No information is displayed when opening user details in a multi-organizational DIT

[soisik]

When WP is used with a ldap DIT such as this:

• users
• groups
• org1
  • users
  • groups
  • orgs11
    • users
    • groups
  • ...
• org2
  • users
  • groups
• ...

Integrator needs to configure two identifcal ldap_base for search for users and groups in order to fetch all entries including the ones in sub organizations:

$ldap_base = "dc=acme,dc=com";
$ldap_user_base = $ldap_base;
$ldap_group_base = $ldap_base;

But when two identical ldap_base are configured, the below code in htdocs/display.php will consider that we are fetching a group even though we are actually fetching a user:

    # Find object type
    if ( preg_match( '/'.$ldap_group_base.'$/i', $dn) ) { $type = "group"; }
    else { $type = "user"; }

Resulting in following request being sent to ldap :

Oct 18 15:49:24 vm-zosma slapd[373]: conn=180215 op=1 SRCH base="uid=jdoe,ou=users,o=org1,dc=acme,dc=com" scope=0 deref=0 filter="(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames))"
Oct 18 15:49:24 vm-zosma slapd[373]: conn=180215 op=1 SRCH attr=cn description member uniquemember memberof cn
Oct 18 15:49:24 vm-zosma slapd[373]: conn=180215 op=1 SEARCH RESULT tag=101 err=0 nentries=0 text=

Quick and dirty fix was to change the offending lines as follow:

if ( preg_match( '/,ou=users,/$i', $dn) ) { $type = "user"; }
else { $type = "group"; }

A solution could be add two config parameters for group and users "ou" potential name(s) ?

[coudot]

Thanks for the report. We could indeed find a configuration setting to be able to match if the DN is a user or a group.

[coudot]

For the record, the issue was also found in #45

[coudot]

I think we can add this parameter in config.inc.php:

$dn_group_regex = '/ou=groups,/i';
#$dn_group_regex = '/'.$ldap_group_base.'$/i';

And then update dipslay.php:

    # Find object type
    if ( preg_match( $dn_group_regex, $dn) ) { $type = "group"; }
    else { $type = "user"; }

I will push the code as soon as possible.

[faust64]

FYI, I've been looking into this:

• switching priorities, if ldap_user_base & ldap_group_base collide:
  https://github.com/faust64/white-pages/tree/fix-display

• allowing for multiple groups/users OUs:
  https://github.com/faust64/white-pages/tree/multi

Would test tomorrow. PR's on its way, ...

[coudot]

Hello @faust64, thanks a lot. I agree with the first branch (fix-display) but I'm not very fond of having several user/group branchs. I agree this can fix the issue but it requires to update the White Pages configuration if we create a new user or group branch.

I prefer to let the group_regex (or user_regex) be configurable.

[coudot]

Fixed by @faust64 in #52