Incompatibility with OpenLDAP with enabled Server-Side-Sorting (overlay sssvlv) #350
Description
Describe the bug
When phpldapadmin is connected to an OpenLDAP Server with enabled Server-Side-Sorting (overlay sssvlv), the Sidebar will not load and shows "Load Error!":
The Request to /ajax/children?_key=eyJpdi… fails with the following exception:
production.ERROR: ldap_list(): Search: No such attribute {"userId":"67ca55a0-e1ed-1035-8d55-915b16c8db44","exception":"[object] (LdapRecord\\LdapRecordException(code: 2): ldap_list(): Search: No such attribute at /opt/phpldapadmin/vendor/directorytree/ldaprecord/src/LdapRecordException.php:19)
Full Stack-Trace here:
stacktrace.txt
In the Packet Capture we can see, that the actual reason for the failing ldap_list is the server-side sort extension:
The relevant Code-Path here is as follows:
AjaxController::children calls LDAP\Server::children which sets up and executes an LDAP Query for the current object's children.
It calls LDAP\Server::get to create the Query Builder and then calls ->list() and ->orderBy('dn') on it
orderBy is implemented in LdapRecord\Query\Builder (https://github.com/DirectoryTree/LdapRecord/blob/master/src/Query/Builder.php) by unconditionally setting an LDAP_CONTROL_SORTREQUEST control on the LDAP Connection.
The Problem here is, that the default OpenLDAP schema does not define a sort-order for 'dn' and my research has not indicated if such a sort-order can be configured at all. This can be verified by enabling overlay sssvlv in slapd.conf and issuing queries using ldapsearch with/without serverside-sorting by dn or by a sortable attribute like dnQualifier:
> ldapsearch -H ldap://ldap-test.smedia.tools -x -D $DN -w $PW -b 'dc=smhss,dc=de' -s one '(objectclass=*)'
…
# CustomerGroups, smhss.de
dn: ou=CustomerGroups,dc=smhss,dc=de
objectClass: organizationalUnit
objectClass: top
ou: CustomerGroups
# search result
search: 2
result: 0 Success
# numResponses: 11
# numEntries: 10
> ldapsearch -H ldap://ldap-test.smedia.tools -x -D $DN -w $PW -b 'dc=smhss,dc=de' -s one -E 'sss=dn' '(objectclass=*)'
…
result: 16 No such attribute
text: serverSort control: Unrecognized attribute type in sort key
> ldapsearch -H ldap://ldap-test.smedia.tools -x -D $DN -w $PW -b 'dc=smhss,dc=de' -s one -E 'sss=dnQualifier' '(objectclass=*)'
…
# CustomerGroups, smhss.de
dn: ou=CustomerGroups,dc=smhss,dc=de
objectClass: organizationalUnit
objectClass: top
ou: CustomerGroups
# search result
search: 2
result: 0 Success
control: 1.2.840.113556.1.4.474 false MAMKAQA=
sortResult: (0) Success
# numResponses: 11
From these results it is clear, that server-side-sorting by dn is not supported, sorting by attributes which have a sort-order specified (like dnQualifier) does work.
In the default configuration of OpenLDAP the overlay is not active and the sort-control is simply ignored, as can be seen in the following network dump (the sort-control is still present but the results are obviously not sorted because the overlay is not active).
Because this is the only location that phpLdapAdmin does request sorting at all and for most users it does not work anyway, I would recommend to simply remove the orderBy clause from LDAP\Server::children and keep the ordering as returned by the LDAP Server.
Another option would be to sort the results Client-Side (in PHP or in JS) which would result in consistent behavior independent of enabled server-side-sorting.
Version of PLA
git master (hash 29c39e6)
To Reproduce
Steps to reproduce the behavior:
- Configure connection to an OpenLDAP server
- Login and verify that the sidebar loads
- Enable Server-Side-Sorting in OpenLDAP by adding
overlay sssvlvtoslapd.conf - Verify that the sidebar does not load anymore and the error-log and packet trace show the above mentioned results
Expected behavior
I'd expect phpLdapAdmin to work with OpenLDAP in the default config with enabled server-side-sorting overlay.
Screenshots
see above.
LDAP Server details (please complete the following information):
- OS: Ubuntu Linux 24.04.2 LTS (Noble Numbat)
- Server Name: OpenLDAP (slapd)
- Version: as bundled with Ubuntu 24.04: .6.7+dfsg-1~exp1ubuntu8.2