+}
+
+=pod
+
---++ findUserByEmail( $email ) -> \@cUIDs
* =$email= - email address to look up
Our wiki now works as expected.
I use(d)
FosWiki/LdapContrib 2.1.5/7.90 and 2.1.6/8.00 and this problem occurs in both.
--
PeterAndrasSiklosi - 03 Apr 2018