Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[dev.icinga.com #11114] Validate that a proper root DN is set for LDAP resources #2282

Closed
icinga-migration opened this issue Feb 8, 2016 · 5 comments
Milestone

Comments

@icinga-migration
Copy link
Member

@icinga-migration icinga-migration commented Feb 8, 2016

This issue has been migrated from Redmine: https://dev.icinga.com/issues/11114

Created by buzzdeee on 2016-02-08 21:13:48 +00:00

Assignee: aklimov
Status: Resolved (closed on 2016-02-09 09:35:03 +00:00)
Target Version: 2.2.0
Last Update: 2016-02-09 12:55:40 +00:00 (in Redmine)


I use icingaweb2 2.1.2, and I (accidently) had an ldap resource configured like this:

[icingaweb2_ldap]
type = "ldap"
port = "389"
hostname = "localhost"
encryption = "none"
root_dn = ""
bind_dn = ""
bind_pw = ""

with that, when I go to:
/icingaweb2/user/list

everything is fine,
but when I go to:
/icingaweb2/group/list

I get error message in the web interface and in logs like this:

ErrorException in /icinga-web2/library/Icinga/Repository/LdapRepository.php:87 with message: strpos(): Empty needle

to better illustrate the problem, this was my kind of hackish way to work around it, before I figured,
that I should just set a proper root_dn for my LDAP resource:

--- library/Icinga/Repository/LdapRepository.php.orig Mon Feb 8 12:06:05 2016

**+ library/Icinga/Repository/LdapRepository.php Mon Feb 8 12:06:44 2016
@ -83,6 +83,10 @ abstract class LdapRepository extends Repository
{
$normalizedDn = strtolower(join(',', array_map('trim', explode(',', $dn))));
$normalizedBaseDn = strtolower(join(',', array_map('trim', explode(',', $baseDn ?: $this~~ds~~>getDn()))));

  • return strpos($normalizedDn, $normalizedBaseDn) ! false;
  •    if (empty($normalizedBaseDn)) {
    
  •      return false;
    
  •    } else {
    
  •      return strpos($normalizedDn, $normalizedBaseDn) ! false;
    
  • }
    }
    }

Changesets

2016-02-09 09:14:11 +00:00 by aklimov ee66917

LdapConnection: disallow an empty root DN

refs #11114

2016-02-09 09:29:08 +00:00 by aklimov 34afcc0

LdapConnection: disallow an empty root DN

fixes #11114

Relations:

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Feb 9, 2016

Updated by jmeyer on 2016-02-09 08:20:02 +00:00

  • Subject changed from LDAP group authorization configuration issue when root_dn is empty in LDAP resource to Validate that a proper root DN is set for LDAP resources
  • Category changed from Authentication & Authorization to Configuration
  • Status changed from New to Assigned
  • Assigned to set to aklimov
  • Target Version set to 2.2.0

Hi,

thanks for your report. This is a common issue in the last months, but no one created an ticket for it. Again, thanks for the reminder! :)

We'll take care of it asap.

Best regards,
Johannes

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Feb 9, 2016

Updated by aklimov on 2016-02-09 09:16:59 +00:00

  • Status changed from Assigned to Feedback
  • Assigned to changed from aklimov to jmeyer
@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Feb 9, 2016

Updated by aklimov on 2016-02-09 09:35:03 +00:00

  • Status changed from Feedback to Resolved
  • Done % changed from 0 to 100

Applied in changeset 34afcc0.

@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Feb 9, 2016

Updated by jmeyer on 2016-02-09 12:55:41 +00:00

  • Assigned to changed from jmeyer to aklimov
@icinga-migration

This comment has been minimized.

Copy link
Member Author

@icinga-migration icinga-migration commented Jun 4, 2016

Updated by jmeyer on 2016-06-04 14:37:27 +00:00

  • Duplicated set to 10747
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.