Subject: php-auth: minor fixes for Container/LDAP.php Package: php-auth Version: 1.2.3-2 Severity: normal
*** Please type your report below this line *** Dubugging messages are misleading: I get "User not found" but there should be the message "Error searching in ldap". Backgroupnd: The ldap search function does not return an error when the searched item was not found. It does return 0==ldap_count_entries(...) when there are no entries found. I have made a small patch wich corrects this. The patch was made like this: /usr/share/php/Auth/Container# diff LDAP.php.orig LDAP.php >/tmp/LDAP.php.patch see attachment "LDAP.php.patch" -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.27-2-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages php-auth depends on: ii php4-pear 4:4.3.10-15 PEAR - PHP Extension and Applicati -- no debconf information ---------------------------------------------------- This mail has been sent using Alpikom webmail system http://www.alpikom.it
368,400c368,407 < $this->_debug('User not found', __LINE__); < } elseif (ldap_count_entries($this->conn_id, $result_id) == 1) { // did we get just one entry? < < $this->_debug('User was found', __LINE__); < < // then get the user dn < $entry_id = ldap_first_entry($this->conn_id, $result_id); < $user_dn = ldap_get_dn($this->conn_id, $entry_id); < < ldap_free_result($result_id); < < // need to catch an empty password as openldap seems to return TRUE < // if anonymous binding is allowed < if ($password != "") { < $this->_debug("Bind as $user_dn", __LINE__); < < // try binding as this user with the supplied password < if (@ldap_bind($this->conn_id, $user_dn, $password)) { < $this->_debug('Bind successful', __LINE__); < < // check group if appropiate < if(isset($this->options['group'])) { < // decide whether memberattr value is a dn or the username < $this->_debug('Checking group membership', __LINE__); < return $this->checkGroup(($this->options['memberisdn']) ? $user_dn : $username); < } else { < $this->_debug('Authenticated', __LINE__); < $this->_disconnect(); < return true; // user authenticated < } // checkGroup < } // bind < } // non-empty password < } // one entry --- > # $this->_debug('User not found', __LINE__); > $this->_debug('Error searching in ldap', __LINE__); > # } elseif (1==ldap_count_entries($this->conn_id, $result_id) ) { // > did we get just one entry? > } else { // searching op ok > $this->_debug('ldap_count_entries = > '.ldap_count_entries($this->conn_id, $result_id), __LINE__); > if (0==ldap_count_entries($this->conn_id, $result_id) ) { > $this->_debug('User not found', __LINE__); > } elseif (1==ldap_count_entries($this->conn_id, $result_id) ) { > > $this->_debug('User was found', __LINE__); > > // then get the user dn > $entry_id = ldap_first_entry($this->conn_id, $result_id); > $user_dn = ldap_get_dn($this->conn_id, $entry_id); > > ldap_free_result($result_id); > > // need to catch an empty password as openldap seems to return > TRUE > // if anonymous binding is allowed > if ($password != "") { > $this->_debug("Bind as $user_dn", __LINE__); > > // try binding as this user with the supplied password > if (@ldap_bind($this->conn_id, $user_dn, $password)) { > $this->_debug('Bind successful', __LINE__); > > // check group if appropiate > if(isset($this->options['group'])) { > // decide whether memberattr value is a dn or the > username > $this->_debug('Checking group membership', > __LINE__); > return > $this->checkGroup(($this->options['memberisdn']) ? $user_dn : $username); > } else { > $this->_debug('Authenticated', __LINE__); > $this->_disconnect(); > return true; // user authenticated > } // checkGroup > } // bind > } // non-empty password > } // one entry > } // searching op without error 445a453 > $this->_debug('number of results when searching user in > group='.ldap_count_entries($this->conn_id, $result_id), __LINE__);