Subject: php-auth: minor fixes for Container/LDAP.php
Package: php-auth
Version: 1.2.3-2
Severity: normal
*** Please type your report below this line ***
Dubugging messages are misleading:
I get "User not found"
but there should be the message "Error searching in ldap".
Backgroupnd:
The ldap search function does not return an error when the searched item was
not found.
It does return 0==ldap_count_entries(...) when there are no
entries found.
I have made a small patch wich corrects this.
The patch was made like this:
/usr/share/php/Auth/Container# diff LDAP.php.orig LDAP.php >/tmp/LDAP.php.patch
see attachment "LDAP.php.patch"
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.27-2-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages php-auth depends on:
ii php4-pear 4:4.3.10-15 PEAR - PHP Extension and Applicati
-- no debconf information
----------------------------------------------------
This mail has been sent using Alpikom webmail system
http://www.alpikom.it
368,400c368,407
< $this->_debug('User not found', __LINE__);
< } elseif (ldap_count_entries($this->conn_id, $result_id) == 1) { //
did we get just one entry?
<
< $this->_debug('User was found', __LINE__);
<
< // then get the user dn
< $entry_id = ldap_first_entry($this->conn_id, $result_id);
< $user_dn = ldap_get_dn($this->conn_id, $entry_id);
<
< ldap_free_result($result_id);
<
< // need to catch an empty password as openldap seems to return
TRUE
< // if anonymous binding is allowed
< if ($password != "") {
< $this->_debug("Bind as $user_dn", __LINE__);
<
< // try binding as this user with the supplied password
< if (@ldap_bind($this->conn_id, $user_dn, $password)) {
< $this->_debug('Bind successful', __LINE__);
<
< // check group if appropiate
< if(isset($this->options['group'])) {
< // decide whether memberattr value is a dn or the
username
< $this->_debug('Checking group membership', __LINE__);
< return
$this->checkGroup(($this->options['memberisdn']) ? $user_dn : $username);
< } else {
< $this->_debug('Authenticated', __LINE__);
< $this->_disconnect();
< return true; // user authenticated
< } // checkGroup
< } // bind
< } // non-empty password
< } // one entry
---
> # $this->_debug('User not found', __LINE__);
> $this->_debug('Error searching in ldap', __LINE__);
> # } elseif (1==ldap_count_entries($this->conn_id, $result_id) ) { //
> did we get just one entry?
> } else { // searching op ok
> $this->_debug('ldap_count_entries =
> '.ldap_count_entries($this->conn_id, $result_id), __LINE__);
> if (0==ldap_count_entries($this->conn_id, $result_id) ) {
> $this->_debug('User not found', __LINE__);
> } elseif (1==ldap_count_entries($this->conn_id, $result_id) ) {
>
> $this->_debug('User was found', __LINE__);
>
> // then get the user dn
> $entry_id = ldap_first_entry($this->conn_id, $result_id);
> $user_dn = ldap_get_dn($this->conn_id, $entry_id);
>
> ldap_free_result($result_id);
>
> // need to catch an empty password as openldap seems to return
> TRUE
> // if anonymous binding is allowed
> if ($password != "") {
> $this->_debug("Bind as $user_dn", __LINE__);
>
> // try binding as this user with the supplied password
> if (@ldap_bind($this->conn_id, $user_dn, $password)) {
> $this->_debug('Bind successful', __LINE__);
>
> // check group if appropiate
> if(isset($this->options['group'])) {
> // decide whether memberattr value is a dn or the
> username
> $this->_debug('Checking group membership',
> __LINE__);
> return
> $this->checkGroup(($this->options['memberisdn']) ? $user_dn : $username);
> } else {
> $this->_debug('Authenticated', __LINE__);
> $this->_disconnect();
> return true; // user authenticated
> } // checkGroup
> } // bind
> } // non-empty password
> } // one entry
> } // searching op without error
445a453
> $this->_debug('number of results when searching user in
> group='.ldap_count_entries($this->conn_id, $result_id), __LINE__);
