You are here: Foswiki>Tasks Web>Item14675 (03 Apr 2018, PeterAndrasSiklosi)Edit Attach

Item14675: LdapContrib - Case Sensitive option not working for logins.

pencil
Priority: Normal
Current State: New
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: LdapContrib
Branches:
Reported By: PeterAndrasSiklosi
Waiting For:
Last Change By: PeterAndrasSiklosi
I use LdapContrib for authentication and authorization. It works well, but I ran into a bug with the CaseSensitiveLogin config option.

Turning off this feature, the group membership management won't work as expected because while the plugin lowercases all login/group fields and stores them that way, it does not do the same when doing a membership check. There it uses the original login. 

$ grep -A 9 'sub getLoginName' lib/Foswiki/Users/LdapUserMapping.pm
sub getLoginName {
  my ($this, $cUID) = @_;

  my $login = $cUID;

  # Remove the mapping id in case this is a subclass
  $login =~ s/$this->{mapping_id}// if $this->{mapping_id};

  $login = $this->mapcUID2Login($login);
  $login = lc($login) unless $this->{ldap}{caseSensitiveLogin};
$


$ grep -A 23 'sub isInGroup' lib/Foswiki/UserMapping.pm
sub isInGroup {
    my ( $this, $cUID, $group, $options ) = @_;
    ASSERT($cUID) if DEBUG;

    my $expand = $options->{expand};
    $expand = 1 unless ( defined $expand );

    # If not recursively, clear the scanning hash
    if ( ( caller(1) )[3] ne ( caller(0) )[3] ) {
        %scanning = ();
    }

    #use Carp;
    #Carp::cluck "Scanning for JoeUser\n" if $cUID eq 'JoeUser';
    #die "Scanning for JoeUser\n" if $cUID eq 'JoeUser';

    my @users;
    my $it = $this->eachGroupMember( $group, { expand => $expand } );
    while ( $it->hasNext() ) {
        my $u = $it->next();
        next if $scanning{$u};
        $scanning{$u} = 1;

        return 1 if $u eq $cUID;
$

I created a quick&dirty fix to address this issue, but did not investigate further how it affects other modules or features. 
--- old/lib/Foswiki/Users/LdapUserMapping.pm  2017-11-24 09:51:18.000000000 +0100
+++ new/lib/Foswiki/Users/LdapUserMapping.pm  2018-03-06 17:03:13.573000000 +0100
@@ -466,6 +466,23 @@

 =pod

+---++ isInGroup( $user, $group ) -> $boolean
+
+The original UserMapping manager does not know about the LdapContrib's
+case sensitivity setting. Because of this, in some cases it does not find
+the authorization information. By checking this option and honoring it,
+authorization can work as expected.
+
+=cut
+
+sub isInGroup {
+    my ( $this, $cUID, $group, $options ) = @_;
+
+    $this->SUPER::isInGroup( ($this->{ldap}{caseSensitiveLogin} ? $cUID : lc($cUID)), $group, $options );
+}
+
+=pod
+
 ---++ findUserByEmail( $email ) -> \@cUIDs
    * =$email= - email address to look up

Our wiki now works as expected.

I use(d) FosWiki/LdapContrib 2.1.5/7.90 and 2.1.6/8.00 and this problem occurs in both.

-- PeterAndrasSiklosi - 03 Apr 2018

 

ItemTemplate edit

Summary LdapContrib - Case Sensitive option not working for logins.
ReportedBy PeterAndrasSiklosi
Codebase 2.1.6, 2.1.5
SVN Range
AppliesTo Extension
Component LdapContrib
Priority Normal
CurrentState New
WaitingFor
Checkins
TargetRelease n/a
ReleasedIn n/a
CheckinsOnBranches
trunkCheckins
masterCheckins
ItemBranchCheckins
Release02x01Checkins
Release02x00Checkins
Release01x01Checkins
Edit  | Attach | Print version | History: r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r1 - 03 Apr 2018, PeterAndrasSiklosi
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy